Magento is releasing new versions of their Open Source (formerly Community Edition) and Commerce (formerly Enterprise Edition) products to improve product security – including the new SUPEE-10266 patch.
This update affects the following versions:
- Open Source and Commerce 2.1.9
- Open Source and Commerce 2.0.16
- Commerce 188.8.131.52
- Open Source 184.108.40.206
- SUPEE-10266 (patch for earlier 1.x versions)
These releases contain almost 40 security changes and enhancements that help close cross-site request forgery (CSRF), unauthorised data leaks, and authenticated Admin user remote code execution vulnerabilities.
We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
Magento updates to USPS products
For our American customers, they have also updated the USPS API in version 2.x to support service changes that USPS enacted on September 1, 2017. After installing or upgrading to this release, the discontinued “First-Class Mail Parcel” service will change to “First-Class Package Service – Retail.”
Patches are also available for 1.x versions. More information about this change is available in the original Technical Bulletin.
How do I update my install?
You can download and install updates by logging into My Account and navigating to the version you want to download. Magento Open Source software is available from the Open Source download page. (See How to get the Magento software for a discussion of Magento 2.x installation procedures, and How to Apply and Revert Magento Patches for Magento 1.x instructions.)
Where can I find more information?
Read the full release notes for the SUPEE-10266 security patch on their web site, by clicking here.
As always, if you need any help or support with your installation please contact us online or message us via our Twitter or Facebook pages. You can also find other articles that we’ve written or published about this by clicking here.
Please note we are not responsible for the content of third-party web sites.