Release Of PrestaShop 1.7.6.8

The ongoing work on security for PrestaShop software continues. We have identified and fixed new minor security issues, it has been decided to deliver a new maintenance release for 1.7.6.X branch.

Reminder: the 1-Click Upgrade module’s latest version is v4.10.1, don’t forget to upgrade it.

Security fixes

4 security fixes have been included in this patch version:

• Stored XSS in upload files (security advisory)
• Blind SQLi in Catalog Product edition (security advisory)
• Potential XSS injection with contact form (security advisory)

We also include an updated version of the contactform module

• Potential XSS injection with contact form (security advisory)

More information about why it is important to update:

• Cross-site Scripting (XSS)
• SQL Injection (CWE-89)

Notable change

Because of mail sending issues, two methods have been removed from the Mail::send method. Functions htmlentitiesDecodeUTF8 and stripslashes are no longer executed before sending the mail.

Download PrestaShop 1.7.6.8 now!

Since version 1.7.6.8 is a “patch” update to version 1.7.6.7, upgrading from any 1.7.6 version will be easy: features will work better, and modules & themes which worked fine on 1.7.6.x will work the same with 1.7.6.8. Upgrades from a standard 1.7.x version should work just as well.