Today, we are making new releases and patches available to improve the security and functionality of Magento sites. While there are no confirmed attacks related to the security issues, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. The security issues vary across products and all versions of Magento are affected. Full articles about the Magento 1.x and Magento 2.x issues are posted in the Magento Security Center. Additionally, all new releases and a separate USPS patch support recent USPS changes.
The Magento Community Edition 2.0.1 release also contains several important functional updates, including official support for PHP7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports brand-new PHP language features. These updates are detailed in the release notes.
DOWNLOADING THE UPDATES
Two patches (SUPEE-7405 and SUPEE-7616) are available to address security and USPS issues for Community Editions 188.8.131.52-184.108.40.206. Both sets of improvements are included in Community Edition 220.127.116.11 and Community Edition 2.0.1. Follow the paths below to access the code updates:
|Community Edition 18.104.22.168||Community Edition Download Page|
|SUPEE-7405 (Security Enhancements)||Community Edition Download Page|
|SUPEE-7616 (USPS Changes)||Community Edition Download Page|
|Community Edition 2.0.1 (New Installations)||Community Edition Download Page
|Community Edition 2.0.1 (Upgrade an Existing Installation)||http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html|
|Community Edition 2.0.1 (Developers Contributing Code to the CE Code Base)||http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/dev_options.html|
Be sure to install all previous patches, if you haven’t done so already, and use this occasion to do a security assessment of your systems in accordance with our Security Best Practices. Patches should be installed and tested in a development environment before being put into production. All previous USPS patches must be installed for the new patch (SUPEE-7616) to work. More information on installing patches for Magento 1.x and upgrading Magento 2.x is available online.
MAGENTO 2.0 RESOURCES
We’d also like to draw your attention to new Magento 2.0 resources that can help you when developing or migrating sites to the new platform.
- Magento Code Migration Toolkit provides scripts that ease the process of migrating custom Magento 1.x code, layouts and configurations to Magento 2.0 by automating some of the most time-consuming conversion tasks. The toolkit can be customized to fit the needs of a specific project and produces code that follows Magento 2.0 best practices. The Toolkit is available at github.com/magento/code-migration.
- Code samples demonstrate technologies introduced in Magento 2.0, like interception and service contracts, to help you quickly learn and implement new coding patterns. Code samples are available at https://github.com/magento/magento2-samples.
Thank you for your attention and continued support.
The Magento Team