Prestashop 1.7.6.5 is released

Prestashop 1.7.6.5 is released

Hi All, Prestashop 1.7.6.5 is available. Some fixes in backend, frontend and security are done. Make sure to upgrade to latest version in order to get a stable and secure eShop. If you have any question on upgrade, please feel free to let us know.

Main fixes

Below are listed the 7 regressions that were found and fixed in this version, impacting both front-office and back-office.

Front-office regressions:

  • When editing an address both in the customer account and checkout, a new address was created instead of replacing it
  • Canonical redirects for products with combinations no longer worked, which could cause duplicate content

Back-office regressions:

  • When adding a cart rule to an order from the back-office, the value discount was not correct
  • Searching a category with the quick search no longer redirected to the category edition page –
  • The help card was no longer displayed on view order and new employee pages –
  • In the customer view page, the number of “last emails” was incorrect –
  • It was not possible to access the translation interface for the Serbian language –

Security fixes

Some security fixes have been included in this patch version to ensure an improved core reliability. Thanks a lot to Rabhi for finding a lot of these issues !

Improper access controls:

  • on product page with combinations, attachments and specific prices
  • on product attributes page
  • on customers search
  • on several other pages

Reflected XSS:

  • related in import page (security advisory)
  • with back parameter (security advisory)
  • on Exception page (security advisory)
  • on AdminCarts page (security advisory)
  • on Search page (security advisory)
  • on dashboard calendar (security advisory)
  • on AdminFeatures page (security advisor)
  • on AdminAttributesGroups page (security advisory)
  • in security compromised page (security advisory)

Open redirection:

  • with the back parameter (security advisory)

A few security issues have also been fixed on native modules:

  • Faceted Search – Reflected XSS with url_name parameter (security advisory)
  • Social follow – Reflected XSS with social networks fields (security advisory)
  • Link List – Stored XSS on back office edit page (security advisory) and stored XSS with custom URLs (security advisory)

More information about why it’s important to update:

The detail please look at the following link

https://build.prestashop.com/news/prestashop-1-7-6-5-maintenance-release/

There are no reviews yet.

Leave a Reply

Your email address will not be published. Required fields are marked *



Start typing and press Enter to search