Security Updates Minimize Risk of Data Loss, Downtime and Hacks
Below are the Magento security updates released this month. Learn about your options and keep your site secure.
If you are a Smart Solutions Managed Solutions Plan customer, we are taking care of these updates for you and your costs are covered.
September 14 Magento Security Update
This update, released September 14th, contains multiple security enhancements for close cross-site request forgery, unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include support for the changes to the USPS shipping rates introduced on September 1, 2017 referenced below.
USPS Service Name Change
USPS First Class shipping service is frequently used by Magento retailers to ship lightweight packages. USPS recently modified this naming convention from “First-Class Mail Parcel” to “First-Class Package Service – Retail.”
Note: If you do not act now, your store will not support checkout using the “First-Class Package Service – Retail” mailing option.
What Do You Need to Do?
Magento 1.x Merchants
- Upgrade to 18.104.22.168 (Open Source) or 22.214.171.124 (Enterprise)
- Or, install the SUPEE-10336 and SUPEE-10266 patches
Magento 2.x Merchants
- Install Magento 2.1.9 and 2.0.16 releases
If You Are Using a Shipping Extension
You will need to determine if additional remedial action is necessary.
Please email us at firstname.lastname@example.org or call 443-949-0069 if you need additional information. We will review your website and give you a report on your site’s security update status.