Security patch for PrestaShop 1.7 is now available.
As part of the extended support policy for PrestaShop 1.7, which involves taking care of critical and security fixes for 1.7.8.x branch, we are releasing today a new patch for this version. This release fixes a few security issues reported by community researchers and upgrades some third-party libraries to their latest versions to ensure the stability and security of your shop.
It is recommended to upgrade your shop quickly in order to benefit from these fixes. Of course, don’t forget to backup before. You can upgrade to the latest version using the 1-Click Upgrade v4.15.0.
- Possible XSS injection through Validate::isCleanHTML method
- Arbitrary file read
- SQL filter bypass leading to arbitrary write requests using “SQL Manager”
- Possible CSRF token fixation
Contributors to this patch version, from both the project members and the community at large:
Franck Lefèvre, Jonathan Lelievre, Mathieu Ferment, Matthieu Rolland, Maxime Flasquin
Since version 184.108.40.206 is a “patch” update, upgrading from version 220.127.116.11 should happen without any issues.
Features will work better, and modules and themes, which worked fine on previous 1.7.8 release, will work just as well with 18.104.22.168. As for every upgrade, it’s highly recommended to do a full manual backup beforehand.
If you encounter any problems during the upgrade that, in your opinion, are not caused by third-party modules or modifications used in your shop, submit a bug report.