Security Bulletins 2010-004 and 2010-005 published

marco.steinhaeuser · October 20, 2010, 3:13pm

Hi everybody,

the following security bulletins have been published just now:
http://wiki.oxidforge.org/Security_bulletins/2010-004
http://wiki.oxidforge.org/Security_bulletins/2010-005

Both issues have been addressed in patch 4.4.3 of OXID eShop all editions. Partners, owners of support contracts and NDA owners have been informed when we published patch 4.4.3.

Regards

MBa · October 26, 2010, 4:52pm

Hi,
I have a question.

If you work with a very strong customized template, you don’t can support every template-change in shop updates.

So, is it possible, if there changes for security in the template, to publish them.

I now, its a security question and better don’t publish.
But I think, these bug should be fixed in logic, not in templates. So if there is a security-fix inside templates, please publish.

marco.steinhaeuser · October 28, 2010, 9:56am

Hello Markus,

of course: If there is a way to easily fix such issues via templates or really simple steps, we will publish.

But I think, these bug should be fixed in logic, not in templates

It was done like this.

Regards

MBa · October 28, 2010, 10:55am

Hi Marco,

thanks. If I look in the security bulletins, there is no case like this. So I was not shure.