Merge pull request #1845 from ppechlivanis-spryker/patch-1

Update security-release-notes-202304.0.md
spryker · May 15, 2023 · 363d745 · 363d745
2 parents d313db0 + 2cefd4e
commit 363d745
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/...eleases/release-notes/release-notes-202304.0/security-release-notes-202304.0.md b/...eleases/release-notes/release-notes-202304.0/security-release-notes-202304.0.md
@@ -20,12 +20,18 @@ An attacker can inject malicious code in functionalities of the Spryker applicat
 
 ### How to get the fix
 
-Update the affected module `spryker/propel` to version 3.38.0:
+If the version of `spryker/propel` module is 3.35.0 up to and including 3.37.0, update it to version 3.38.0:
 ```bash
 composer require spryker/propel:"~3.38.0"
 composer show spryker/propel # Verify the version
 ```
 
+If the version of `spryker/propel` module is earlier than 3.35.0, update it to version 3.34.3:
+```bash
+composer require spryker/propel:"~3.34.3"
+composer show spryker/propel # Verify the version
+```
+
 ## Stored Cross-Site Scripting (XSS) in Marketplace
 
 An attacker can inject malicious payloads into the merchant profile page in the Merchant portal that's executed in the Back Office. This vulnerability lets an attacker execute code in the context of the Back Office user.
@@ -472,4 +478,4 @@ image:
 // PHP 8.0
 image:
    tag: spryker/php:8.0 or spryker/php:8.0-alpine3.16
-```
+```