New security updates for Magento 1.x and 2.x e-commerce sites

Magento has released new updates to increase product security and functionality on e-commerce sites.  The releases contain over 15 security enhancements and Magento 2.x updates that also address image resizing problems and MasterCard BIN number expansion.  We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible…

For Magento 2.x users who are proficient, download and install the Enterprise Edition updates by logging into My Account and navigating to the version you want to download.  Community Edition software will be available in the Release Archive of the Community Edition download page on Magento’s web site.

 

What do the releases include?
In a nutshell, multiple critical security enhancements.  These updates help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities.  See Magento 2.0.14 and 2.1.7 Security Patches and SUPEE-9767 Security Patches for more information.

Support for MasterCard BIN number expansion.  MasterCard recently added a new series of Bank Identification Numbers (BIN).  While certain Magento versions already support the new BINs, merchants using the following versions must upgrade or apply a patch by June 30, 2017 or face potential fines from MasterCard and lost sales.

  • Enterprise Edition 2.1.2 or earlier
  • All Enterprise Edition 2.0.x releases
  • All Enterprise Edition 1.14.2.x releases or earlier
  • All Community Edition 1.9.2.x releases or earlier

Also, reversion of the changes to image resizing that they introduced in Magento 2.1.6.  Certain image resizing changes introduced unanticipated problems and they so were so bad that they have reverted these changes in this release, and will provide improvements to image resizing in a future product update.  For more help, see the Magento 2.1.7 Enterprise Edition Release Notes for additional information you may need when upgrading from Magento 2.1.6 or 2.1.5 to this release.

 

I need more help, what can I do?
As always, if you need any further help or assistance please get in touch with us.  Customers who have their installations managed by SM&Co won’t need to worry as we will have already updated your installation before issuing this release.

Share
2 Comments
  • Ellen Blackwell
    Reply
    June 2, 2017

    THanks as always!

  • cynthia
    Reply
    November 9, 2017

    Thanks for sharing this post, it really helps me

Leave a comment