OXID eShop 6.5.2

Release date: 21-02-2023

With OXID eShop 6.5.2, we close a potential security vulnerability: Passing a URL that contains the force_sid parameter could have resulted in the session being hijacked. In case of a takeover, the attacker would have had access to the user account.

For more information, see our security bulletin at https://docs.oxid-esales.com/en/security/security-bulletins.html#security-bulletin-2023-001.

With PAYONE 1.8.0, new payment methods are available.

In addition, we have fixed minor bugs.

Improvements and adaptations

Display changes in the compilation in the metapackage under https://github.com/OXID-eSales/oxideshop_metapackage_ce/compare/v6.5.1…v6.5.2.

Updated components

We have updated the following components and modules:

• OXID eShop CE (Update from 6.13.0 to 6.14.0): Changelog 6.14.0

• OXID eShop PE (Update from 6.5.2 to 6.5.3)

• OXID eShop EE (Update from 6.8.0 to 6.8.1)

• WYSIWYG Editor + Media Library (Update from 2.4.1 to 2.4.2): Changelog 2.4.2

• PAYONE (update from 1.7.0 to 1.8.0): Changelog 1.80

Compilation components

The compilation contains the following components:

• OXID eShop CE 6.14.0: Changelog 6.14.0

• OXID eShop composer plugin 5.2.2: Changelog 5.2.2

• Theme “Flow” 3.8.1: Changelog 3.8.1

• Theme “Wave” 1.8.0: Changelog 1.8.0

• GDPR Opt-In 2.3.3: Changelog 2.3.3

• Klarna 5.5.3: Changelog 5.5.3

• OXID Cookie Management powered by usercentrics 1.2.1: Changelog 1.2.1

• PAYONE 1.8.0: Changelog 1.8.0

• PayPal 6.5.0: Changelog 6.5.0

• WYSIWYG Editor + Mediathek 2.4.2: Changelog 2.4.2

• Makaira 1.4.2: Changelog 1.4.2

• Unzer Payment für OXID 1.0.0 (EE): Changelog 1.0.0

Installation

To install or upgrade, follow the instructions in the Installation section:

New installation
Installing a minor update
Installing a patch update