Security Bulletin 2019-002
CVE-2019-17062: With a specially crafted URL, users with admin rights could unintentionally grant unauthorized users access to the admin panel.
CVE-2019-17062: With a specially crafted URL, users with admin rights could unintentionally grant unauthorized users access to the admin panel.
Using a small piece of code from an integration task, I would like to discuss how good and bad practices differ – in the past as well as nowadays.
This patch release contains a fix for a security issue. Please read this document carefully and update your installation as soon as possible!
Today, we published patch releases OXID eShop 6.0.6 and OXID eShop 6.1.5 fixing security issue 2019-002. Please find hotfixes for former versions here.
Besides other bug fixes, this patch release contains a fix for a security issue. Please read this document carefully for more information.
The usage of modern tools like composer helps when deploying PHP application nowadays. Sometimes people miss the good old easy way to do things in a way they are used to. One of those things which got harder by using newer tools is patching the source code in external project dependencies. We faced the challenge here at OXID Professional Services team, too and we found an easy and flexible way to have the benefits of both worlds: using composer with its powerful ecosystem and autoloading functionality, and keep the flexibility to patch packages handled by composer located in the vendor directory of your project.
CVE-2019-13026: With a specially crafted URL, an attacker would be able to gain full access to the administration panel.
Besides other bug fixes and updated components, this patch release contains a fix for a certain security issue. Please carefully read the according security bulletin and consider to update immediately!
This patch release contains a fix for a certain security issue. Please read the according security bulletin carefully and consider updating immediately.
APIs, also known as interfaces between systems, separation of front ends and back ends, data consumers of any kind… are really nothing new in e-commerce. In e-commerce, there have been creative solutions for colourful system landscapes for years. Nevertheless, in 2019 a buzzword like “headless” will be back on the podium. Where until recently “headless” was mentioned in the same breath as REST, another player is now entering the stage of the wider public – and quite rightly so. His name: GraphQL.
OXID eShop 6.1.3 is published and contains some bug fixes, updated components, storefront changes and 14 pull requests from you guys.
In this Codeception tutorial we will write a test for a user story for the search function on the OXID corporate blog. Automated tests offer many advantages for customers, agencies and developers. Apparently, it saves a lot of time and resources.
This website uses cookies to ensure you get the best experience on our website. If you continue browsing this site, you agree to the use of cookies.
Got it!We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visist to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds: