PrestaShop 8.0.5 Is Available
Security patch for 8.0.x branch is available
The fifth patch version for PrestaShop 8 is now available to download! This release contains a few security fixes, so we highly recommend you to upgrade your shop as soon as possible.
PrestaShop 8.0.x branch is no longer supported since the release of PrestaShop 8.1, but due to the high severity of the security issues fixed in this release, we decided to release a patch version for this branch.
Apart from the security fixes, this release also contains a few bug fixes. Most notable are:
- Fix disabling a module for a specific shop applied to all shops
- Add string casting for boolean fields to avoid critical issues on PHP8+
- Fix for issue with PDF files being always in English if generated from back office
For more details regarding security fixes, you can check the security advisories section below.
You can go to the release page to see a full changelog.
It is recommended to upgrade your shop quickly in order to benefit from these fixes. Of course, don’t forget to backup before. You can upgrade to the latest version using the 1-Click Upgrade module.
Security advisories
- SQL manager vulnerability (potential RCE)
- New possible XSS injection through Validate::isCleanHTML method
Acknowledgments
Contributors to this patch version, from both the project members and the community at large, include:
Boubker Bribri, Codencode, Daniel Hlavacek, Fabien Papet, Franck Lefèvre, Jonathan Lelievre, Krystian Podemski, Mathieu Ferment, Matthieu Rolland, Maxime Flasquin, Nesrine Abdmouleh, Nicolas Lœuillet, PICHAT Morgan, Thomas Leone.
Thank you!
Download PrestaShop 8.0.5 now!
Since version 8.0.5 is a “patch” update, upgrading from previous 8.0.x versions should happen without any issues. As for every upgrade, it’s highly recommended to do a full manual backup beforehand.
If you encounter any problems during the upgrade that, in your opinion, are not caused by third-party modules or modifications used in your shop, submit a bug report.