New Magento 1.x and 2.x Releases Include Critical Magento Security Patch & Updates, Released Oct 11 2016
Magento 1.x Enterprise and Community Releases
Magento has recently released Magento Enterprise 1.14.3 and Magento Community Edition 1.9.3. These releases include a over 120 quality improvements as well as a critical security patch, SUPEE-8788 which addresses and resolves many critical security issues. Magento has outlined some of the security issues resolved to include:
Remote code execution vulnerabilities with certain payment methods
Possibility of SQL injections due to Zend Framework library vulnerabilities
Cross site scripting (XSS) risks with the Enterprise Edition private sale invitation feature
Improper session invalidation when an Admin user logs out
The ability for unauthorized users to back up Magento files or databases
Update details and installation instructions can be found in the Magento Security Center.
Magento 2.x Enterprise and Community Releases
There have also been Magento 2 software releases for Editions 2.0.10 and 2.1.2 which address the same critical security issues as the Magento 1.x releases. Some additional functional improvements and API enhancements were also introduced, including:
New API methods allowing 3rd party solutions like shipping and ERO applications
Using API’s to transition an order state when they create an invoice or shipment
Unlike previous versions, Magento 2.1.2 now includes PHP 7.0.4 support. Magento 2.0.10 and 2.1.2 are also now compatible with MySQL 5.7. See Magento’s summary of release notes for this release. For the detailed list of all security updates in the Magento 2.0.10 and 2.1.2 release, see Magento’s Security Center. As a web development agency, we have seen the high risk of hacker attacks to vulnerable merchants who are slow to implement security patches after they are released. We urge you to work with your development team to install the updates immediately. Be aware, there may be backwards compatibility issues so apply very carefully to avoid causing damage to your Magento installment. If you need any assistance, you can reach us either by filling out our contact us form, emailing us at info@121ecommerce, or calling us directly at 216-586-6656.