OXID eShop version 4.9.9 (CE + PE) & 5.2.9 (EE)

General hints for this package

  • This OXID eShop version contains an important fix for a critical security issue. Please also see the security bulletin 2016-001 (CVE-2016-5072) as well as the FAQ page for it in order to get more information.
  • Tested on PHP 5.3, 5.4, 5.5 and 5.6
  • Please see this blog post if you run MySQL 5.6 and OXID eShop EE)


For update instructions please see


Exceptionally, this patch contains a slight template change in the storefront.

Fixed Bugs

  • 0006385: Admin account can be hacked
  • 0006319: [{oxprice}] smarty tag displays the default currency separator

New Features

No new features in this patch.

Important information for developers

No important information for developers

1 reply

Trackbacks & Pingbacks

  1. […] Release notes für OXID eShop 4.9.9 und 5.2.9 […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply to FAQ OXID Security Bulletin 2016-001 • OXIDforge Cancel reply

Your email address will not be published.