Magento has this week released security updates for both the Magento 2 and Magento 1 platforms. Though perhaps causing Magento site owners an operational inconvenience, Magento’s proactive approach to security is reassuring and underlines its credentials as the world’s leading e-commerce platform.
Those yet to upgrade to the latest version of Magento should apply the security patches as a matter of priority. If you’re running a version of Magento Commerce between 220.127.116.11 and 18.104.22.168, you should either apply the security patch SUPEE-10888 or alternatively upgrade to Magento Commerce version 22.214.171.124, which includes the latest security updates.
If you are running Magento Open Source (until recently, known as Magento Community) versions 126.96.36.199 - 188.8.131.52, you should apply the same security patch SUPEE-10888 or upgrade to the latest version, Magento Open Source 184.108.40.206.
The name of version you are running is shown at the bottom of your admin panel.
For more information about the Magento 1 updates, see the release notes from Magento.
If you are running Magento 2 (either Commerce or Open-Source), there’s even better news. Aside from the 25 critical security fixes, the latest release boasts a number of performance enhancements for your site. Chief among them are the improvements to the checkout process making conversion easier. There are also refinements to the way Amazon Pay, now standard in Magento, is configured as well as improvements to the way Magento 2 integrates with Dotmailer and Klarna.
We recommend that our clients find time to get in touch so we can help ensure your Magento site security is up to date and your users’ experience is optimised. You can also run the Magento Security Scanning Tool to check your site's security status. At magic42, we take security seriously. Speak to one of our Magento Solution Specialists if you have any concerns about your website's security.