SUPEE-10570: Magento security enhancements available today

Today (28/02/18), Magento is releasing new versions of Magento Commerce and Open Source to increase product security and functionality…

The new patches and updates cover;

  • Magento Open Source and Commerce 2.2.3
  • Magento Open Source and Commerce 2.1.12
  • Magento Open Source and Commerce 2.0.18
  • Magento Open Source 1.9.3.8
  • Magento Commerce 1.14.3.8
  • SUPEE-10570 to patch earlier Magento 1.x versions

 

What’s in these updates?

These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorised data leak, and authenticated Admin user remote code execution vulnerabilities.

These releases also support API changes implemented recently by the United States Postal Service.  Additionally, Magento Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks.  This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.

We strongly recommend that all merchants upgrade as soon as is reasonably possible.

 

What do I need to do?

Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download. Magento Open Source software is available from the Open Source download page. (See How to get the Magento software for a discussion of Magento 2.x installation procedures.)

 

SUPEE-10570: Where can I find out more information?

More information about the security changes is available using the following articles on Magento’s own web site:

Magento 2.x Security Updates

Magento 1.x and SUPEE-10570 Security Updates

Full details are available in the Magento Open Source release notes, available on their web site for the following versions:

  • Magento Open Source 2.2.3
  • Magento Open Source 2.1.12
  • Magento Open Source 2.0.18
  • Magento Open Source 1.9.3.8

Full details are available in the Magento Commerce release notes, available on their web site for the following versions:

  • Magento Commerce 2.2.3
  • Magento Commerce 2.1.12
  • Magento Commerce 2.0.18
  • Magento Commerce 1.14.3.8

 

If you are not currently one of our customers, and would like to talk to us – then please get in touch. We offer a range of web hosting and design services for the smallest to the largest online retailers…

Share
Third-party advertising supports our technical articles and news feeds

Leave a comment