Shopware Community Edition

v6.7.10.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2d API Development

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

api-first-cms apifirst digital-commerce ecommerce ecommerce-platform experience-commerce

+13 more

experience-manager headless-cms magento online-shop online-store php prestashop shop shopping-cart shopware storefront symfony vuejs

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 2d

This release updates Twig and Symfony libraries for security fixes and tests compatibility with newer PHP and database versions.

Why it matters: Security severity 80 triggers immediate patching of Twig and Symfony; compatibility testing supports upcoming migrations to PHP 8.2/8.4/8.5, MySQL 8, and MariaDB 11.

Summary

AI summary

Updates System requirements, fix, and chore across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Updates Twig and Symfony due to security releases. Updates Twig and Symfony due to security releases. Source: llm_adapter@2026-06-01 Confidence: high	—
Dependency	High	Tests compatibility with PHP 8.2, 8.4, and 8.5. Tests compatibility with PHP 8.2, 8.4, and 8.5. Source: llm_adapter@2026-06-01 Confidence: high	—
Dependency	High	Tests compatibility with MySQL 8 and MariaDB 11. Tests compatibility with MySQL 8 and MariaDB 11. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes missing filename in temporary URL file download. Fixes missing filename in temporary URL file download. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Fixes inheritance removal issue in disabled fields of meteor-component-library. Fixes inheritance removal issue in disabled fields of meteor-component-library. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Adds product_translation:read permission to sw-product ACL. Adds product_translation:read permission to sw-product ACL. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Adds sales channel tracking customer privilege. Adds sales channel tracking customer privilege. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Adjusts migrations and fixes MariaDB defaults issue. Adjusts migrations and fixes MariaDB defaults issue. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Reuses existing media when importing app payment method icons. Reuses existing media when importing app payment method icons. Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

What's Changed

fix: export temporary url file download missing filename (backport: 6.7.10.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/16664
fix: update meteor-component-library version and add test for inheritance removal in disabled fields (backport: 6.7.10.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/16682
fix: grant product_translation:read permission in sw-product ACL (backport: 6.7.10.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/16774
fix: add sales channel tracking customer privilege (backport: 6.7.10.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/16786
chore: Update Twig and Symfony due to security releases (backport: 6.7.10.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/16960
chore: adjust migrations and fix issue with MariaDB defaults (backport: 6.7.10.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/16955
fix: reuse existing media when importing app payment method icons (backport: 6.7.10.x) by @MartinKrzykawski in https://github.com/shopware/shopware/pull/17085

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.10.0...v6.7.10.2

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

Security Fixes

dep: Upgrade Twig and Symfony due to upstream security releases (backport: 6.7.10.x)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Shopware Community Edition

Get notified when new releases ship.

About Shopware Community Edition

PHP based open source e-commerce software made in Germany.

All releases →