Flow 2.3.8 and 3.0.2
Two potential security issues have been discovered in the Flow framework (see the related advisory Flow-SA-2015-001 for details). Versions 2.3.8 and 3.0.2 fix the issues and users are encouraged to update immediately. The patch level releases can be fetched via composer and contain no breaking changes.
The releases 2.3.7 and 3.0.1 originally fixed the issues, but contained minor regressions that have been discovered and fixed quickly.
Neos 1.2.13 and 2.0.4
Several XSS vulnerabilities have been discovered in Neos (see the related advisory Neos-SA-2015-002). Neos versions 1.2.13 and 2.0.4 fix the issues and users are encouraged to update immediately.
Credits
Thanks to Mickael Dorigny (Synetis) and Wouter Wolters for reporting the issues. Thanks to
Flownative and networkteam for sponsoring the fixes. Thanks to the Neos
security team members for reviewing the fixes.