Next to the usual bug fixes and optimisations, we have also been able to close two moderate vulnerabilities.
All Shopware Versions from 5.2.0 up to 5.3.7 are affected. The following vulnerabilities were fixed with this release.
You can choose between two options to protect your system:
We strongly recommend you update to the latest version of Shopware (5.4.0). This version will fix these vulnerabilities. You can use the auto-update process or simply download the version on our download-page.
If it is not possible for you to update to the latest version of Shopware, you can use our Shopware Security Plugin.
Download the Shopware Security Plugin from our store or use the Plugin Manager in your Shopware backend.
If you already use this plugin, simply update it to the latest version to secure your environment.
After that, the option "Activate further protection of the checkout process against CSRF attacks" in the plugin settings should be activated to guarantee the necessary protection. Please check your system thoroughly after activation, since other plugins in use might cause unforeseen side effects.