PrestaShop 8.1.6 Is Available
Security patch for version 8.1 of PrestaShop
A new patch version for PrestaShop 8.1 is now available. This maintenance release fixes 2 security issues.
The security patch for version 8.1 of PrestaShop is now available. It is recommended that you upgrade your shop quickly in order to benefit from these fixes. Of course, don’t forget to create a backup before. You can upgrade to the latest version using the 1-Click Upgrade module. There are no database changes in this release.
You can see a full changelog on the release page.
Important note
This patch introduced backward incompatible change: files uploaded into the upload
folder can’t be served directly by Apache anymore, you will need to use the admin_common_secured_file_image_reader
route as specified in the developer documentation.
Security fixes
Two security issues were fixed in this release. If you want to learn more about the details of these issues you can visit the PrestaShop Security Advisories pages:
- XSS via customer contact form in FO, through file upload - thank you to Ayoub Ait Elmokhtar for the report
- Anonymous customer can download other customers’ invoices - thank you to Samuel Bodevin for the report.
Download
Download PrestaShop 8.1.6 now!
Since version 8.1.6 is a “patch” update, upgrading from previous 8.1.x versions should happen without any issues. As for every upgrade, it’s highly recommended to do a full manual backup beforehand.
If you encounter any problems during the upgrade that, in your opinion, are not caused by third-party modules or modifications used in your shop, submit a bug report.