Security Patch SUPEE 10266 and Magento 2 updates have arrived.
Last week, Magento released new Magento 2 updates as well as SUPEE 10266 to Magento Open Source and Magento Commerce. The updates include numerous security changes and enhancements that work to prevent your website from data leaks, cross-site request forgery, and authenticated Admin user remote code execution vulnerabilities.
These updates include:
- Magento Open Source and Magento Commerce 2.1.9
- Magento Open Source and Magento Commerce 2.0.16
- Magento Commerce 1.14.3.5
- Magento Open Source 1.9.3.6
- SUPEE-10266 (patch for earlier Magento 1.x versions)
What the security updates and patches address
“These releases contain almost 40 security changes and enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.”
These critical security issues are why Magento 2 updates or SUPEE 10266 need to be applied as soon as possible.
In addition to these vital patches to Magento security, the release also includes a couple general fixes to common problems related to image reloading, payments using one-step checkout, and updates to the USPS API.
- One fix involves an issue where uploaded images were twice their original size.
- The other adds an informative message to the payment information section of the one-page checkout that works to alert customers that no payment is due for orders that total 0.0.
- On September 1, USPS changed their “First-Class Mail Parcel Service” to “First-Class Package Service – Retail”. Because the First-Class Mail Parcel is no longer available after September 1, Magento 1.x and 2.x merchants offering this service must change this service name in the Usps.php as soon as possible. If merchants do not take action, stores will not support checkout using the new “First-Class Package Service – Retail” option.
What to update
Although Magento released multiple new security patches, all of them address problems with unauthorized access. Depending on what version of Magento you are using, there are different required solutions to updating your security.
Magento 1 merchants will need to either upgrade to Magento 2 or apply the SUPEE-10266 patch.
Magento 2 merchants will need to update both Magento Source (formerly known as Community Edition) and Magento Commerce (formerly known as Enterprise Edition).
Regardless of whether you are on Magento 1 or 2, keeping your security up to date is VERY important. By Ignoring Magento Security Patches and Upgrades, your website is exposed to vulnerabilities that exist throughout your Magento installation.
InteractOne can help migrate, update and patch all versions of Magento. Contact us to get your site updated or patched up. Or, call us to talk to a Magento expert at 513-469-3345.