Progress Report: May 2026
This month has been mostly about security. I have one takeaway for you - run composer update. So we'll keep it short and sweet: Mainten...
Cristian Tabacitu
Share:
This month has been mostly about security. I have one takeaway for you - run composer update. So we'll keep it short and sweet: Mainten...
This month has been mostly about security. I have one takeaway for you - run composer update. So we'll keep it short and sweet:
A recent security audit found a vulnerability in Backpack CRUD. We patched it within 24 hours across v7, v6, and even v5. We have no evidence that it has been exploited, nor been able to reproduce it ourselves. Still, a specific subset of server configurations, one issue may be exploitable without authentication - so please treat this as important.
Please update as soon as possible by running: composer update backpack/crud. We plan to publish technical details around June 17th, 2026, after customers have had time to update. We’ll also share more security notifications and smaller advisories over the next weeks as part of this audit.
Shout out to Vishal Shukla, who helped us test the limits of our software and secure admin panels - the world needs more good guys like him 🙏🏻
--
That's it for May. We have some exciting changes coming shortly - stay tuned!
Cheers!
Subscribe to our "Article Digest". We'll send you a list of the new articles, every week, month or quarter - your choice.
What do you think about this?
Wondering what our community has been up to?
