Release notes Shopware 6.6.5.1
Abstract
This patch release is a security release, additionally containing three regular bug fixes. Please update as soon as possible!
System requirements
- tested on PHP 8.1, 8.2 and 8.3
- tested on MySQL 8 and MariaDB 10.11
Security bulletins
- CVE-2024-42357 | Blind SQL-injection in DAL aggregations
- CVE-2024-42356 | Server Side Template Injection in Twig using Context functions
- CVE-2024-42355 | Server Side Template Injection in Twig using deprecation silence tag
- CVE-2024-42354 | Improper Access Control with ManyToMany associations in store-api
Fixed bugs
- NEXT-37545 | PayPal shows all Payment Methods after Updating to 6.6.4.1 (1 vote)
- NEXT-37555 | [Github] feat: change type of class MediaUrlPlaceholderHandler (0 votes)
- NEXT-37461 | Icons in front of sub-menus are visible (0 votes)
Credits
Thanks to all our contributors for helping us improve Shopware with every pull request!
More resources
- Detailed diff on Github to the former version
- Changelog on GitHub for this version.
- Installation overview
- Update from a previous installation
Get in touch
Discuss about decisions, bugs you might stumble upon, etc in our community slack. See you there 😉
