Articles about Security
-
Bug Bounty Program, the retrospective
When hunters make your business safer!
For several months, we experimented a Bug Bounty Program with the YesWeHack platform. Here is a retrospective, explaining why we did it, and what happened during this period.
Continue reading -
Announcing our first Bug Bounty program
It's time to make PrestaShop better and safer that it already is!
Protecting the business, data and privacy of PrestaShop’s users is one of our top priorities. We build our software with this goal in mind. That’s why we decided to put our security to the test. To encourage the security community to help us, today we are announcing our first bug bounty program!
Continue reading -
Release Of PrestaShop 1.7.6.6
Maintenance version of the 1.7.6.X branch
The ongoing work on security for PrestaShop software continues. We have identified and fixed new minor security issues and since we don’t expect PrestaShop 1.7.7.0 final to be released before a few weeks, it has been decided to deliver a new maintenance release for 1.7.6.X branch.
Continue reading -
We were at Google's CMS Security Summit 2020
PrestaShop continues working together with Google and the top CMS vendors for a safer web.
Once again, open source CMSs Security leads shared knowledge together last February at an event organized by Google in Munich.
Continue reading -
Release Of PrestaShop 1.7.6.5
Maintenance version of the 1.7.6.X branch
A few months ago, the PrestaShop core team has decided to make a forthright patch release process and deliver patch versions on a more regular basis, every time it’s needed. So here we are, 6 weeks after the release of 1.7.6.4, PrestaShop 1.7.6.5 is now available!
Continue reading -
Release Of PrestaShop 1.7.6.4
MAINTENANCE VERSION OF THE 1.7.6.X BRANCH
PrestaShop 1.7.6.4 is finally available! A critical security issue and regressions found on the previous 1.7.6 versions have been fixed. Upgrading your shop is highly recommended.
Continue reading -
Security issue with PHPUnit, post-incident analysis
The mysterious development dependencies!
Early January, we encountered a security issue with PHPUnit in some modules that allowed attackers to perform arbitrary code execution without authorization through the PHPUnit dependency. This vulnerability was discovered through a merchant whose shops were compromised.
Continue reading -
Critical security vulnerability in PrestaShop modules
A newly found exploit could allow remote attackers to take control of your shop.
Attackers are using a vulnerability in a popular dependency used by modules to take control of PrestaShop sites. For details, please read the entire article.
Continue reading -
Release of PrestaShop 1.7.5.2 and 1.6.1.24
Maintenance version of the 1.7.5.x and 1.6.1.x branch
PrestaShop 1.7.5.2 and 1.6.1.24 are now available. These versions fix a security issue for both 1.7.5.x and 1.6.1.x. For the details, please read below:
Continue reading -
We were at the CMS Security Summit with Google
Security is very important for PrestaShop
PrestaShop and other open source CMSs are working together to improve the security of websites.
Continue reading