Release notes Shopware 6.6.10.15
Abstract
This patch release contains security fixes. Please update to this patch release as soon as possible. If you cannot update immediately, it is highly recommended to use the Security Plugin.
Please also consider updating the shopware/commercial plugin as soon as possible if you use it!
System requirements
- tested on PHP 8.2 and 8.4
- tested on MySQL 8 and MariaDB 11
Improvements
(No notable improvements in this patch release)
Fixed bugs
- GHSA-c4p7-rwrg-pf6p Potential take over of app credentials
- GHSA-gqc5-xv7m-gcjq User enumeration via distinct error codes on Store API login endpoint
- GHSA-7vvp-j573-5584 Unauthenticated data extraction possible through store-api.order endpoint
shopware/commercial plugin
- GHSA-gvmv-9f74-mhwp
/api/_info/configroute exposes information about licenses
Credits
Thanks to all diligent friends for helping us make Shopware better and better with each pull request!
More resources
- Detailed diff on Github to the former version
- Installation overview
- Update from a previous installation
Get in touch
Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there 😉
