Jump to content

[Build] Release Of PrestaShop 1.7.6.6


blog-posts

Recommended Posts

The ongoing work on security for PrestaShop software continues. We have identified and fixed new minor security issues and since we don’t expect PrestaShop 1.7.7.0 final to be released before a few weeks, it has been decided to deliver a new maintenance release for 1.7.6.X branch.

1.7.6.6 is available!

Similarly to 1.7.6.5, this maintenance release fixes not only regressions found on versions 1.7.6.0 to 1.7.6.5, but also a few security issues from 1.5, 1.6 and 1.7 versions. This is again a result of the huge work on security going on in 2020 to make PrestaShop software safer. PrestaShop will continue focusing more and more on security to ensure that no security breaches, even minor ones such as permission issues, are left out in the core.

As this patch fixes several security issues, we highly recommend to upgrade your shop as soon as possible. Of course, as always, don’t forget to backup before.

Reminder: the 1-Click Upgrade module’s latest version is v4.10.1, don’t forget to upgrade it.

Main fixes

Below are listed the 6 regressions that were found and fixed in this version:

Front-office regression:

  • A BC break was mistakenly introduced in 1.7.6.5 on some selectors in the front-office #18509

Back-office regressions:

  • It was not possible to use Stocks page without the rights for Translation page #19713
  • Bad button color in Modules pages modal window #9699
  • No success message in Customer page after editing a voucher #18842

Other regressions:

  • It was not possible to update currencies using the Webservice #18865
  • There was an error at the end of the upgrade if it was run manually #18723

Security fixes

7 security fixes have been included in this patch version:

More information about why it is important to update:

Read the full changelog here.

Notable change

In order to correctly handle user session expiration, two new SQL tables have been added to PrestaShop MySQL schema: ps_customer_session and ps_employee_session. These SQL tables are used for security purposes.

Breaking or risky changes

Dashboard modules can no longer use AdminDashboardController::ajaxProcessSaveDashConfig() to save values. This is not possible anymore in PrestaShop 1.7.6.6 in order to enforce the shop’s security.

A bug fix included in 1.7.6.5 required changing a CSS selector in the Front Office’s product page and rendering it more specific. However, this new selector did not work with some third party themes which were based on Classic. In 1.7.6.6, a new generic selector has been added: .product-container. If you are a theme developer, make sure to add this class to the appropriate container on your product page in order to allow your product page to be refreshed on changes.

Acknowledgments

Core Team contributors to this patch version: Franck Lefèvre, Jonathan Lelievre, Pierre Rambaud, Mathieu Ferment, Matthieu Rolland, Thomas Baccelli, Valentin Szczupak. Thank you!

Download PrestaShop 1.7.6.6 now!

Since version 1.7.6.6 is a “patch” update to version 1.7.6.5, upgrading from any 1.7.6 version will be easy: features will work better, and modules & themes which worked fine on 1.7.6.x will work just as well with 1.7.6.6. Upgrades from a standard 1.7.x version should work just as well.

View the full article

Link to comment
Share on other sites

×
×
  • Create New...