Security Update 06/2017

Table of contents

General information

Under certain circumstances it is possible to execute an authorized foreign code in Shopware. This is a security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.24 are affected. It is imperative that security updates be performed for every Shopware shop. Our current software version 5.2.25 already contains the required security update. You can upgrade to the new version 5.2.25 using the auto-update function in your backend or by downloading the release from our download page.

Alternate Solutions

We strongly recommend to update to the latest version of Shopware (5.2.25). This version will fix these vulnerabilities. You can use the auto-update process or simply download the version over our download page.

Patch plugin

  • Download the following plugin: SwagSecurity
  • Log into your Shopware backend and open the Plugin Manager
  • Click on “Installed” (located on the left side of the window)
  • Click on “Upload plugin” and select the plugin linked above
  • Finally, install and activate the plugin within the overview in the Plugin Manager

This is a general security plugin. In the future potential security gaps can be fixed by updating this plugin. Although it is always recommended to update to the latest patchversion of Shopware.