In this Shopware security release, the team has blocked off the “medium” threat level.
This security update has impacted various Shopware versions, including 6.4.15.1.
Shopware security updates have fixed the below vulnerabilities:
NEXT-23464: Bump twig dependency to 3.4.3
Recommendation
The Shopware team advises updating to the latest version, 6.4.15.2.
For Regular Updates
You can get updates to 6.4.15.2 directly through the Downloads overview or the Auto-Updater.
Security Measures (for older versions)
You can get corresponding security measures for your past versions via a plugin.
Upgrade Infos
In the twig file `Storefront/Resources/views/storefront/utilities/icon.html.twig`, Extensions that have modified the block `utilities_icon`, should conduct modifications from the Upgrade.md.