Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware. This is a security vulnerability that could affect the entire system. All Shopware versions including Shopware 5.2.24 are affected. It is imperative that security updates be performed for every Shopware shop. Our current software version 5.2.25 already contains the required security update. You can upgrade to the new version 5.2.25 using the auto-update function in your backend or by downloading the release from our download page.
Alternatives for securing your system:
If you are unable to upgrade your system to version 5.2.25 (recommended), you have another option for securing your system:
1) Download the following plugin: SwagSecurity (opens .zip)
2) Log into your Shopware backend and open the Plugin Manager
3) Click on “Installed” (located on the left side of the window)
4) Click on “Upload plugin” and select the plugin linked above
5) Finally, install and activate the plugin within the overview in the Plugin Manager
This is a general security plugin. In the future, potential security gaps can be fixed by updating this plugin. However, it is always recommended to update to the latest patchversion of Shopware.