OXID eShop version 4.8.11 (CE + PE) & 5.1.11 (EE)

  in / 
  ,

General hints for this package

  • Tested on PHP 5.3 and 5.4

Installation

For update instructions please see
http://www.oxid-esales.com/en/support-services/documentation-and-help/oxid-eshop/installation/oxid-eshop-update-installation.html

Templates

No template changes in this patch.

Improvements

  • Avoid path traversal for downloadable files from the admin panel. This way a user with access to the admin panel might gather access to files of the OXID eShop system. Fix: OXID eShop now checks the path of the file, only file names in specific paths like downloads/ can now be altered. Many thanks Tim Herres of LSExperts (https://lsexperts.de/) for pointing us to that place.
  • Clean up basket after user logs out. (fix for bug #5771)

Fixed Bugs

Bugtrack change log: https://bugs.oxid-esales.com/changelog_page.php?version_id=314

New Features

No new features in this patch.

Important information for developers

See a comparison to the former version on GitHub



You might also like
OXID eShop 6.2.0 published OXID eShop version 4.1.2
OXID eShop 6.2.0 published Security bulletin: 2014-002
OXID eShop 6.2.0 published OXID eShop version 6.2.3
OXID eShop 6.2.0 published OXID eShop version 4.5.2
OXID eShop 6.2.0 published OXID eShop version 4.5.1
OXID eShop 6.2.0 published Security bulletin: 2010-005