Today, Magento Community has grown immensely with the release of two versions of Magento and the platform has become a base of an extensive list of business websites. With its precisely functional characteristics and optimum website development support, Magento Web Development has also been added with many updates over the years so as to make further improvements in the performance and the flexibility of the platform. Owing to these regular updates in the Magento platform many security issues have also been tracked, but still, there are some crucial security issues addressed in the previous version of Magneto.
As the news comes this Tuesday on the 11th of October, 2016 – with the release of new Magento Community Edition 1.x and 2.x there has been some critical Security and Functional Updates so as to make Magento more ideal a platform for web development and its eCommerce support.
Let us guide you through the various updates:
Enterprise Edition 1.14.3, Community Edition 1.9.3, and SUPEE-8788
As going through a critical assessment of performance and security issues in the Enterprise Edition 1.14.3 and the Community Edition 1.9.3, there were over 120 performance and quality improvements made along with improving the support for PHP 5.6.
The SUPEE-8788 Patch, Enterprise Edition 1.14.3 and Community Edition 1.9.3 also addressed some Zend framework and payment frangibility thus it was made sure that the payment sessions were invalidated as soon as the user log outs. With this, the other security issues that were addressed include-
• Remote code execution vulnerabilities with certain payment methods
• Possibility of SQL injections due to Zend Framework library vulnerabilities
• Cross-site scripting (XSS) risks with the Enterprise Edition private sale invitation feature
• Improper session invalidation when an Admin user logs out
• The ability for unauthorized users to back up Magento files or databases
In order to find the details of the functional updates and the instruction on the installation process you can go through the Enterprise Edition (http://devdocs.magento.com/guides/m1x/ce19-ee114/ee1.14_release-notes.html#ee114-11430) and Community Edition (http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html#ce19-1930) release notes. With this to get a complete information about the security updates, they are published at Magento Security Center. (https://magento.com/security/patches/supee-8788).
Enterprise Edition 2.0.10 and Community Edition 2.1.2
Addressing the same list of security vulnerabilities as above, Magento 2 software also faced some updates. With this, there were some improvements made in the functionality and the API performance of the Magento 2 Software. The newly added API methods will now allow the 3rd party solutions including ERP applications and shipping to employ APIs in the transition process to an order state while the creation of an invoice or the shipment process. Further, Magento 2.1.2 is completely compatible with PHP 7.0.4 support and with My SQL 5.7. With this to get a complete access to the improvements made, you may read the release notes (http://devdocs.magento.com/guides/v2.1/release-notes/bk-release-notes.html). For the information regarding security updates, visit the Magento Security Center. (https://magento.com/security/patches/magento-2010-and-212-security-update).
These security issues have high vulnerability aspects and need to be tracked as soon as possible so you need to deploy the new standards or upgrade your Magento Editions promptly. With this, you can take help from you Magento web development partners or Magento consultants so as to install the updates and test their compatibility with your present system. These updates also need to be assessed for performance after their employment. With major updates in the security provisions, you can ask your technical support partner to do an extensive security assessment for you. Further, to get help with the installation of updates or to get optimized Magento development services you can contact us at – [email protected]