Skip to content

Commit 84ceab4

Browse files
author
Dominik Rathmer
committed
Merge branch 'sw-26367/dev' into '5.7.6'
SW-26367 - Prevent XSS via SVG See merge request shopware/5/product/shopware!664
2 parents f6ffb74 + 37213e9 commit 84ceab4

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

.htaccess

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,12 @@ DirectoryIndex shopware.php
9696
</IfModule>
9797
</FilesMatch>
9898

99+
<IfModule mod_headers.c>
100+
<FilesMatch "\.(?i:svg)$">
101+
Header set Content-Security-Policy "script-src 'none'"
102+
</FilesMatch>
103+
</IfModule>
104+
99105
# Disables auto directory index
100106
<IfModule mod_autoindex.c>
101107
Options -Indexes

UPGRADE-5.7.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,14 @@
22

33
This changelog references changes done in Shopware 5.7 patch versions.
44

5+
## 5.7.6
6+
7+
[View all changes from v5.7.5...v5.7.6](https://github.com/shopware/shopware/compare/v5.7.5...v5.7.6)
8+
9+
### Additions
10+
11+
* Added a new CSP directive to the default `.htaccess`
12+
513
## 5.7.4
614

715
[View all changes from v5.7.3...v5.7.4](https://github.com/shopware/shopware/compare/v5.7.3...v5.7.4)

0 commit comments

Comments
 (0)