Security Bulletin 2019-002
CVE-2019-17062: With a specially crafted URL, users with admin rights could unintentionally grant unauthorized users access to the admin panel.
Good and bad software practices past and present
Using a small piece of code from an integration task, I would like to discuss how good and bad practices differ – in the past as well as nowadays.
OXID eShop version 6.0.6
This patch release contains a fix for a security issue. Please read this document carefully and update your installation as soon as possible!
Hotfixes for OXID eShop v4.9, v4.10, v5.2 and v5.3 (Security Issue 2019-002)
Today, we published patch releases OXID eShop 6.0.6 and OXID eShop 6.1.5 fixing security issue 2019-002. Please find hotfixes for former versions here.
OXID eShop version 6.1.5
Besides other bug fixes, this patch release contains a fix for a security issue. Please read this document carefully for more information.
Applying patches to OXID eShop projects with composer
The usage of modern tools like composer helps when deploying PHP application nowadays. Sometimes people miss the good old easy way to do things in a way they are used to. One of those things which got harder by using newer tools is patching the source code in external project dependencies. We faced the challenge here at OXID Professional Services team, too and we found an easy and flexible way to have the benefits of both worlds: using composer with its powerful ecosystem and autoloading functionality, and keep the flexibility to patch packages handled by composer located in the vendor directory of your project.
Security Bulletin 2019-001
CVE-2019-13026: With a specially crafted URL, an attacker would be able to gain full access to the administration panel.
OXID eShop version 6.1.4
Besides other bug fixes and updated components, this patch release contains a fix for a certain security issue. Please carefully read the according security bulletin and consider to update immediately!
OXID eShop version 6.0.5
This patch release contains a fix for a certain security issue. Please read the according security bulletin carefully and consider updating immediately.
OXID implements GraphQL
APIs, also known as interfaces between systems, separation of front ends and back ends, data consumers of any kind… are really nothing new in e-commerce. In e-commerce, there have been creative solutions for colourful system landscapes for years. Nevertheless, in 2019 a buzzword like “headless” will be back on the podium. Where until recently “headless” was mentioned in the same breath as REST, another player is now entering the stage of the wider public – and quite rightly so. His name: GraphQL.
OXID eShop version 6.1.3
OXID eShop 6.1.3 is published and contains some bug fixes, updated components, storefront changes and 14 pull requests from you guys.
Codeception tutorial acceptance test
In this Codeception tutorial we will write a test for a user story for the search function on the OXID corporate blog. Automated tests offer many advantages for customers, agencies and developers. Apparently, it saves a lot of time and resources.