Magento released new Community and Enterprise versions with improved security

Yesterday Magento announced release of Magento Community Edition and Magento Enterprise Edition

There are no new features added this time; the  theme of this release is Security.

The list of improvements that makes it harder for criminals to hack Magento based online stores includes such areas as:

  • Cross-site Scripting through Unvalidated Headers
  • Magento Configuration Exposure in Error Messages
  • Access to Protected Data via Email templates
  • XXE/XEE Attack on via API calls
  • Potential SQL Injection in Magento Core Model Base Classes
  • Potential Remote Code Execution via Cron (Shellshock)
  • Remote Code Execution through File Custom Option
  • Cross-site Scripting with Error Messages
  • Potential Remote Code Execution Using Error Reports and Downloadable Products
  • Admin Path Disclosure
  • Better Protection of Password Reset Process
  • Hardening Dev Folder access

Full information is available at in the official release notes for Magento Community

If you are prefer to stay on your current version of Magento, there is a patch available that solves the issues listed above. It is called SUPEE-6788 and available for download from Magento website.

Important note, that part of the security improvements (namely Admin Path Disclosure) doesn’t have back compatibility, hence it may break some (actually quite many) of your extensions. There is a community support list of the extension that need to be modified before applying part of SUPEE-6788 patch that changes admin path, you can have a look and very likely see there some of the extension used on your website.

So upgrade to new versions of Magento or patch with SUPEE-6788 with care or ask for professional help.

Get fresh eCommerce insights weekly

Subscribe to our mailing list

* indicates required

No, I don't need insights. Just close this pop-up

Consider changing your eCommerce platform?

Learn how to avoid nine deadly mistakes that can ruin your business.

Get free whitepaper from Magenable

Get whitepaper

Get free whitepaper!