Magento Update

Magento was released on May 31 and is a security update for multiple critical security issues. The issues are also fixed in Magento 2.0 and 2.1, although upgrading from 1.9 to 2.1 is not directly possible.

The patch SUPEE-9767 addresses several security issues, like:

  • APPSEC-1777: Remote Code Execution in DataFlow
  • APPSEC-1686: Remote Code Execution in the Admin panel
  • APPSEC-1634: XSS in data fields

These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. More details can be found in the Magento Security Center.

Magento contains also an update for PayPal’s Instant Payment Notifications, which is necessary for retaining uninterrupted service after June 30.

It was reported that the update caused jQuery compatibility issues, that’s why it is very important to backup before upgrading or even better to first upgrade in a local test environment.


Flattr this!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Social media & sharing icons powered by UltimatelySocial