If you have any questions, please contact us or give us a call at 626.400.4511.
Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security and functionality:
- Magento Open Source and Commerce 2.2.3
- Magento Open Source and Commerce 2.1.12
- Magento Open Source and Commerce 2.0.18
- Magento Open Source 126.96.36.199
- Magento Commerce 188.8.131.52
- SUPEE-10570 to patch earlier Magento 1.x versions
These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also support API changes implemented recently by USPS. Additionally, Magento Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks. This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.
We strongly recommend that all merchants upgrade as soon as is reasonably possible.
Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download. Magento Open Source software is available from the Open Source download page. (See How to get the Magento software for a discussion of Magento 2.x installation procedures.)
More information about the security changes is available on:
Full details are available in the Magento Open Source release notes:
Full details are available in the Magento Commerce release notes:
The Magento Team