Next to the usual bug fixes and optimisations, we have also been able to close vulnerabilities at the „low“ threat level.
Affected are the Shopware versions from 5.0.0. to 5.7.8
The following vulnerabilities, were fixed with this security update:
Update the Shopware installation (Recommended)
We recommend updating to the current version 5.7.9. You can get the update to 5.7.9 regularly via the Auto-Updater or directly via the download overview.
Customers with a current session will get a CSRF token error once after the update.
Install / update security plugin
If you can't update your Shopware installation (recommended), you can also secure it using a plugin:
Download the Shopware security plugin from the store or alternatively directly from the plugin manager in the backend.
Install and activate the plugin
If the plugin already exists, you can simply update the plugin through the plugin manager to bring it up to date. If problems occur, you can disable individual fixes using the plugin settings.
Please check all important functionalities after installation or update, especially the ordering process.