The ongoing work on security for PrestaShop software continues. We have identified and fixed new minor security issues, it has been decided to deliver a new maintenance release for 1.7.6.X branch.
Reminder: the 1-Click Upgrade module’s latest version is v4.10.1, don’t forget to upgrade it.
Security fixes
4 security fixes have been included in this patch version:
- Stored XSS in upload files (security advisory)
- Blind SQLi in Catalog Product edition (security advisory)
- Potential XSS injection with contact form (security advisory)
We also include an updated version of the contactform module
- Potential XSS injection with contact form (security advisory)
More information about why it is important to update:
Notable change
Because of mail sending issues, two methods have been removed from the Mail::send
method. Functions htmlentitiesDecodeUTF8
and stripslashes
are no longer executed before sending the mail.
Download PrestaShop 1.7.6.8 now!
Since version 1.7.6.8 is a “patch” update to version 1.7.6.7, upgrading from any 1.7.6 version will be easy: features will work better, and modules & themes which worked fine on 1.7.6.x will work the same with 1.7.6.8. Upgrades from a standard 1.7.x version should work just as well.