Support News Archive

29-Apr-2022
Important release information

General Information

Within the releases ICM 7.10.32.14 / ICM 7.10.32.15 as well as ICM 7.10.38.5 a serious replication issue occurred. This was discovered only after the release of these versions. We are forced to recall these releases. Please take a look at bugs 76131 / 76328 and check if your project is affected or not. Intershop is already working on a solution and will provide new hotfixes as soon as possible. We thank your for your understanding and apologize for any inconvenience this may cause.

Why was the version recalled? And why are the problems not simply solved with the next patch?

The version contains issues that can lead to data problems that are difficult to fix. We want to avoid that customers run into these problems.

We have already started an update project based on 7.10.38.5-LTS. Do we need to stop the update project immediately?

The code is still available in the artifact repository. A started project can be further developed on local development environments with this version. As soon as a subsequent release is available, an update to this current version must take place. Deployments of 7.10.38.5-LTS releases on PRD environments and live operations based on 7.10.38.5 LTS must not take place. Deployments to UAT environments or other test environments are also not recommended, as the data of these environments can be affected.

How long is it likely to be before a "fixed" version is available?

We would like to deliver a corresponding release in CW20.

05-Apr-2022
Important information about possible vulnerabilities (Spring4shell / ECDSA Signatures)

On April 1, 2022, Intershop security and engineering teams received the first alerts regarding the Spring4Shell vulnerability (CVE-2022-22963 and CVE-2022-22965). First investigations, show that it is not the Spring Java Framework is not used within our Core Software. Additional investigations are ongoing to determine whether third party software utilize or contain the Spring Java Framework.

April 4, 2002: The current investigation has not found the Spring Java Framework to be present within our Core Software, micro-services or third party software. We urge our clients to establish communications with their customization partners, to ensure that they are aware of this issue and follow the recommended guidelines if they introduced the Spring Java Framework.

5th April, 2022: The investigation into this vulnerability has concluded that Intershop’s software, systems and productions environment are not affected. We will continue monitoring for any potential issues or anomalous behavior, but we consider this issue closed.

On the 22nd of April, 2022, Intershop security and engineering teams became aware of a vulnerability within the Java implementation of ECDSA Signatures (multiplying by zero is as bad as dividing by zero). Elliptic Curve Digital Signature Algorithm (ECDSA) is commonly used as an data authentication mechanism, such as, as part of the security handshake. We are currently assessing the impact that this mechanism has on our software and our systems in production.

April 26, 2022: We are in the process of auditing all operational containers to determine, if any are currently using the affected versions of Java. We will continue updating this page as more information becomes available.

02-Mar-2022
Hotfix ICM 7.10.26.21-LTS has been released

Today, a Hotfix for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 19.2.1 ... Intershop Progressive Webapp 0.26

Please bear in mind it is required to perform a DBMIGRATE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.13-LTS | 7.10.26.21-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
24-Feb-2022
Hotfix ICM 7.10.32.13-LTS has been released

Today, a Patch for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 26.2.4 ... Intershop Progressive Webapp 1.4.0

Please bear in mind it is required to perform a DBMIGRATE/DBPREPARE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.13-LTS | 7.10.26.20-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
12-Jan-2022
Hotfix ICM 7.10.34.3 has been released

Today, a Hotfix for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 28.0.2 ... Intershop Progressive Webapp 1.4.0

Please bear in mind it is required to perform a DBMIGRATE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.11-LTS | 7.10.26.20-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
12-Jan-2022
Important information about CVE-2021-44228

On December 11, 2021, Intershop security and engineering teams became aware of the Log4j vulnerability (CVE-2021-44228) and initiated investigations. Intershop began patching or mitigating any vulnerable configurations that were identified.

At this point in time we have taken all the necessary precautionary steps and continue to monitor the situation to ensure the security and stability of our production environment.

December 13, 2021: Intershop has not discovered any indication of compromise of our internal systems nor that of any of our customers. Intershop is coordinating with our on-premise clients and partners, to ensure that the security of our products and those of our clients are maintained.

December 15, 2021: The Log4j vulnerability has been expanded within a new advisory (CVE-2021-45046). Intershop is currently investigating whether any of our customer environments may be impact. Preliminary results indicate that the previous safety measures that were undertaken should be sufficient. We are in the process of updating our internal documentation for on-premise clients and partners.

January 12, 2022: Intershop is tracking the new security advisories for log4j (CVE-2021-45105; CVE-2021-44832). The current investigation indicates that Intershop systems and software are not affected by these vulnerabilities.

Additional technical base information can be found in Intershop Knowledge Base: Log4j - Security Advisory

This advisory will continue to be updated as the situation evolves

12-Jan-2022
Hotfix ICM 7.10.35.2 has been released

Today, a Hotfix for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 29.0.2 ... Intershop Progressive Webapp 1.4.0

Please bear in mind it is required to perform a DBMIGRATE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.11-LTS | 7.10.26.20-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
12-Jan-2022
Hotfix ICM 7.10.36.1 has been released

Today, a Hotfix for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 30.0.1 ... Intershop Progressive Webapp 1.4.0

Please bear in mind it is required to perform a DBMIGRATE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.11-LTS | 7.10.26.20-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
12-Jan-2022
Patch ICM 7.10.37.1 has been released

Today, a Patch for the Intershop Commerce Management has been released.
The installation is recommended due to the fixation of some issues.

You will find all information on the referring Product Data Sheet:

The corresponding Intershop responsive Blueprint Store version is 31.1.0 ... Intershop Progressive Webapp 1.4.0

Please bear in mind it is required to perform a DBMIGRATE to gather all changes since the patch level has been changed.


Current patch level:

  • ICM 7.10 - 7.10.37.1 | 7.10.32.11-LTS | 7.10.26.20-LTS
  • ICM 7.9 - 7.9.6.6
  • ICM 7.8 - 7.8.4.8 (End of Support)
  • ICM 7.7 - 7.7.5.21 (End of Support)
  • IOM 3.2 – 3.2.0
  • IOM 2.9 – 2.9.0.1
  • IOM 2.1 – 2.1.12.0
  • PWA – 1.4.0
Customer Support
Knowledge Base
Product Resources
Tickets