×
Melbourne Magento and BigCommerce experts
Melbourne Magento and BigCommerce experts
  • Home
  • About
  • Services
  • B2B Packages
  • Case Studies
  • Blog
Contact
Melbourne Magento and BigCommerce experts
×
  • Home
  • About
  • Services
  • B2B Packages
  • Case Studies
  • Blog
  • Contact
Magento
 / 
Magento released new Community and Enterprise versions with improved security
Magento released new Community and Enterprise versions with improved security
Alexander L.
  |  
October 28,2015
  |  
MagentoNews
  |  
Comments

Magento CE 1.9.2.2 and Magento EE 1.14.2.2 security releases, SUPEE-6788

Yesterday Magento announced release of Magento Community Edition 1.9.2.2 and Magento Enterprise Edition 1.14.2.2

There are no new features added this time; the  theme of this release is Security.

The list of improvements that makes it harder for criminals to hack Magento based online stores includes such areas as:

  • Cross-site Scripting through Unvalidated Headers
  • Magento Configuration Exposure in Error Messages
  • Access to Protected Data via Email templates
  • XXE/XEE Attack on via API calls
  • Potential SQL Injection in Magento Core Model Base Classes
  • Potential Remote Code Execution via Cron (Shellshock)
  • Remote Code Execution through File Custom Option
  • Cross-site Scripting with Error Messages
  • Potential Remote Code Execution Using Error Reports and Downloadable Products
  • Admin Path Disclosure
  • Better Protection of Password Reset Process
  • Hardening Dev Folder access

Full information is available at in the official release notes for Magento Community

If you are prefer to stay on your current version of Magento, there is a patch available that solves the issues listed above. It is called SUPEE-6788 and available for download from Magento website.

Important note, that part of the security improvements (namely Admin Path Disclosure) doesn’t have back compatibility, hence it may break some (actually quite many) of your extensions. There is a community support list of the extension that need to be modified before applying part of SUPEE-6788 patch that changes admin path, you can have a look and very likely see there some of the extension used on your website.

So upgrade to new versions of Magento or patch with SUPEE-6788 with care or ask for professional help.

Categories
AllAIBigCommerceData scienceMagentoMarketingNewsResearchesTutorialUser Experience
Related Posts
Melbourne Magento and BigCommerce experts
Five quick wins for your online store using AI
January 29, 2025 3:38 PM
Melbourne Magento and BigCommerce experts
Enhancing Magento PageBuilder with a Responsive Slider Extension
January 16, 2025 11:54 AM
Melbourne Magento and BigCommerce experts
Introducing Our Latest Magento Extension: AI powered chatbot
January 15, 2025 7:35 PM
Tags
advertisingAustraliaAverage Order VolumeB2BB2B ecommerceBigCommerceConversionDemandwareecommerceHybrisIBM Websphere Commercelanding pagesMagentomagento 1.X EOLMagento 2Magento CommunityMagento EnterpriseMagento MarketplaceMelbournemigrationmobileonline marketingopen-sourceOracleperformance optimisationresearchessearchshippingShopifysite searchSocialsocial mediaUXzoey

Ready to discuss your project?

We look forward to hearing from you.

Get in touch
Melbourne Magento and BigCommerce experts

Magento & Bigcommerce Experts.

Level 1, 10 Dorcas St, South Melbourne
VIC 3205, Australia
Telephone: +61 401 744 597
Email: [email protected]
Subscribe to get the latest ecommerce News and updates.Subscribe on Substack
  • Home
  • About
  • Services
  • B2B Packages
  • Case Studies
  • Blog
TwitterLinkedInGithub

Copyright © 2025  Magenable  Privacy Policy  |  Disclamer