New Magento Security Patches & Releases Announced

  • Posted by Envision Ecommerce
  • /
  • January 21, 2016

A collection of new security releases & patches has been announced today, affecting all versions of Magento & addressing certain vulnerabilities that may access customer information or take a control over admin session, and also not confirming any attack related to the security issues. All new releases are mainly for Magento 1.x & Magento 2.x versions, and there is also a separate USPS patch update supporting recent USPS changes.

We strongly encourage all our customers and users of Magento to update their Magento versions for new releases & patches in order to improve the security & functionality of Magento sites.

Magento 2.x based Magento sites should implement the following patches or upgrades:

  • Magento Enterprise Edition 2.0.0: Upgrade to Enterprise Edition 2.0.1
  • Magento Community Edition 2.0.0: Upgrade to Community Edition 2.0.1

 

However, Magento 1.x based Magento sites should go with:

  • Magento Enterprise Editions 1.9.0.0-1.14.2.2: SUPEE-7405 and SUPEE-7616 or upgrade to Enterprise Edition 1.14.2.3
  • Magento Community Editions 1.5.0.0-1.9.2.2: SUPEE-7405 and SUPEE-7616 or upgrade to Community Edition 1.9.2.3

 

How to Download Such Recent Updates?

 

Enterprise Edition Merchants can download a patch or release by following steps:

Enterprise Edition 1.14.2.3: 

Go to My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Version 1.14.2.3

SUPEE-7405 (Security Enhancements)

Go to My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support Patches / Security Patches > Security Patches – January 2016

SUPEE-7616 (USPS Changes)

Go to My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support Patches / Security Patches > USPS API – January 2016

Enterprise Edition 2.0.1 (New Installations)

Go to My Account > Downloads Tab > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.1

Enterprise Edition 2.0.1 (Upgrade an Existing Installation)

This upgrade can be done from here: http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html


On the other hand, Community Edition Merchants can download a patch or release by following steps:

Community Edition 1.9.2.3

Community Edition Download Page > Release Archive Tab

SUPEE-7405 (Security Enhancements)

Community Edition Download Page > Release Archive Tab > Magento Community Edition Patches - 1.x Section

SUPEE-7616 (USPS Changes)

Community Edition Download Page > Release Archive Tab > Magento Community Edition Patches - 1.x Section

Community Edition 2.0.1 (New Installations)

Community Edition Download Page > Download Tab

Community Edition 2.0.1 (Upgrade an Existing Installation)

This upgrade can be done from below mentioned link: http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

Community Edition 2.0.1 (Developers Contributing Code to the CE Code Base)

This upgrade can be done from here: http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/dev_options.html

As an eCommerce consultant company, we recommend you to be particularly careful while deploying a new version (implemented & tested in a development environment) to your production site so that it can actually perform as expected.

In a case, where you are not sure about the new releases & updates, and also don’t know how it is done, we can help you with our patch installation & security update services. We have already installed the patches (like SUPEE-6285, SUPEE-5994 –our recently installed patches) for over 80+ stores, and successfully done such security updates for many sites earlier. So, we are well aware to ensure your store security, and you can connect with our Magento services to do it fast & safe for you.