Showing results for 
Search instead for 
Did you mean: 

Security patches for Hybris versions higher than 5.3?

Former Member
0 Kudos

All information that I have found regarding security patches leads me to this website:

In this website only appear patches until Hybris 5.3. Do not exists security patches for later versions?

I know that there are many patches for Hybris versions higher than 5.3 in their respective pages, but I'm looking specifically for security Patches. Are security issues now included in normal patches?

For example, looking at this website:

Since I can't find any specific security patch for Hybris 5.7. Should I be concern for Hybris security if I have Hybris version

Thanks, Rafael

Accepted Solutions (1)

Accepted Solutions (1)

Active Contributor
0 Kudos

Hi Rafael,

Any patch either it is security patch or product patch earlier hybris product support team used to give them explicitly. But from hybris 5.5 I believe they are giving the entire package for these patches. They are not providing the patches explicitly.

Product support team always suggest us to take the latest .dot version for the specific hybris version.

Hope this helps.

Thank you.

Answers (2)

Answers (2)

Former Member
0 Kudos

When using 5.7 we found an issue on the XSS security filter which, in its ootb form, would remove # from any password set using that special character, so a customer may think the password set was Some#Password, but in fact, what was being persisted was SomePassword, making the password weaker

0 Kudos


hybrid does not distinguish between security patches and "normal" patches for features.

You can find the latest available 5.3.0 patch here (currently

The latest 5.7.0 patch (currently

The latest patch release does always include all previous patches!

You can find links to JIRA. The patches are documented there. For example:

And yes, you should be concerned about security if you are still running As mentioned before, hybrid does not distinguish between security patches and "normal" patches. You should also consider to update the embedded Tomcat with the latest patch.