WebCitz Blog

Magento Security Updates

Magento is releasing new updates to increase product security and functionality. The releases contain over 15 security enhancements and Magento 2.x updates that also address image resizing and MasterCard BIN number expansion. We strongly recommend that merchants upgrade to these versions as soon as possible.

Multiple Critical Security Enhancements
These releases include multiple critical security enhancements. The updates also help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities.

MasterCard recently added a new series of Bank Identification Numbers (BIN). While certain Magento versions already support the new BINs, merchants using the following versions must upgrade or apply a patch by June 30, 2017 or face potential fines from MasterCard and lost sales.

The following versions are:

  • Magento EE 2.1.2 or earlier
  • Magento EE 2.0x releases
  • Magento EE 1.14.2.x releases or earlier
  • Magento CE 1.9.2.x releases or earlier

Image Resizing Changes
Also, certain image resizing changes introduced unanticipated problems. Magento has reverted these changes in this release, and will provide improvements to image resizing in a future product update. These changes to image resizing were introduced in Magento 2.1.6. You can also see additional information you may need when upgrading from Magento 2.1.6 or 2.1.5 on Magento 2.1.7 EE Release notes. Otherwise, we can help help upgrade your Magento website.

The latest versions of Magento CE and EE are as follows:

  • Magento CE 2.1.7
  • Magento EE 2.1.7
  • Magento CE 2.0.14
  • Magento EE 2.0.14
  • Magento CE
  • Magento EE