Shopware Community Edition

v6.5.8.19 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1d API Development

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

api-first-cms apifirst digital-commerce ecommerce ecommerce-platform experience-commerce

+13 more

experience-manager headless-cms magento online-shop online-store php prestashop shop shopping-cart shopware storefront symfony vuejs

ReleasePort's take

Moderate signal

editorial:auto 1d

This release updates Twig to address a critical security vulnerability.

Why it matters: The fix mitigates a high‑severity (severity 90) security issue affecting the Twig template engine; operators should apply this update promptly.

Summary

AI summary

Updates System requirements, /UPGRADE-6.5.md, and https://github.com/shopware/shopware/issues/8333 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Updates Twig to fix a security vulnerability. Updates Twig to fix a security vulnerability. Source: llm_adapter@2026-06-02 Confidence: high	—
Dependency	Medium	Removes dependency on maltyxx/images-generator. Removes dependency on maltyxx/images-generator. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Adds caching to reduce calls when updating extensions. Adds caching to reduce calls when updating extensions. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Corrects shopware/conflicts version usage. Corrects shopware/conflicts version usage. Source: llm_adapter@2026-06-02 Confidence: high	—

Full changelog

This patch release contains a security fix in Twig. It is recommended to update your system as soon as possible!

IMPORTANT:
Please note that the security plugin can not save your installation as usual in this case. Instead, a Twig update is necessary which is rolled out with this patch release. This is why this patch release is an absolute exception.

Although version 6.5 is no longer supported, we've published this patch release as a courtesy. You can find more information here: https://developer.shopware.com/release-notes/

System requirements

tested on PHP 8.2 and 8.4
tested on MySQL 8, MariaDB 11

Fixed bugs

See the UPGRADE.md for all important technical changes.

Full Changelog: https://github.com/shopware/shopware/compare/v6.5.8.18...v6.5.8.19

Credits

Thanks to all diligent friends for helping us make Shopware better and better with each pull request!

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

Security Fixes

Update Twig to a patched version fixing a security vulnerability (CVE details not provided).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Shopware Community Edition

Get notified when new releases ship.

About Shopware Community Edition

PHP based open source e-commerce software made in Germany.

All releases →