Magentoforyou

写真付きで日記や趣味を書くならgooブログ

Magento Commerce and Open Source Updates released

2020-10-01 16:04:04 | Technology

Last Tuesday, Magento released new versions of Magento Commerce and Open Source to increase security, performance, and functionality. The updates should, no need to, be installed as quickly as possible.

New Magento versions

The following are:

  • Magento Commerce and Open Source 2.3.1
  • Magento Commerce and Open Source 2.2.8
  • Magento Commerce and Open Source 2.1.17 -
  • Magento Commerce 1.14.4.1.1
  • Magento Open Source 1.9.4.4.1
  • SUPEE-11086 for patching earlier Magento 1.x versions

These versions contain security enhancements to make Magento secure against cross-site scripting, the execution of arbitrary code, vulnerabilities in the disclosure of sensitive data, and other security problems.

There are already first reports on the net that the first attacks are underway:

Magento devs, if you haven't patched already, do it ASAP. We've already seen attempts at two of our shops using the published POC. We're safe because we already patched every shop on Wednesday.

The vulnerabilities can be exploited to access customer information or to take over administrator sessions, which is why all dealers are strongly recommended to upgrade as soon as possible.

Additional patches

In addition, there are the following patches that could be useful:

  • Patch to secure the Payflow Pro payment method against fraudulent activities for Magento 2.1, 2.2, & 2.3.
  • Patch to continue support for payments through Authorize.net Direct Post.

The release of Magento 2.3.1 also includes powerful new merchant and developer experience improvements and several performance enhancements.