OXID eShop version 6.1.6 was released containing mostly bug fixes as well as a security improvement and ~30 merged pull requests.
OXID eShop v6.2.0 is public. Learn more about what’s new in this version and what’s been changed in this blog post. Best: it contains 80+ contribs from you!
Dependency injection for project developers with OXID eShop to be published with OXID eShop version 6.2.0. This is the first blog article (explaining the basics) of a three-part series.
OXID eShop v6.2.0 RC2 is publicly available. Read this blog post for more information about what is included, what has changed and how to get it.
As usual, we invited all of our solution and platform partners as well as proud members of OXID Savvy Programme on November, 12th to our annual OXID Partner Day. Please find a collection of the tech track slides in this blog post.
CVE-2019-17062: With a specially crafted URL, users with admin rights could unintentionally grant unauthorized users access to the admin panel.
Using a small piece of code from an integration task, I would like to discuss how good and bad practices differ – in the past as well as nowadays.
This patch release contains a fix for a security issue. Please read this document carefully and update your installation as soon as possible!
Today, we published patch releases OXID eShop 6.0.6 and OXID eShop 6.1.5 fixing security issue 2019-002. Please find hotfixes for former versions here.
Besides other bug fixes, this patch release contains a fix for a security issue. Please read this document carefully for more information.
The usage of modern tools like composer helps when deploying PHP application nowadays. Sometimes people miss the good old easy way to do things in a way they are used to. One of those things which got harder by using newer tools is patching the source code in external project dependencies. We faced the challenge here at OXID Professional Services team, too and we found an easy and flexible way to have the benefits of both worlds: using composer with its powerful ecosystem and autoloading functionality, and keep the flexibility to patch packages handled by composer located in the vendor directory of your project.
CVE-2019-13026: With a specially crafted URL, an attacker would be able to gain full access to the administration panel.