Mautic v7.2.0 Release Notes
Release Date: 2026-06-02 // 6 days ago-
๐ Welcome to Mautic 7.2.0 Release Candidate: Lynx Edition
๐ Mautic 7.2 is here! Today we are excited to announce the release of Mautic 7.2 Release Candidate.
๐ โ ๏ธ This is a Release Candidate pre-release and should only be used for testing purposes. DO NOT use this in a production environment.
What's Changed
๐จ ๐ง Refactoring
๐ค DevOps
- ๐ Improve
mautic:webhooks:processcommand output by @shinde-rahul in #15135
โฌ๏ธ Dependencies
- Replace JS Cookie lib with native JS by @escopecz in #16161
- โฌ๏ธ Bump studio-42/elfinder from 2.1.66 to 2.1.67 by @dependabot in #16040
- โฌ๏ธ Bump phpoffice/phpspreadsheet from 5.1.0 to 5.7.0 by @dependabot in #16063
๐งโ๐ป Developer experience
๐ Campaigns
- ๐ง Campaign event cache TTL, make it configurable by @rohitpavaskar in #16110
โจ Features and enhancements
๐ ๐ GrapesJS Builder
- Enable SVG files for image selector by @theyoungrossco in #15954
- Entity token labels in CKEditor by @patrykgruszka in #15855
- ๐ [MJML] Apply theme style to GrapesJS builder blocks by @patrykgruszka in #16042
๐ป API
- โจ Enhance tag search, api and ui, to match descriptions as well. by @shinde-rahul in #16003
๐ Landing pages
๐ฃ Tracking
- โ Integrate matomo-org/device-detector library for Bot identification by @escopecz in #15870
- โ Add global defaults for preference center and UTM tracking parameters by @msoukhomlinov in #15905
๐ฑ ๐Assets
๐ Reports
๐ฅ Contacts
- โ Added LeadList::getDeleted() method by @fedys in #16093
- ๐ Improve contact timeline readability with intuitive date grouping by @kuzmany in #15329
- ๐ฒ Option to skip contact last active logging by @fedys in #16080
๐ Dashboards
- ๐ Fix upcoming Emails widget on Dashboard fails to load due to query timeout by @rohitpavaskar in #16101
๐ค DevOps
- โ Added new command which will process the stuck campaign events by @rohitpavaskar in #15310
๐จ User Experience / User Interface
- โ Add modal to help users decide between field and tag with visual tiles and FAQ by @andersonjeccel in #15296
- ๐ [UXUI-243] Hold space bar to drag view in campaign builder by @andersonjeccel in #15821
๐ Segments
๐ Email
- Truly transactional emails by @escopecz in #15995
- ๐ Allow tokens in FROM email address and name by @escopecz in #16060
- ๐ [UXUI-246] Clone email with translations and variants by @andersonjeccel in #16131
๐ ๐ Performance and optimization
- ๐ Reduce Import Memory/Time: Cache Default Field Metadata by @patrykgruszka in #15959
- โก๏ธ Optimize excluded segments query to prevent full table scans by @patrykgruszka in #15950
๐ข Companies
๐ Bugs
๐ Segments
๐ ๐ฑ Plugin support
๐ Email
๐จ User Experience / User Interface
- ๐ Allow Enter key to create new tags alongside Escape by @Tarunswamy-Muralidharan in #16108
๐ Landing pages
- โ Add firstSlotAttribute for channelfrequency by @naoya-kawakatsu in #15045
๐ Reports
- [UXUI-256] Fix report ratio sorting by @andersonjeccel in #16126
๐ฅ Contacts
- [UXUI-257] Allow deleting tags assigned to contacts by @andersonjeccel in #16132
๐ ๐ฑ Plugin support
- Ensure translated SMS are sent and tracked correctly by @shinde-rahul in #15545
๐ Campaigns
- MTC-10581 Fix selecting by id in campaign send email action by @JonasLudwig1998 in #16086
- ๐ Fix rescheduling event if a scheduled event is failed due to any reason by @rohitpavaskar in
#16115 - ๐ฏ [UXUI-247] Fix cloned campaign event insert option by @andersonjeccel in #16158
๐ ๐ GrapesJS Builder
- ๐ Fix CKEditor
license-key-missingin GrapesJS HTML email builder by @Copilot in #16191 - ๐ Fix TypeError when MJML theme contains
<mj-preview>tag by @patrykgruszka in #16106
๐ฃ Tracking
๐ New Contributors
- @Tarunswamy-Muralidharan made their first contribution in #16108
- @msoukhomlinov made their first contribution in #15905
Full Changelog : 7.1.2...7.2.0-rc
SHA1(7.2.0-rc.zip)= 60a0428753a92500424a23d071c045085c8f2304
โก๏ธ SHA1(7.2.0-rc-update.zip)= 40c53bd16690aba1c014b1be552a8843156586c1 - ๐ Improve
Previous changes from v7.1.2
-
Announcing Mautic 7.1.2: Aludra Edition
๐ ๐ Security Release
๐ This release addresses several security vulnerabilities. We strongly advise updating your installation at your earliest convenience after performing a full backup and testing the upgrade in a staging environment.
๐ ๐ Security Fixes
CVE-2026-4776: SQL Injection in API Contact Filtering
CVE-2026-9557: SSRF in the Mautic Focus Component
CVE-2026-9558: Server-Side Template Injection (SSTI) in Theme Templates
CVE-2026-9559: Path Traversal via Campaign Import
CVE-2026-9808: Authorization Bypass in API v2 Endpoints
CVE-2026-9809: Stored Cross-Site Scripting (XSS) in Projects Component
CVE-2026-9811: Stored Cross-Site Scripting (XSS) in Project Option Selector
โก๏ธ ๐ค DevOps Updates
- โก๏ธ Update vulnerable Composer dependencies for 6.0 security phase (by @escopecz).
What's Changed
๐ Bugs
- โฌ๏ธ Bumping CK editor libraries by @escopecz in #16074
- Handling adding points to deleted contacts by @escopecz in #16073
- โ Register mautic:phpunit:config command in test environment only by @fedys in #16104
- ๐ fix(grapesjs): avoid MJML reparse in HTML mode in source editor by @fujijin in #15971
- โ Stabilizing a flaky test by @escopecz in #16134
๐ New Contributors
๐ ๐ก Release Team & Sponsors
๐ This release was made possible through the dedicated efforts of our community and supporters:
- ๐ Release Leader: @patrykgruszka
- ๐ Release Assistant: @escopecz
- Sponsor: Special thanks to @Leuchtfeuer for sponsoring this security release.
SHA1(7.1.2.zip)= 6da6aa5e2ad41d3f1a1f07788d05fd185e2e0fb3
โก๏ธ SHA1(7.1.2-update.zip)= 584841094031c93229a9ebf144f92c34e35ffd26