News


Security Bulletin 2018-001

CVE Identifier: CVE-2018-5763: An attacker is able to bring servers to standstill by calling specially crafted URLs if OXID High Performance Option is activated and Varnish is used (denial of service/DoS).



OXID eShop version 4.10.7 (CE + PE) & 5.3.7 (EE)

No GUI changes, no other bugs fixed but security issue 2018-001, non-widget classes must extend oxWidget, updated Amazon, Paypal and VCMS modules.



OXID eShop version 6.0.1

OXID eShop version 6.0.1 is released and contains a fix for a security issue if you run High Performance Option plus Vagrant. Additionally bug fixes and GUI changes.



OXID eShop v6.0.0 stable is published

OXID eShop v6.0.0 is publicly available. You may find it tagged as https://github.com/OXID-eSales/oxideshop_ce/tree/v6.0.0 on GitHub.



FAQ Security Bulletin 2017-002

FAQ for Security bulletin 2017-002: By crawling specially crafted URLs (e.g. by “forced browsing”), an attacker is able to overflow the database.



OXID eShop version 4.9.11 (CE + PE) & 5.2.11 (EE)

Contains a fix for OXID security issue 2017-002, just this one bug fix, no GUI changes. Please see details in security bulletin 2017-002.



OXID eShop version 4.10.6 (CE + PE) & 5.3.6 (EE)

Contains a fix for OXID security issue 2017-002 and some other bug fixes, no GUI changes. Please see details in security bulletin 2017-002.



OXID eShop v6.0.0 RC3 is published

Contains a fix for OXID security issue 2017-002 and some other bug fixes, no GUI changes. Please see details in security bulletin 2017-002.



Security Bulletin 2017-002

CVE-2017-14993: An attacker is able to overflow the shop database over the network, and hence make the shop stop working (denial of service/DoS).



OXID eShop v6.0.0 RC2 is published

OXID eShop v6.0.0 release candidate 2 is publicly available from now on. Please get the most import information from this blog post.



Security Bulletin 2017-001

CVE-2017-12415: Under certain pre-conditions an attacker would be able to hijack the cart session of a client via a Cross-Site Request Forgery (CSRF).



OXID eShop version 4.9.10 (CE + PE) & 5.2.10 (EE)

OXID eShop version 4.9.10 (PE + CE) and 5.2.10 (EE) contains no GUI changes, some bugs fixes, fix for security issue 2017-001.