Magento has released a new security patch today to fix a few very important security issues. They have also released Community Edition 1.9.3 and Community Edition 2.0.10 and 2.1.2. The version upgrade delivers over 120 quality upgrades and critical security issues.
Community Edition 1.9.3, 2.0.10 & 2.1.2
The new release addresses several issues in the following areas of the Magento system:
- PHP 5.6 Support
- Password enhancements
- General security enhancements
- Tax calculation fixes
- Shopping cart and checkout fixes
- Catalog fixes
- Price rule fixes
Security Patch SUPEE-8788
For people who don’t want to upgrade to the newest Magento version, but do want the critical security issues solved which is highly recommended, Magento has released a new patch that fixes the following security issues:
- Remote code execution vulnerabilities with certain payment methods
- Possibility of SQL injections due to Zend Framework library vulnerabilities
- Improper session invalidation when an Admin user logs out
- The ability for unauthorized users to back up Magento files or databases
Unfortunately, the security patch fails on Magento versions 1.8 and earlier if the store has applied patches SUPEE-1533 and/or SUPEE-3941. Magento is currently working around the clock to fix this issue and they expect to release a new patch for those versions within 3 working days.
Need help installing the security patch? Check out our detailed security patch installation guide. You are advised to install this patch in your store immediately, due to the nature of the issues that will be fixed. You can download SUPEE-8788 from the Magento download page.