Magento 發布重大安全更新 並強烈建議所有的商家盡快更新

27-01.png

Magento 今日以 「Important Magento Security Updates」 為標題,通知 Magento 用戶進行系統更新,而且是強烈建議所有的商家盡快更新。

希望透過我們的平台及觸角,傳送這個 Magento 重大的安全更新訊息,盡可能讓多幫一些商家,避免遭受這些安全漏洞的為害,如果你有朋友是使用 Magento,請也將訊息轉給他們。

Magento 的信件內容如下

New Magento Enhancements Available Today

Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security, performance and functionality:

  • Magento Commerce and Open Source 2.3.1
  • Magento Commerce and Open Source 2.2.8
  • Magento Commerce and Open Source 2.1.17
  • Magento Commerce 1.14.4.1
  • Magento Open Source 1.9.4.1
  • SUPEE-11086 to patch earlier Magento 1.x versions

These releases include security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we strongly recommend that all merchants upgrade as soon as possible.

Additionally, as a reminder we released the following patches recently that might be useful for you:

  • Patch to secure Payflow Pro payment method against fraudulent activity for Magento 2.1, 2.2, & 2.3.
  • Patch to continue support for payments via Authorize.net Direct Post.

The release of Magento 2.3.1 also includes powerful new merchant and developer experience enhancements and multiple performance improvements.

More information about the security changes is available on https://magento.com/security.

scroll to top