A few months ago, the PrestaShop core team has decided to make a forthright patch release process and deliver patch versions on a more regular basis, every time it’s needed. So here we are, 6 weeks after the release of, PrestaShop is now available! is available!

This maintenance release is a bit special as it does not only fix regressions found on version to, but it also has put a focus on fixing many security issues, from 1.5, 1.6 and 1.7 versions. This is a result of a huge work on security which has been started a few weeks ago to ensure more security on the PrestaShop software. In the near future, PrestaShop will focus more and more on security to ensure that no security breaches, even minor ones such as permission issues, are left out in the core.

As this patch fixes several security issues, we highly recommend to upgrade your shop as soon as possible. Of course, as always, don’t forget to backup before.

Reminder: the 1-Click Upgrade module’s latest version is v4.10.1, don’t forget to upgrade it.

Main fixes

Below are listed the 7 regressions that were found and fixed in this version, impacting both front-office and back-office.

Front-office regressions:

  • When editing an address both in the customer account and checkout, a new address was created instead of replacing it - #18100 and #18072
  • Canonical redirects for products with combinations no longer worked, which could cause duplicate content #18279

Back-office regressions:

  • When adding a cart rule to an order from the back-office, the value discount was not correct #18630
  • Searching a category with the quick search no longer redirected to the category edition page - #17908
  • The help card was no longer displayed on view order and new employee pages - #18279 and #18615
  • In the customer view page, the number of “last emails” was incorrect - #18602
  • It was not possible to access the translation interface for the Serbian language - #18062

Security fixes

Some security fixes have been included in this patch version to ensure an improved core reliability. Thanks a lot to Rabhi for finding a lot of these issues !

Improper access controls:

Reflected XSS:

Open redirection:

A few security issues have also been fixed on native modules:

More information about why it’s important to update:

Other main changes

Improved installation under CLI by adding the “rewrite” parameter in “index_cli.php” to enable the rewrite engine (Pull request #18491).

Read the full changelog here.


Contributors to this patch version, from both the Core team and the community at large: Franck Lefèvre, Ibrahima Sow, Jonathan Lelievre, Louise Bonnard, Matthieu Rolland, Pablo Borowicz, Pierre Rambaud, PululuK. Thank you!

Download PrestaShop now!

Since version is a “patch” update to version, upgrading from any 1.7.6 version will be easy: features will work better, and modules & themes which worked fine on 1.7.6.x will work just as well with Upgrades from a standard 1.7.x version should work just as well.