The first patch for PrestaShop 8.1 is available. This release contains a few security fixes, so we highly recommend you to upgrade your shop as soon as possible.
Version 8.1.1 fixes a few security issues found by security researchers and solves a great number of bugs reported by the community and project’s Quality Assurance team.
You can go to the release page to see a full changelog, but it’s worth mentioning a few notable bug fixes:
- Check if product is active and orderable during checkout
- Fix for product editor not storing some fields in multi shop context
- Register commonly used deprecated modifiers to Smarty config to avoid warnings in back office
- Fix for child themes/multishop themes translations
- Fix for issue with PDF files being always in English if generated from back office
Some of those issues were reported on multiple occasions, so we are happy to finally have them fixed. We would like to thank everyone who reported the issues and helped us fix them.
For more details regarding security fixes, you can check the security advisories section below.
It is recommended to upgrade your shop quickly in order to benefit from these fixes. Of course, don’t forget to backup before. You can upgrade to the latest version using the 1-Click Upgrade module.
- Boolean SQL injection possible in search product in BO
- In the back office, files can be compromised using path traversal by replaying the import file
- SQL manager vulnerability (potential RCE)
- New possible XSS injection through Validate::isCleanHTML method
- Reading a file through path traversal
- File deletion via attachment API
- File deletion via CustomerMessage
Contributors to this patch version, from both the project members and the community at large, include:
Antonin Clauzier, Boris Hermans, Boubker Bribri, Codencode, Daniel Hlavacek, Fabien Papet, Fatima Mazhit, Franck Lefèvre, Ibrahima Sow, Jens Wilke, jolelievre, Jonathan Lelievre, Krystian Podemski, Mathieu Ferment, Matthieu Rolland, Maxime Flasquin, Nesrine Abdmouleh, Nicolas Lœuillet, PICHAT Morgan, Thomas Leone.
Since version 8.1.1 is a “patch” update, upgrading from previous 8.1.x versions should happen without any issues. As for every upgrade, it’s highly recommended to do a full manual backup beforehand.
If you encounter any problems during the upgrade that, in your opinion, are not caused by third-party modules or modifications used in your shop, submit a bug report.