Magento 1.9.4.1 Security Update

Developer Blog / Von /

Magento 1.9.4.1 was released on March 26 and contains security and bug fixes. Previous Magento versions had multiple security vulnerabilities which allowed hackers to gain access to customer data and take over administrator sessions. To close the known vulnerabilities you should update your Magento store as soon as possible.

Security fixes (SUPEE-11086)

  • SQL Injection through an unauthenticated user (PRODSECBUG-2198)
  • Remote code execution via server side request forgery (PRODSECBUG-2285)
  • Arbitrary code execution (PRODSECBUG-2232, 2252, 2253, 2261, 2273)
  • Remote code execution through PHP code (PRODSECBUG-2203)
  • Remote code execution through arbitrary XML data (PRODSECBUG-2210)
  • Stored cross-site scriptingin the escaper framework (PRODSECBUG-2245)
  • Reflected cross-site scripting (PRODSECBUG-2182)

The complete List of security fixes is available on magento.com.

The fixed issues and enhancements

  • Google Image Charts has been deprecated and replaced by Image-Charts for dashboard charts.
  • Layered navigation now works as expected when full page cache and block caching are enabled.
  • Errors caused by problematic PHP error logging have been resolved. Previously, Magento displayed excessive and unnecessary 404 errors.
  • Magento now displays the following message when an invalid character is used, Attribute code is invalid. Please use only letters (a-z), numbers (0-9) or underscore(_) in this field, first character should be a letter. Do not use "event" for an attribute code.
  • You can now add to the cart products with custom options for which the custom option checkbox has not been checked.
  • URL redirects for products now work as expected.
  • Magento now displays payment information during the confirmation step of check out and successfully processes an order when inline translation is enabled.
  • You can now create a staging website when development mode is enabled.
  • You can now successfully delete a website by clicking Delete Website as expected.
  • You can now add a banner by clicking Add Banner from the Admin.
  • Magento no longer throws an Undefined index: is_recurring error when when you try to save a product when deploying Magento with development mode enabled.

The official update reviews can be found on devdocs.magento.com.

Remember to create a backup before updating your site.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Nutze die Suche, den digitalen Assistenten oder das Menü.

Text und «Enter» eingeben, um eine Suche zu starten.