Periodically the Magento is regaling us with new releases and patches. Today we’d like to make sure you didn't miss the latest Magento news and updates.
Our post will go through the recent improvements throughout the Magento Open Source and Magento Commerce packages both for Magento & Magento 2 versions. We are going to show the details for the following releases:
- Magento Open Source and Magento Commerce 2.1.9
- Magento Open Source and Magento Commerce 2.0.16
- Magento Commerce 1.14.3.5
- Magento Open Source 1.9.3.6
- SUPEE-10266 (patch for earlier Magento 1.x versions)
So, what we expect from the latest upgrade?
In order to improve the product security, Magento 2.1.9 and 2.0.16 releases bring about 40 security fixes and enhancements related to:
- changes that help to close a cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. See more about these issues.
- support for changes to the USPS API that were implemented by USPS on September 1, 2017. As soon as a release is installed, you’ll get a shown Domestic rate for USPS. The discontinued “First-Class Mail Parcel” service will change to “First-Class Package Service – Retail.” The patches are also available for Magento 1.x versions.
- fixed issue with a logging information about exceptions caused by the payment failures. Now Magento logs all expected exception information in the exception.log file when a payment transaction fails. Previously, it was a lack of full exception information, undermined debugging attempts GitHub-6246.
- change to how Magento displays the status updates during the product upgrade. Previously, the potentially vulnerable information such as full paths and module names, was shown in the product GUI, potentially exposing this information to a malicious user. Now Magento controls this potentially vulnerable information to logs that are available to the administrators only.
If you haven’t heard about Magento Open Source 1.9.3.6 release, here it is.
The release provides you with SUPEE-10266 patch that addresses multiple critical security issues and a few functional fixes. Among critical security issues you can see a remote code execution, cross-site scripting, and cross-site request forgery issues.
There also was a problem when the uploaded images were twice their original size after you applied SUPEE-9767 v2. This issue was fixed.
Magento has released the latest security patch also for Magento Commerce 1.14.3.6.
SUPEE-10226 comes with a fix for MPERF-9685. This fix is not included in release 1.14.3.6. However, SUPEE-10266 can still cause the issues in the checkout process. In most cases, the issue is related to a situation when a customer enables the Add gift options checkbox during checkout. Then the checkout process will not progress beyond the payments step. Magento team keeps working on fixing this issue. New SUPEE-10266v2 patch is expected to be released to to address this issue.
New secure enhancements from recent Magento upgrades will not be implemented in case of using old releases. We wish to stress that it’s very important to install updates for your website. We strongly recommend you to keep the modules, used in your store, up-to-date.
For our part, we are striving to update all our modules frequently in order to deploy Magento updates.
The main task is to secure your website. In order to make sure that your Magento store uses the latest version with all security improvements, we installed and updated the Magento patches.
Our team can safely state that all recent releases for Magento modules/templates developed by SwissUpLabs company, are compatible with the recent Magento updates.
We hope you’ve given yourself a powerful advantage in your understanding of the upgrade importance. Stay in touch.