Security Update 02/2018

Version

5.2.0 - 5.3.7

Table of contents

General information

Next to the usual bug fixes and optimisations, we have also been able to close two moderate vulnerabilities.
All Shopware Versions from 5.2.0 up to 5.3.7 are affected. The following vulnerabilities were fixed with this release.

  • CSRF in the shopping cart
  • CSRF in the checkout

You can choose between two options to protect your system:

Solutions

We strongly recommend you update to the latest version of Shopware (5.4.0). This version will fix these vulnerabilities. You can use the auto-update process or simply download the version on our download-page.

Install / update the security plugin

If it is not possible for you to update to the latest version of Shopware, you can use our Shopware Security Plugin.

  • Download the Shopware Security Plugin from our store or use the Plugin Manager in your Shopware backend.

  • Install and activate the plugin.

If you already use this plugin, simply update it to the latest version to secure your environment.

After that, the option "Activate further protection of the checkout process against CSRF attacks" in the plugin settings should be activated to guarantee the necessary protection. Please check your system thoroughly after activation, since other plugins in use might cause unforeseen side effects.