{"uuid": "6249c60e-6118-41c0-8af0-1fb988fa641c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/13052ec311abbd912fac9e5e2408f762", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd73Testing**\n - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand > Liste produit > D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n - [\ud83d\udd0d WMS - PICKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-picking-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83e\udd75 Retour de test**\n - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-26T14:56:19.120005Z"}