OXID eShop versions 4.8.12/5.1.12 & 4.9.9/5.2.9 published containing a security fix

Hi everybody,

today, OXID eShop versions 4.8.12 and 5.1.12 as well as 4.9.9 and 5.2.9 were published. They contain an important fix for a very certain security issue CVE-2016-5072. Please update your installation as soon as possible!

Please find the release notes here:

Security Bulletin:



Hi Marco,

I just implemented the patch from 4.8.0 to 4.8.12 for a quick solution. I then tried to download the cummulative package from 4.8.12 to 4.9.9 in order to have a look at the necessary changes for running an upgrade. Unfortunately it was not possible to download any version from 4.8.10 onwards to 4.9.9. Instead the error message “The requested package was not found.” was shown.
Could you please tell me if there will be a cummulative package from 4.8.12 to 4.9.9 or 4.10 in future.


Hey Jay,

yes, there will be cumulative packages most likely by the end of this week. Thanks for reporting it. Apparently there was a configuration problem in our CI.


That’s great, thx! :slight_smile:

None of the mentioned versions (no update no full version) can be downloaded at present ?

you can get full version from github

Noted but please provide links where these fixed versions can be downloaded.