Security release notes 202511.0

Last updated: November 14, 2025

Edit on GitHub

This document describes the security-related issues that have been recently resolved.

For additional support with this content, contact our support. If you found a new security vulnerability, contact us at [email protected].

Password Brute-force Was Possible in Self-Service Portal (SSP)

A brute-force vulnerability was detected in the Self-Service Portal (SSP). The login endpoint lacked rate-limiting and other protective controls, which could have allowed an attacker to submit numerous password attempts to gain unauthorized access.

Affected modules

spryker-shop/security-blocker-page: 1.0.0 - 1.2.0

Fix the vulnerability

Update the spryker-shop/security-blocker-page package to version 1.3.0 or higher:

composer update spryker-shop/security-blocker-page:"^1.3.0"
composer show spryker-shop/security-blocker-page # Verify the version

Was this article helpful?

Tell us what could be better

Name (Optional)

Email (Optional) Invalid email format.

Type your thoughts here

We appreciate the time you took to share the feedback
and will consider it as soon as possible.

Security release notes 202511.0

Password Brute-force Was Possible in Self-Service Portal (SSP)

Affected modules

Fix the vulnerability

Thank you!