A major vulnerability has been identified during our annual pentest. As it also applies to our pim-community project, we decided to register a CVE entry (CVE-2022-46157). Please find below the details of the remediation of the vulnerability according to your PIM subscription and/or version.
If you are an Akeneo SaaS user (i.e, Serenity), the vulnerability has already been patched.
If you are an Akeneo PaaS (i.e, Flexibility) user, we applied the patch to v5 and v6 as defined on our support policy.
If you are an Akeneo PaaS user on lower versions, we strongly advise you to update your Flexibility versions as these versions will not be patched.
We strongly advise you to apply our patch available here to your Apache server configuration according your operating system.
Feel free to contact your Akeneo Customer Success Manager if you have any question or need additional information on this subject.