OXID eShop version 4.9.8 (CE + PE) & 5.2.8 (EE)

General hints for this package

  • Tested on PHP 5.3, 5.4, 5.5 and 5.6
  • Please see this blog post if you run MySQL 5.6 and OXID eShop EE)


For update instructions please see


No template changes in this release.


  • Avoid path traversal for downloadable files from the admin panel. This way a user with access to the admin panel might gather access to files of the OXID eShop system. Fix: OXID eShop now checks the path of the file, only file names in specific paths like downloads/ can now be altered. Many thanks Tim Herres of LSExperts (https://lsexperts.de/) for pointing us to that place.
  • Updated PHPMailer version to 5.2.14 (#4200)
  • Clean up basket after user logs out (#5771)

Fixed Bugs

Bugtrack change log:


New Features

No new features in this patch.

Important information for developers

To see all removed deprecated function, variables and functionality:

See a comparison to the former version on GitHub