Security Update 06/2023

Next to the usual bug fixes and optimisations, we have also been able to close vulnerabilities at the „low“ threat level.
Affected are the Shopware versions from 5.1.4 to 5.7.17
The following vulnerabilities, were fixed with this security update:

  • SW-27070: Dependency configuration file exposed (since 5.6.0 CVE-2023-34098)
  • SW-27102: Improper mail validation (since 5.1.4 CVE-2023-34099)

Solutions

Update the Shopware installation (Recommended)

We recommend updating to the current version 5.7.18. You can get the update to 5.7.18 regularly via the Auto-Updater or directly via the download overview.

Download Shopware 

Install / update security plugin

If you can't update your Shopware installation (recommended), you can also secure it using a plugin:

  • Download the Shopware security plugin from the store or alternatively directly from the plugin manager in the backend.

  • Install and activate the plugin

If the plugin already exists, you can simply update the plugin through the plugin manager to bring it up to date. If problems occur, you can disable individual fixes using the plugin settings.

Please check all important functionalities after installation or update, especially the ordering process.

Was this article helpful?

Version

5.1.4 - 5.7.17

Contents