Important Magento 1.x and 2.x Security Updates
Magento has released new updates to increase product security and functionality. The releases contain over 15 security enhancements and Magento 2.x updates that also address image resizing and MasterCard BIN number expansion.
These releases include:
Multiple critical security enhancements
Magento Enterprise Edition and Community Edition 2.0.14 and 2.1.7 contain multiple security enhancements. Also Security patch SUPEE-9767 for Enterprise Edition 220.127.116.11 and Community Edition 18.104.22.168 address several security issues. These updates help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities.
Support for MasterCard BIN number expansion
In our last newsletter, we have updated you regarding Magento Patch SUPEE-8967 for MasterCard BIN expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN). If you are running Magento 2.1.3 or later, your Magento software already provides support for these new BINs. Merchants using the following versions must upgrade or apply a patch by June 30, 2017 or face potential fines from MasterCard and lost sales.
- Enterprise Edition 2.1.2 or earlier
- All Enterprise Edition 2.0.x releases
- All Enterprise Edition 1.14.2.x releases or earlier
- All Community Edition 1.9.2.x releases or earlier
Reversion of the changes to image resizing that was introduced in Magento 2.1.6.
Certain image resizing changes introduced unanticipated problems. Magento has reverted these changes in this release and will provide improvements to image resizing in a future product update.
It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. As a best practice, install and test these releases in a development environment before releasing into production to avoid any disruption to your store.