Magento 2.0.5 Security Update

Magento version 2.0.5 was released on April 28. It contains bug-fixes and security-enhancements. Some of the fixes improve multi-site support and backend configuration.

Fixed issues and improvements:

• Magento no longer assumes hard-coded root category IDs or default category IDs, before this issue could produce inconsistent data during store installation.
• Product import now works successfully in a multi-store environment. Previously, this returned an error.
• Export performance has been enhanced.
• Magento no longer duplicates queries to the database from the Catalog page, on CMS and Category pages.
• Selecting the Use Aggregated Data option now correctly displays Dashboard data.
• Magento now displays the expected color swatch when you select a color swatch for a configurable product.
• HTML template minification now properly handles commented code.
• Deleting one of several custom options no longer deletes all options. Previously, were all other custom options also deleted.
• When Full Page Cache (FPC) is enabled, the CAPTCHA image differs for every user. This is an important security-fix.
• Google no longer indexes the Admin URL.
• Magento no longer sends a subscription success email whenever a customer enters his email address to subscribe to a newsletter. Users receive a “thank you for your subscription” message and a subscription success email only when registering for the first time.
• Guests can now successfully click on the product page link for any item in an emailed shared wishlist.
• Custom customer attributes are now saved at checkout.

More information you can find here.

Depending on how you installed Magento 2, the upgrade process will vary. Obviously, the best approach to upgrade is in a test environment on the same server or on a local development environment. If you feel lucky and your store does not have lots of traffic, you might want to upgrade in production, but you still should do a full backup of all your files and your database.