OXID eShop version 4.9.8 (CE + PE) & 5.2.8 (EE)

General hints for this package

  • Tested on PHP 5.3, 5.4, 5.5 and 5.6
  • Please see this blog post if you run MySQL 5.6 and OXID eShop EE)

Installation

For update instructions please see
http://www.oxid-esales.com/en/support-services/documentation-and-help/oxid-eshop/installation/oxid-eshop-update-installation.html

Templates

No template changes in this release.

Improvements

  • Avoid path traversal for downloadable files from the admin panel. This way a user with access to the admin panel might gather access to files of the OXID eShop system. Fix: OXID eShop now checks the path of the file, only file names in specific paths like downloads/ can now be altered. Many thanks Tim Herres of LSExperts (https://lsexperts.de/) for pointing us to that place.
  • Updated PHPMailer version to 5.2.14 (#4200)
  • Clean up basket after user logs out (#5771)

Fixed Bugs

Bugtrack change log:

https://bugs.oxid-esales.com/changelog_page.php?version_id=315
https://bugs.oxid-esales.com/changelog_page.php?version_id=314

New Features

No new features in this patch.

Important information for developers

To see all removed deprecated function, variables and functionality:
http://wiki.oxidforge.org/Tutorials/Removed_deprecated_source

See a comparison to the former version on GitHub