In this security release, we have been able to close a security gap of the threat level "medium". Affected are the Shopware versions including 6.4.15.1. The following vulnerability has been fixed with this security update:
NEXT-23464: Bump twig dependency to 3.4.3 (https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33)
We recommend updating to the current version 6.4.15.2. You can get the update to 6.4.15.2 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/download/#shopware-6
For older versions, corresponding security measures are also available via a plugin.
https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
Extensions, which changed the block `utilities_icon` in the twig file `Storefront/Resources/views/storefront/utilities/icon.html.twig`, need to do the changes from the Upgrade.md.
