Magento Product and Security Updates

Today Magento will distribute new releases and patches to improve the security and functionality of Magento sites. While there are no confirmed attacks related to the security issues, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. The security issues vary across products and all versions of Magento are affected. Full articles detailing Magento 1.x and Magento 2.x issues will be added to the Magento Security Center when the code is released. Additionally, the Magento 2.0.1 releases will include several important functional updates. More information on these updates will be posted in Community and Enterprise Edition release notes Wednesday. We strongly encourage you to help clients implement one of the following patches or upgrades:

  • Enterprise Edition 1.9.0.0-1.14.2.2: SUPEE-7405 or upgrade to Enterprise Edition 1.14.2.3
  • Community Edition 1.5.0.0-1.9.2.2: SUPEE-7405 or upgrade to Community Edition 1.9.2.3
  • Enterprise Edition 2.0.0: Upgrade to Enterprise Edition 2.0.1
  • Community Edition 2.0.0: Upgrade to Community Edition 2.0.1

DOWNLOADING THE UPDATES

  To download a patch or release, choose from the following options:

Partners:

  • Enterprise Edition 1.14.2.3 Partner Portal > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Version 1.14.2.3
  • SUPEE-7405 Partner Portal > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support and Security Patches > Security Patches – January 2016
  • Enterprise Edition 2.0.1 (New Installations) Partner Portal > Magento Enterprise Edition > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.1
  • Enterprise Edition 2.0.1 (Upgrade an Existing Installation) http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

Enterprise Edition Merchants:

  • Enterprise Edition 1.14.2.3 My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Version 1.14.2.3
  • SUPEE-7405 My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support Patches / Security Patches > Security Patches – January 2016
  • Enterprise Edition 2.0.1 (New Installations) My Account > Downloads Tab > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.1
  • Enterprise Edition 2.0.1 (Upgrade an Existing Installation) http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

MAGENTO 2.0 RESOURCES

We’d also like to draw your attention to new Magento 2.0 resources that can help you when developing or migrating sites to the new platform.

  • Magento Code Migration Toolkit provides scripts that ease the process of migrating custom Magento 1.x code, layouts and configurations to Magento 2.0 by automating some of the most time-consuming conversion tasks. The toolkit can be customized to fit the needs of a specific project and produces code that follows Magento 2.0 best practices. The Toolkit is available at github.com/magento/code-migration.
  • Code samples demonstrate technologies introduced in Magento 2.0, like interception and service contracts, to help you quickly learn and implement new coding patterns. Code samples are available at https://github.com/magento/magento2-samples.
  • Magento Mobile Application sample can speed up development by showing how to create Apple iOS 8+ apps using Magento 2.0 APIs. The sample app is available to Enterprise Edition customers in My Account >Downloads > Magento Enterprise Edition 2.X > Magento Mobile > Mobile Sample Application for Magento 2.x.

Update: Security Patches have been released

The Magento security releases and patches are now available.

  • Addressed recent USPS changes in all new releases and in a new patch (SUPEE-7616) for Enterprise and Community Editions.
  • Added official support for PHP7.0.2 for Magento 2.0.1, enabling merchants to benefit from dramatic performance improvements, drastically reduced memory consumption, and brand-new PHP language features.

The USPS patch (SUPEE-7616) is available in the following locations:

Partners

Partner Portal > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support Patches / Security Patches > USPS API – January 2016

Enterprise Edition Users

My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Support Patches / Security Patches > USPS API – January 2016

Community Edition Users

Community Edition Download Page > Release Archive Tab > Magento Community Edition Patches - 1.x Section

As a reminder, more information about these releases is posted online:

← Previous Post Next Post →
Leave a Comment