Security Bulletin 2018-003

CVE Identifier: CVE-2018-14020: An attacker is able to change the delivery address by bypassing the checkout process when using Paymorrow payment method.



Summer releases 2018: OXID eShop 6.1.0, 6.0.3 and 4.10.8/5.3.8

Two days ago we published three releases, OXID eShop 6.0.1, 6.0.3 and 4.10.8/5.3.8. Please read this blog post for a summary of the changes.



OXID eShop version 6.1.0

OXID eShop 6.1.0 compilation contains two new modules (GDPR Opt-in + Klarna), monolog implementation, form field configuration, possibility to overwrite Smarty plugins with your own modules and is ready for the Personalization Option (EE). oxchkversion was removed from the admin panel.



OXID eShop version 6.0.3

This patch update contains bug fixes (incl. security issues 2018-002 as well as 2018-003), GUI changes have been done. Furthermore, the modules Klarna and GDPR Opt-in were added to the compilation. See details in this listing.



OXID eShop version 4.10.8 (CE + PE) & 5.3.8 (EE)

No GUI changes, no other bugs fixed but security issues 2018-002 and 2018-003, EoL release of OXID eShop series 4.10.



Module development in OXID eShop 6 – benefit from the new features

OXID eShop 6 introduced several improvements to the OXID eShop environment. These changes also have reached the module system, which leads to some new features for developers.



How we temporarily handle the right to data portability (Art. 20 GDPR)

We’ve experienced requests concerning the “Right to data portability” (Art. 20 GDPR) on several channels. The legal text states someat like ” … receive the personal data … in a structured, commonly used and machine-readable format…”. As this is not a clear specification, provide an SQL script for reading out all relevant information from the database. Get the script from this blog post.



Function __isset and model lazy loading with different behaviour in PHP version 7.0.6 or newer

The behaviour of the PHP function __isset was changed with PHP version 7.0.6. OXID eShop makes use of this function __isset for lazy loading, and because of these changes lazy loading might behave unexpectedly in OXID eShop. Please read this blog post to avoid this unexpected behaviour in your projects and/or modules.



Announcing new principles in the OXID core and how you will benefit from them

In order to improve the OXID eShop core code we are going to change some main principles of overwriting classes and methods when changing OXID eShop functionality with modules: methods may now be marked as private. This is not to cut away possibilities; there’ll be other means to catch up with what you want to achieve.



OXID eShop version 6.0.2

This patch update was extraordinarily pushed up to give you a proper time frame to establish the GDPR compliance with OXID eShop. Additionally, we started to introduce new principles of code writing in order to become more flexible, agile and innovative when changing the core. Anyway, this patch update contains bug fixes as well as loads of pull requests.



GDPR compliance with OXID eShop version 6.0.2

We recently released OXID eShop 6.0.2 including some changes in preparation of the upcoming European Data Protection Regulation (GDPR) that will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe.