News


OXID eShop v6.0.0 stable is published

OXID eShop v6.0.0 is publicly available. You may find it tagged as https://github.com/OXID-eSales/oxideshop_ce/tree/v6.0.0 on GitHub.



FAQ Security Bulletin 2017-002

FAQ for Security bulletin 2017-002: By crawling specially crafted URLs (e.g. by “forced browsing”), an attacker is able to overflow the database.



OXID eShop version 4.9.11 (CE + PE) & 5.2.11 (EE)

Contains a fix for OXID security issue 2017-002, just this one bug fix, no GUI changes. Please see details in security bulletin 2017-002.



OXID eShop version 4.10.6 (CE + PE) & 5.3.6 (EE)

Contains a fix for OXID security issue 2017-002 and some other bug fixes, no GUI changes. Please see details in security bulletin 2017-002.



OXID eShop v6.0.0 RC3 is published

Contains a fix for OXID security issue 2017-002 and some other bug fixes, no GUI changes. Please see details in security bulletin 2017-002.



Security Bulletin 2017-002

CVE-2017-14993: An attacker is able to overflow the shop database over the network, and hence make the shop stop working (denial of service/DoS).



OXID eShop v6.0.0 RC2 is published

OXID eShop v6.0.0 release candidate 2 is publicly available from now on. Please get the most import information from this blog post.



Security Bulletin 2017-001

CVE-2017-12415: Under certain pre-conditions an attacker would be able to hijack the cart session of a client via a Cross-Site Request Forgery (CSRF).



OXID eShop version 4.9.10 (CE + PE) & 5.2.10 (EE)

OXID eShop version 4.9.10 (PE + CE) and 5.2.10 (EE) contains no GUI changes, some bugs fixes, fix for security issue 2017-001.



OXID eShop version 4.10.5 (CE + PE) & 5.3.5 (EE)

Contains some bug fixes. No frontend changes. Please note that this patch release contains a fix for the security issue with a CVSS = 2.2. We will hand out more information about it with the security bulletin 2017-001 next week.



O OXID Developer, Where Art Thou?

This is a note to let you know about a new feature on OXIDforge, OXID Jobs. OXID jobs is a marketplace for people looking for developers but also for developers looking for (freelance) jobs.



OXID eShop v6.0.0 RC1 (partner release) is published

OXID eShop v6.0.0 release candidate 1 (AKA “Partner Release”) is publicly available from now on.