New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 1.7.8.8 #28522
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
@Murat-06 You need to open a feature request in order for your ideas to be analyzed -> https://github.com/PrestaShop/PrestaShop/issues/new?assignees=&labels=Bug%2CNew&template=1_bug_report.yml |
Date updateAs we focus on 8.0.0 for now, expected release date has been set for 18th of July |
Date updateThe QA team focus is autoupgrade module, it is needed to explore whether upgrade from 1.7.x versions to 8.0.0 are OK and register known issues. Following this exploration 1.7.8.7 build, test and release will be possible. |
Is this going to be delayed? |
@letwang Yes, as mentioned above we are right now focusing on the autoupgrade testing campaign for 8.0.0 and it requires most of the QA team capacity so it we cannot test the 1.7.8.7 at the same time |
The implication is that the current latest stable version 1.7.8.6 will exist for a long time? |
It depends what you call a long time. I think 1.7.8.7 will be delivered somewhere in August or September, so 2 months. It's just a guess though. |
Scope and version updateFollowing the discovery of a major security vulnerability, the version 1.7.8.7 will be a security patch release targeting the attack. This version, initially planned to be 1.7.8.7, will become 1.7.8.8 . |
Good Job~ |
how does update to (SmartyCacheResourceMysql.php) and will fix this security vulnerability? is latest update a joke? |
Could you elaborate @vavrecan? |
can you explain how just changing way how the data is written in SQL query will affect the exploitation? does it mean there is security issue of how pSQL is escaping queries? |
We compared 1.7.8.7 and 1.7.8.6 releases - and only relevant differences for major security vulnerability was just this change in SmartyCacheResourceMysql.php. It does not look right |
This fixes an attack where there's no access to files from the core and encryption keys. The data from the cache table is now secured, if you try to inject something there without knowing the encryption key, it will fail. |
is it safe to trust output of $this->phpEncryption->encrypt? |
i am just having a hard time to understanding the vulnerability - i though smarty_cache table is only accessed from SmartyCacheResourceMysql.php file |
The other way is with a SQL injection. |
Most important thing you need to know: It is a valid fix for a vulnerability that the team found :) |
@ismartfridge are you using MySQL cache for Smarty? You can check that in the Preferences -> Performance tab |
I use file system cache type since always. |
Search api-addons.prestashop.com and api.addons.prestashop.com all over the site, but we’ve already found it for you, 3 places in total.
Replace all the above URLs with local(127.0.0.1) virtual addresses. Here, if necessary, it is best to clear the cache file again.
|
Hi @letwang @matks |
What are the current plans for this version release? Still keeping the 6 weeks release cycle? |
As mentioned here priority is given to PrestaShop 8.0.0 for now. The project team does not have the capability to test both 8.0.0 and 1.7.8.8 so 1.7.8.8 is being delayed until the workload goes down. We hope to be able to build, test and deliver 1.7.8.8 in September but this will happen only if all goes right with 8.0.0 . Unexpected issues found while testing 8.0.0 could delay this further. The 6 weeks release cycle is consequently not applicable to PrestaShop 1.7.8.8 |
Just found this article I wrote 2 years ago If you read the section |
Thank you for the clarification. |
Status updatePrestaShop 8.0.0 delivering and testing is taking longer than expected so PrestaShop 1.7.8.8 can be expected to be delivered in October. |
It's been for 10 months now since I discovered a major core error which was reported 6 months ago (#28688), which seems to be fit now, but the release isn't available even now. Really a mess. My shop doesn't work and I have got a lot of worries with my customers since variation handling in combination with individualization produces lots of errors. |
Hello @molsondry PrestaShop is an open source, community project. If you find that any issue is critical for you, and it's important to have it fixed ASAP, then you can invest into having it done. You can hire a developer to fix it, or if you are a developer yourself, you can try doing it on your own. The most important thing is to share that fix with everyone by submitting a Pull Request -- that's what the open source spirit is all about. |
I'm a developer and you can pay me to solve problems in the future. |
2022-11-23 Status updateScope of 1.7.8.8 should not change anymore, we're going to build a 1.7.8.8 ZIP soon (this week or next week) and deliver it to QA team for testing |
When will the patch version 8.0 be released? |
2022-11-25 Status updateHi, the build has been delivered to QA team |
These fix for performance will hit in some way the addons functionalities? |
Probably the modules update tab stops to work. |
Hello everyone, Final report of QA Team of the 1.7.8.8 build1 :
Summary of the issues detected during the test: Minor : Feature : It's a GO for the release! |
Will we have to wait until 1.7.8.9 to fix bug #30478? |
🚀 ✅ STATUS UPDATE1.7.8.8 is released !
|
@Fera No 1.7.8.9 is planned. 1.7.8.8 will be the last regular 1.7.8.x patch version, as the branch now enters security-only maintenance phase. Next regular patches will now target 8.0.x branch. If you find that #30478 is critical for you, and it's important to have it fixed ASAP, then you can invest into having it done. Do not wait for someone else to fix it. You can hire a developer to fix it, or if you are a developer yourself, you can try doing it on your own. The most important thing is to share that fix with everyone by submitting a Pull Request -- that's what the open source spirit is all about. |
This issue tracks the status of the PrestaShop 1.7.8.8 release
Information
Current status
The text was updated successfully, but these errors were encountered: