CVE Identifier: CVE-2018-5763: An attacker is able to bring servers to standstill by calling specially crafted URLs if OXID High Performance Option is activated and Varnish is used (denial of service/DoS).
No GUI changes, no other bugs fixed but security issue 2018-001, non-widget classes must extend oxWidget, updated Amazon, Paypal and VCMS modules.
OXID eShop version 6.0.1 is released and contains a fix for a security issue if you run High Performance Option plus Vagrant. Additionally bug fixes and GUI changes.
Last weekend, on Friday and Saturday December 8th and 9th 2017, the annual OXID Hackathon in Nuremberg took place. Read about what we were coding and what discussions came up.
As follow up for the blog post “Run tests for OXID eShop 6” here’s how to get module tests running for OXID eShop 6.
Nice thing about OXID eShop, they provide a development environment. Without big effort you can get have the shop up and running on a virtual machine. The current blog post will give some hints for how to run the shop tests that come with the shop. We will cover how to run module tests in a follow up post.
We collected all slides from the dev track on OXID Partner day 2017 and provide them for download for you guys.
While changing the global behaviour with OXID eShop 6 installation away from FTP to composer some of you guys might be confused: “What, there’s no download package/zip available anymore? WHE ALL MUST DIE!!!”. Here’s a download package for you!
OXID eShop v6.0.0 is publicly available. You may find it tagged as https://github.com/OXID-eSales/oxideshop_ce/tree/v6.0.0 on GitHub.
FAQ for Security bulletin 2017-002: By crawling specially crafted URLs (e.g. by “forced browsing”), an attacker is able to overflow the database.
Contains a fix for OXID security issue 2017-002, just this one bug fix, no GUI changes. Please see details in security bulletin 2017-002.
Contains a fix for OXID security issue 2017-002 and some other bug fixes, no GUI changes. Please see details in security bulletin 2017-002.