magento patch supee

Magento has released a critical patch today.

This will help close 3 major vulnerabilities listed below and more.

RCE stands for ‘Remote Code Execution’ that allows an attacker to access your Magento store, make changes regardless of where you are located.

XSS which stands for ‘Cross-site scripting’ where attackers can place malicious scripts onto secure and trusted websites to visitors of your website.

Lastly, the patch will help close CSRF attacks which stands for ‘Cross-site request forgery’. These attacks trick the user’s browser into performing actions that are set up by the attacker. These actions can include transferring funds or changing of an email address.

These are very serious vulnerabilities and should be patched immediately. 

Please contact us for additional questions and review the Magento notes and download details that are listed below.

If you are on Magento 2. Please review the notes here and contact us with additional questions:

Contact Us

  • This field is for validation purposes and should be left unchanged.

SUPEE-11086, Magento Commerce 1.14.4.1 and Open Source 1.9.4.1 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

Information on all the changes in 1.14.4.1 and 1.9.4.1 releases is available in the Magento Commerce and Magento Open Source release notes.

Patches and upgrades are available for the following Magento versions:

  • Magento Commerce 1.9.0.0-1.14.4.0: SUPEE-11086 or upgrade to Magento Commerce 1.14.4.1.
  • Magento Open Source 1.5.0.0-1.9.4.0: SUPEE-11086 or upgrade to Magento Open Source 1.9.4.1.