Release notes Shopware 6.5.8.7
Abstract
Shopware v6.5.8.7 is a security release to fix a bug where the 404 page cache might contain session IDs. The cookie will be only persist to caching when the browser had no cookie before. Hence, it is not possible to obtain the session of an authenticated customer. This issue is only relevant from Shopware >= 6.5.8.0, for older versions a fix is not required.
System requirements
- tested on PHP 8.1, 8.2 and 8.3
- tested on MySQL 8.0.33, MariaDB 10.4. 10.5, 10.11 & 11.0
Fixed bugs
- Session is persistent in Cache for 404 pages (GHSA-c2f9-4jmm-v45m)
- NEXT-34113 - Clear cookies on 404 pages
More resources
- Detailed diff on Github to the former version
- Changelog on GitHub for this version.
- Installation overview
- Update from a previous installation
Get in touch
Discuss about decisions, bugs you might stumble upon, etc in our community slack. See you there 😉
