In this security release, we have resolved a vulnerability of threat level "critical". Affected are all Shopware versions up to and including 6.4.20.0. The following issues have been fixed with this security update:
NEXT-26140 - Improve Twig Security Extension to verify PHP Closures in Twig Templates (GHSA-7v2v-9rm4-7m8f)
We recommend updating to the current version 6.4.20.1. You can update to 6.4.20.1 via the auto-updater or manually via the download package.
https://www.shopware.com/en/download/#shopware-6
For older versions, corresponding security measures are also available via the central security plugin for Shopware 6.
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
