OXID eShop version 4.8.11 (CE + PE) & 5.1.11 (EE)

  in / 
  ,

General hints for this package

  • Tested on PHP 5.3 and 5.4

Installation

For update instructions please see
http://www.oxid-esales.com/en/support-services/documentation-and-help/oxid-eshop/installation/oxid-eshop-update-installation.html

Templates

No template changes in this patch.

Improvements

  • Avoid path traversal for downloadable files from the admin panel. This way a user with access to the admin panel might gather access to files of the OXID eShop system. Fix: OXID eShop now checks the path of the file, only file names in specific paths like downloads/ can now be altered. Many thanks Tim Herres of LSExperts (https://lsexperts.de/) for pointing us to that place.
  • Clean up basket after user logs out. (fix for bug #5771)

Fixed Bugs

Bugtrack change log: https://bugs.oxid-esales.com/changelog_page.php?version_id=314

New Features

No new features in this patch.

Important information for developers

See a comparison to the former version on GitHub



You might also like
Security Bulletin 2016-001
OXID eShop version 4.5.3
OXID eShop version 4.8.6 (CE + PE) & 5.1.6 (EE)
OXID eShop version 6.1.5
OXID eShop version 4.6.1
OXID eShop version 4.8.9 (CE + PE) & 5.1.9 (EE)