Added missing v4.6.29 update section

mnocon · mnocon · commit 76df8ae72cfa · 2026-04-21T09:07:21.000+02:00
diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md
@@ -598,6 +598,66 @@ Run the provided SQL upgrade script to adapt your database to latest change in [
 Prior, `0` was interpreted as "no length limit".
 Now, `0` is interpreted as "length limited to zero characters" and `NULL` as "no length limit".
 
+## v4.6.29
+
+### GraphQL package update
+
+Due to the [GHSA-68jq-c3rv-pcrr security issue](https://github.com/advisories/GHSA-68jq-c3rv-pcrr), the GraphQL package requirements have been updated to allow installing higher versions in which this issue is resolved.
+
+When doing the update, you have two options:
+
+#### Update GraphQL packages and custom code (recommended)
+
+Make sure the `webonyx/graphql-php` package is installed in a version higher or equal to v15.31.5.
+
+If you [extended GraphQL to support custom field types](graphql_custom_ft.md), update the returned expression from `@=resolver(...)` to `@=query(...)` and change the argument syntax from an array to variadic arguments as in the following example:
+
+```diff
+-return sprintf('@=resolver("MyFieldValue", [field, %s])', $myArg);
++return sprintf('@=query("MyFieldValue", field, %s)', $myArg);
+```
+
+Then, regenerate the GraphQL schema by running:
+
+``` bash
+rm -rf config/graphql/types/ibexa/
+php bin/console ibexa:graphql:generate-schema
+```
+
+#### Implement other countermeasures
+
+If updating the GraphQL packages isn't possible right now, for example because the project is using PHP 7.4 where the fix is not available, review the security issue carefully and assess the danger.
+
+If you choose to implement countermeasures without updating the GraphQL packages, for example by restricting access to the GrapQL endpoint with rate limiting, authentication, or [WAF](https://en.wikipedia.org/wiki/Web_application_firewall), then you can silence the advisory in `composer.json`:
+
+```json
+"config": {
+    "audit": {
+        "ignore": {
+            "GHSA-68jq-c3rv-pcrr": "Description of the countermeasures you've implemented causing this one to be safe to ignore."
+        }
+    }
+}
+```
+
+In addition, consider upgrading your project to one of [the actively supported PHP versions](/getting_started/requirements.md#php).
+
+### Database update [[% include 'snippets/experience_badge.md' %]] [[% include 'snippets/commerce_badge.md' %]]
+
+Run the provided SQL upgrade script to update your database:
+
+=== "MySQL"
+
+    ``` bash
+    mysql -u <username> -p <password> <database_name> < vendor/ibexa/installer/upgrade/db/mysql/ibexa-4.6.28-to-4.6.29.sql
+    ```
+
+=== "PostgreSQL"
+
+    ``` bash
+    psql <database_name> < vendor/ibexa/installer/upgrade/db/postgresql/ibexa-4.6.28-to-4.6.29.sql
+    ```
+
 ## LTS Updates
 
 [LTS Updates](https://doc.ibexa.co/en/4.6/ibexa_products/editions/#lts-updates) are standalone packages with their own update procedures.
