Security UpDate 06/2021

General information

In this security release, in addition to the usual bug fixes and optimizations, we have also been able to close security vulnerabilities of the threat levels "low" to "medium" in the frontend.

Affected are the Shopware versions from 5.0.0. to 5.7.1 The following vulnerabilities, were fixed with this security update:

  • SW-26108: Remote code execution in an external library

To secure your system, you can now choose between the following options:

Solutions

We recommend updating to the current version 5.7.2. You can get the update to 5.7.2 using the auto-updater or directly from our download overview.

Install / update security plugin

If you can't update your Shopware installation (recommended), you can also secure it using a plugin:

  • Download the Shopware security plugin version 1.1.23 from the store or alternatively directly from the plugin manager in the backend.
  • Install and activate the plugin

If the plugin already exists, you can simply update the plugin through the plugin manager to bring it up to date. If problems occur, you can disable individual fixes using the plugin settings.

Please check all important functionalities after installation or update, especially the ordering process.

Was this article helpful?