OXID eShop 6.5.2

Release date: 21-02-2023

With OXID eShop 6.5.2, we close a potential security vulnerability: Passing a URL that contains the force_sid parameter could have resulted in the session being hijacked. In case of a takeover, the attacker would have had access to the user account.

For more information, see our security bulletin at https://docs.oxid-esales.com/en/security/security-bulletins.html#security-bulletin-2023-001-cve-2023-26260.

With PAYONE 1.8.0, new payment methods are available.

In addition, we have fixed minor bugs.

Improvements and adaptations

Display changes in the compilation in the metapackage under https://github.com/OXID-eSales/oxideshop_metapackage_ce/compare/v6.5.1…v6.5.2.

Updated components

We have updated the following components and modules:

  • OXID eShop CE (Update from 6.13.0 to 6.14.0): Changelog 6.14.0

  • OXID eShop PE (Update from 6.5.2 to 6.5.3)

  • OXID eShop EE (Update from 6.8.0 to 6.8.1)

  • WYSIWYG Editor + Media Library (Update from 2.4.1 to 2.4.2): Changelog 2.4.2

  • PAYONE (update from 1.7.0 to 1.8.0): Changelog 1.80

Compilation components

The compilation contains the following components:

Installation

To install or upgrade, follow the instructions in the Installation section:

New installation
Installing a minor update
Installing a patch update