Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/en/docs/releasenotes/security-advisories/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Siemens publishes their common vulnerabilities and exposures (CVE) on the second

| CVE ID | CVSS v3.1 Base Score | Siemens Security Advisory (SSA) Description | Notes |
| --- | --- | --- | --- |
| <a id="40834">CVE-2025-40834 | 5.7 | [Cross-Site Scripting Vulnerability in Mendix Rich Text Widget](https://cert-portal.siemens.com/productcert/html/ssa-190588.html) | See the SSA description for remediation details. |
| <a id="48192">CVE-2026-48192 | 5.4 | [Arbitrary Code Execution Vulnerability in Mendix Studio Pro Before V11.12](https://cert-portal.siemens.com/productcert/html/ssa-779310.html) | See the SSA description for remediation details. |
| <a id="40758">CVE-2025-40758 | 8.7 | [Account Hijacking Vulnerability in Mendix SAML Module](https://cert-portal.siemens.com/productcert/html/ssa-395458.html) | See the SSA description for remediation details. |
| <a id="40592">CVE-2025-40592 | 6.1 | [Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process](https://cert-portal.siemens.com/productcert/html/ssa-627195.html) | See the SSA description for remediation details. |
| <a id="40571">CVE-2025-40571 | 2.2 | [Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module](https://cert-portal.siemens.com/productcert/html/ssa-726617.html) | See the SSA description for remediation details. |
Expand Down
1 change: 1 addition & 0 deletions content/en/docs/releasenotes/studio-pro/10/10.24.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ Mendix Portable Runtime (previously called Portable App Distribution) packages y

### Fixes

* We fixed an arbitrary code execution vulnerability in Studio Pro. (5.4 – CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N – for more information see [Security Advisories](/releasenotes/security-advisories/#48192))
* We upgraded Netty dependencies to fix CVE-2026-42578, CVE-2026-42583, CVE-2026-42587, CVE-2026-42585, CVE-2026-42584, CVE-2026-42581, CVE-2026-42580, CVE-2026-41417, CVE-2026-42577, CVE-2026-42579. (Tickets 278202, 278290, 277691, 278290)
* We fixed an issue in the **Select Elements** dialog of an XML import or export mapping where reopening the dialog with previously checked elements that contained inheritance or choice-type children caused a validation error `"Element '…' cannot be checked without a checked child element."` when clicking **OK**. This happened because those elements were not expanded, so their children were not loaded and could not be validated. Studio Pro now automatically expands such elements before clicking OK in the **Select Elements** dialog, ensuring all required child elements are properly loaded and resolved. (Ticket 268403)
* We fixed an issue with the client where passing an empty string as a parameter to a microflow triggered an error. For example, when filtering options of a combo box with a microflow, clearing the search string would trigger the error. (Ticket 271819)
Expand Down
Loading
Loading