Shopware

Security Update for Shopware 6.6.5.1: What You Need to Know

admin
May 3, 2026 · 2 min Read time
6651 (1)

Shopware 6.6.5.1 Version

On August 8, 2024, the latest patch release for Shopware was released: Version 6.6.5.1. This update focuses primarily on security enhancements but also fixes some minor bugs. Here is an overview of the key changes and why you should update as soon as possible. Previously, the 6.6.5.0 version was released.

Security-Related Updates

This release is a security update that addresses several critical vulnerabilities:
     
  1. Blind SQL Injection (CVE-2024-42357): A security flaw in DAL aggregations that allows attackers to perform unauthorized SQL queries.
    2.  
  2. Server Side Template Injection in Twig (CVE-2024-42356 & CVE-2024-42355): Two vulnerabilities that make it possible to inject malicious code via Twig templates.
    3.  
  3. Insufficient Access Controls in the Store API (CVE-2024-42354): A vulnerability that allows unauthorized access to data via ManyToMany associations.
These security gaps make the update particularly important. It is strongly recommended to update to version 6.6.5.1 to protect your Shopware installation from potential attacks.

Bug Fixes

In addition to the security updates, this release also contains three bug fixes:
     
  • PayPal Display Issues: After the update to version 6.6.4.1, all payment methods were incorrectly displayed. This error has now been fixed.
    •  
  • Improvement of Media URL Processing: The type of the MediaUrlPlaceholderHandler class has been changed to optimize the processing of media URLs.
    •  
  • Visible Icons in Front of Submenus: A rendering error where icons were visible in front of submenus has also been corrected.

Conclusion

Shopware 6.6.5.1 is a small but crucial update that primarily targets security. In addition to fixing vulnerabilities, several minor bugs were ironed out. To ensure the security of your shop, you should perform the update as soon as possible. https://developer.shopware.com/release-notes/6.6/6.6.5.1.html
Check out our article on Resolving the Empty Slider Issue in Product Slider CMS Element for Shopware 6.6.5.0 and Higher

Ähnliche Beiträge