Security Update 04/2016

Article Version

4.0.0 - 5.1.4

Table of contents

General information

Under certain conditions it is possible to execute unauthorized code in Shopware. This is a critical security vulnerability that not only affect the functions of the shop. It can also have an impact on the overall system. The vulnerability affects all Shopware versions 4.0.0 up to 5.1.4 Currently no cases are known in which the vulnerability has been actively exploited, but we strongly recommend to upgrade to the current version (5.1.5 or 4.3.7) of Shopware. If it is not possible to update to this versions of Shopware, please perform one of the following steps:

Alternate Solutions

Licence plugin version 1.1.2

When you use the license plugin version 1.1.2, you are not affected by the vulnerability. If you running an older version, it is highly recommend to update to 1.1.2.

Installing the patch plugins

  1. Download the plugin SwagSecurityHotFix201604.zip
  2. Log in to your shopware backend and open the Plugin Manager
  3. Click on "installed"
  4. Click on "Upload Plugin". Then select the just downloaded file and click "Upload Plugin"
  5. Finally, activate the Patch Plugin