Shopware is here with a new release, 6.4.18.1, a security update.
This update package progresses with time and arrives with varied new features and bug fixes. It demands Shopware 6.3.0.0 or a more recent version.
In this security update, the Shopware team has worked on resolving vulnerabilities of the “critical” and “medium” threat levels, including one critical, two low, and two moderate severity issues.
Issues That Are Fixed Now | |
---|---|
NEXT-23325 | Possibility to bypass selling limits within the checkout process. |
NEXT-24667 | Remote code execution via Twig template functions. |
NEXT-24677 | Administration session is not cleared after prolonged inactivity. |
NEXT-24679 | Logging data can contain sensitive information about password reset emails. |
NEXT-22891 | The newsletter route does not consider double-opt-in settings. |
Besides, the Shopware team recommended updating to the latest version, 6.4.18.1. To update manually or via auto-updater to 6.4.18.1, you can do that via the download package.
You can avail of corresponding security measures for older versions via the central security plugin.
So, update possibly faster, and if you fail to do so, install the Security extension and get the fixes backported.
Download: https://www.shopware.com/en/changelog/#6-4-18-1
To enhance your online business, partnering with a Shopware development Company can be beneficial. Skilled developers can help you create a tailored and intuitive e-commerce platform that caters to your specific requirements and sets you apart from competitors.