Shopware Security Plugin

Changelog

Version 1.1.15

Add fix for possible XSS, DQL and SQL injections

Version 1.1.14

Add fix for possible XSS, CSRF Token Leakage and session fixation

Version 1.1.13

Add fix for remote code executions in the backend, a validation bypass attack and a path traversal in media live migration

Version 1.1.12

- Improved compatibility with composer installations - Protection against calls to the cache folder

Version 1.1.11

Add fix for XSS in newsletter and against an authenticated remote code execution in Shopware < 5.5.1

Version 1.1.10

Improve compatibility with third-party plugins

Version 1.1.9

Add additional integrity checks for the plugin manager

Version 1.1.8

Add fixes for authenticated SQLi, directory traversal vulnerabilities, unallowed currency changes and for vulnerabilities for the password recovery in Shopware < 5.4.3

Version 1.1.7

Fixed problems with the ProductStream preview

Version 1.1.6

Fixes problems with some filters/searches in the backend

Version 1.1.5

Fixes non persistent XSS vulnerabilities in Shopware >=5.2 <= 5.3.6. Improve plugin code and maintainability

Version 1.1.4

Improve compatibility with PHP < 5.5

Version 1.1.3

Improve compatibility with console

Version 1.1.2

Improve compatibility with third-party plugins

Version 1.1.1

Add fixes for authenticated SQLi, XXE and XSS vulnerabilities in Shopware >= 5.0 <= 5.3.3

Version 1.1.0

Add smarty function whitelist for security mode

Version 1.0.0