CVE-2019-17062: With a specially crafted URL, users with admin rights could unintentionally grant unauthorized users access to the admin panel.
Using a small piece of code from an integration task, I would like to discuss how good and bad practices differ – in the past as well as nowadays.
This patch release contains a fix for a security issue. Please read this document carefully and update your installation as soon as possible!
Today, we published patch releases OXID eShop 6.0.6 and OXID eShop 6.1.5 fixing security issue 2019-002. Please find hotfixes for former versions here.
Besides other bug fixes, this patch release contains a fix for a security issue. Please read this document carefully for more information.
The usage of modern tools like composer helps when deploying PHP application nowadays. Sometimes people miss the good old easy way to do things in a way they are used to. One of those things which got harder by using newer tools is patching the source code in external project dependencies. We faced the challenge here at OXID Professional Services team, too and we found an easy and flexible way to have the benefits of both worlds: using composer with its powerful ecosystem and autoloading functionality, and keep the flexibility to patch packages handled by composer located in the vendor directory of your project.
CVE-2019-13026: With a specially crafted URL, an attacker would be able to gain full access to the administration panel.
Besides other bug fixes and updated components, this patch release contains a fix for a certain security issue. Please carefully read the according security bulletin and consider to update immediately!
This patch release contains a fix for a certain security issue. Please read the according security bulletin carefully and consider updating immediately.
APIs, also known as interfaces between systems, separation of front ends and back ends, data consumers of any kind… are really nothing new in e-commerce. In e-commerce, there have been creative solutions for colourful system landscapes for years. Nevertheless, in 2019 a buzzword like “headless” will be back on the podium. Where until recently “headless” was mentioned in the same breath as REST, another player is now entering the stage of the wider public – and quite rightly so. His name: GraphQL.
OXID eShop 6.1.3 is published and contains some bug fixes, updated components, storefront changes and 14 pull requests from you guys.
In this Codeception tutorial we will write a test for a user story for the search function on the OXID corporate blog. Automated tests offer many advantages for customers, agencies and developers. Apparently, it saves a lot of time and resources.