Release notes Shopware 6.6.4.1
Abstract
Besides other bug fixes, this release contains a security fix. Please update as soon as possible.
System requirements
- tested on PHP 8.2 and 8.3
- tested on MySQL 8 and MariaDB 10.11
Fixed bugs
- NEXT-36813 | Administration Component
<sw-select-number-field>
not working - NEXT-37115 | Browser crashes when editing Shopping Experiences
- NEXT-37140 | Search suggest route - Possible Denial of Service (DoS) entry point?
- See explanation below
NEXT-37140
This release contains a security update.
The potential effects of the behaviour without the patch are not critical but could lead to the database server being temporarily overloaded and the store no longer being accessible.
There is no known exploit at the time of release. The fix in NEXT-37140 is a precaution.
The fix adds a new restriction for the maximum length of search terms.
Before Shopware v6.6.4.1, the maximum length was unrestricted; this fix restricts it to 300 characters after updating. 300 is a sensible default; in most cases, the shop will not be affected by this limitation.
Setting a higher limit in a few exceptional cases may be necessary. In that case, the new default limit of 300 can be adjusted by adding a new entry to the file config/packages/shopware.yaml
.
The config option is as follows:
shopware:
search:
term_max_length: 300
Here, "300" must be replaced by a value that meets the store's requirements. This adjustment is only necessary if extensions need search terms that are longer than 300 characters.
More information on configuring your installation can be found in the documentation.
Credits
Thanks to all our contributors for helping us improve Shopware with every pull request!
More resources
- Detailed diff on Github to the former version
- Changelog on GitHub for this version.
- Installation overview
- Update from a previous installation
Get in touch
Discuss about decisions, bugs you might stumble upon, etc in our community slack. See you there 😉