blog-posts Posted September 24, 2020 Share Posted September 24, 2020 The ongoing work on security for PrestaShop software continues. We have identified and fixed new minor security issues, it has been decided to deliver a new maintenance release for 1.7.6.X branch. Reminder: the 1-Click Upgrade module’s latest version is v4.10.1, don’t forget to upgrade it. Security fixes 4 security fixes have been included in this patch version: Stored XSS in upload files (security advisory) Blind SQLi in Catalog Product edition (security advisory) Potential XSS injection with contact form (security advisory) We also include an updated version of the contactform module Potential XSS injection with contact form (security advisory) More information about why it is important to update: Cross-site Scripting (XSS) SQL Injection (CWE-89) Notable change Because of mail sending issues, two methods have been removed from the Mail::send method. Functions htmlentitiesDecodeUTF8 and stripslashes are no longer executed before sending the mail. Download PrestaShop 1.7.6.8 now! Since version 1.7.6.8 is a “patch” update to version 1.7.6.7, upgrading from any 1.7.6 version will be easy: features will work better, and modules & themes which worked fine on 1.7.6.x will work the same with 1.7.6.8. Upgrades from a standard 1.7.x version should work just as well. View the full article 1 Link to comment Share on other sites More sharing options...
Recommended Posts