Shopware - Browse /v6.7.8.1 at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
README.md	2026-03-09	2.2 kB	0
Security Release v6.7.8.1 source code.tar.gz	2026-03-09	10.7 MB	0
Security Release v6.7.8.1 source code.zip	2026-03-09	18.4 MB	0
Totals: 3 Items		29.1 MB	0

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Critical Fixes

Double signature verification in app-reregistration flow

Introduces a secure, asynchronous app secret rotation feature to the app system, including both API and CLI interfaces. Added a new API endpoint and command for rotating app secrets, implemented the underlying rotation logic, and adjusted the app registration process to support secret updates and dual signature confirmation. This increases security by enforcing a two-step verification process during app re-registration, ensuring that only authorized parties can update app secrets.

LoginRoute and AccountService don't throw CustomerNotFoundException

The LoginRoute and AccountService have been updated to no longer throw a CustomerNotFoundException when a login attempt is made with an email address that does not exist in the system. Instead, they will now throw a generic BadCredentialsException without revealing whether the email address is registered or not. This change enhances security by preventing potential attackers from enumerating valid email addresses through error messages.

Improve OrderRoute deepLinkCode filter type validation

Improve the logic in \Shopware\Core\Checkout\Order\SalesChannel\OrderRoute::load to ensure the deepLinkCode filter is an instance of \Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter.