LoginSign Up
← Back to all sparks
PrestaShop logo

PrestaShop

E-COMM
Velocity5.0

Open source ecommerce platform

www.prestashop.com

PrestaShop juggles two maintenance branches, a critical XSS patch round, and an AI-readable repository push.

security patchesdual-branch maintenanceai-readable codebaseopen source governancecontributor tooling
Current state
Two active release lines are being maintained in parallel: 9.1.2 just landed as a maintenance release with bug fixes and Symfony bumps, while 8.2.6 and 9.1.1 shipped coordinated critical security patches for a stored XSS in the back-office Customer Service view. Outside the release stream, the team is building Repository Intelligence to make the codebase's conventions readable by every AI tool, and it ran an internal Claude Code hackathon to accelerate the Admin API.
Where it's heading
PrestaShop is in classic open-source maintenance posture — security-driven coordinated patches across versioned branches — while quietly investing in making the project itself more AI-tractable. The Repository Intelligence narrative and the Claude Code hackathon together suggest the maintainers see contributor AI tooling as the lever to keep pace despite a smaller core team than commercial competitors.
Prediction
Expect a 9.2 cycle to begin within a quarter as 9.1 stabilizes, and Repository Intelligence to evolve from concept into a shipped configuration (likely AGENTS.md-style files) that AI assistants can read directly.

Recent moves

  1. 2d ago

    PrestaShop 9.1.2 is available

    First maintenance release for the 9.1 branch — dozens of bug fixes across back and front office, plus Symfony component updates. Normal post-major-release cleanup.

    View source ↗
  2. 2d ago

    PrestaShop and OSPO Alliance - Turning Community Energy Into Impact

    Community/governance update on PrestaShop joining the OSPO Alliance. Project stewardship, not a product change.

    View source ↗
  3. 16d ago

    Teaching AI to speak PrestaShop

    Introduces Repository Intelligence — an effort to encode the project's conventions in a form any AI tool can read, not just one vendor's. Strategic groundwork for AI-assisted contribution at scale.

    View source ↗
  4. 17d ago

    PrestaShop Core Monthly - April 2026

    April Core Monthly digest highlights the security release, AI tooling work, and the upcoming PS Summit in Lyon. Useful summary; substantive updates are covered individually in their own entries.

    View source ↗
  5. 23d ago

    PrestaShop 8.2.6 — critical XSS patch (GHSA-w9f3-qc75-qgx9)

    8.2.6 patches GHSA-w9f3-qc75-qgx9, a critical stored XSS in the back-office Customer Service view. Backported in lockstep with 9.1.1 so both supported lines are covered the same day.

    View source ↗
  6. 23d ago

    PrestaShop 9.1.1 — critical XSS patch (GHSA-w9f3-qc75-qgx9)

    9.1.1 ships the same critical XSS fix into the 9.1 branch. Demonstrates active dual-version maintenance — both branches now safe in one disclosure window.

    View source ↗