Important Magento Security Updates On 31 May 2017

Posted by Joe / June 16th, 2017 / No responses

Magento released some very important security updates on May 31St. The release aims at increasing the product security and improving some the functionalities.

For those who are not aware of the updates yet, the release has total 15 security enhancements and a new version of Magento 2.x. The new Magento 2.x version addresses the image re-sizing issues and now it supports the MasterCard BIN number.

“We recommend all Magento site owners to upgrade to the latest releases”

Download Security Updates- Magento Enterprise Edition

You can download and install the updates released for Enterprise Edition by logging into My Account. Here you will find the list of all the versions, choose your version and download the updates.

Download Security Updates- Magento Enterprise Edition

You can download the updates for Community Edition from the Release Archives on the Community Edition download page. Just select your format and download the update according to your version.

Highlights of the Magento Security Update  

1.  Security Enhancements

The updates include enhancements for:

• Closing Access control bypass
• CSRF protection enhancements
• Authenticated admin users remote code execution vulnerabilities

Please note:

Version 2.0.1.4 and 2.1.7 contain the security enhancements for both the editions respectively. Version 2.0.1.4 and 2.1.7 are for Magento 2, while Patch 9767 will be inserted into new versions of Magento 1 Enterprise Edition 1.14..33 and Community Edition 1.9.3.3.

Merchants who have not downloaded the Magento 2.0 should directly download the 2.1.7 version of Enterprise or Community Edition.

Refer to Magento 2.0.14 and 2.1.7 Security Patches and SUPEE-9767 Security Patches.

2.   MasterCard BIN Support

Some of the Magento versions already support the new Bank Identification Numbers (BIN) added by the MasterCard. However, there are some other versions which were not supporting it.

The updates on 31st May also included a patch to add the support in the non-supported versions. We strongly recommend the merchants who are using the following versions should immediately upgrade or apply the patch, or MasterCard is just about to impose fines on such stores.

• Enterprise Edition 2.1.2 or earlier
• All Enterprise Edition 2.0.x releases
• All Enterprise Edition 1.14.2.x releases or earlier
• All Community Edition 1.9.2.x releases or earlier

You can refer to the MasterCard BIN update release note for further information.

3.  Image Re-sizing changes in Magento 2.1.6 reverted

There are certain changes regarding image re-sizing in the previous version (Magento 2.1.6). However, several problems were reported after these changes which forced Magento to revoke the particular image re-sizing update.
So, in Magento 2.17, you will not find those new image re-sizing features. Hopefully, it will be again restored in the future versions with all the bugs fixed.

Conclusion

Please ensure that you have tested the new updates thoroughly on your development environment before deploying it to your production site.

If you need any assistance in the updates and patch application, Velsof can help you with its Magento development services which in-houses professional and certified Magento and Magento 2 developers. Feel free to contact us anytime.