Magento 2.2.6 and 2.1.15 Security Update

Geschreven door Mats van de Seijp.

magento patchOp 10 september heeft Magento een nieuwe Security update vrijgegeven voor Magento 2.2.6 en 2.1.15. Deze Magento update dicht 24 beveiligingsproblemen en richt zich vooral op het beveiligen tegen Cross-Site Scripting (XSS). Maar ook veel andere beveiligingslekken zijn gedicht. We raden u aan om uw Magento shop naar deze nieuwste versie te upgraden. Naast verbeteringen in de beveiliging bevat deze patch ook een aantal verbeteringen de Magento core. Hieronder het overzicht:

Magento 2.2.6 en 2.1.15 verbeteringen

  • Substantial improvements to performance
    • Category product indexer logic has been optimized, and re-indexing time has decreased up to 98%, from 40 minutes to one minute for 100,000 categories
    • The catalog:image:resize command execution time has been reduced by up to 90% in the release
    • The catalog rule re-indexing operation has been optimized, and the average re-indexing time has improved by more than 80%
    • The catalog price indexer is now scoped and multithreaded, which improves the performance of layered navigation, search, and indexing actions for Magento instances with multiple websites and stores
    • The time required to load category or product pages for products that are configured with many attributes (more than 500) has been significantly reduced
    • The time required to load a store’s home page has been reduced noticeably when the top menu contains many categories.
    • Merchants can now improve store performance by disabling Magento Report functionality.
  • Improvements to the reliability and ease of the checkout process
    • A shopping cart’s contents remain constant even when the checkout page is repeatedly reloaded
    • Refreshing the checkout page no longer deletes the shipping address when a guest checks out
    • The speed at which Magento places an order is no longer affected by how many shipping methods are available
  • Additional enhancements
    •  Configurable products are now sorted by visible prices as expected.
    • Magento no longer sends duplicate delete requests as a result of an unstable Internet connection

De Magento 2.2.6 en 2.1.15 Security updates

  • APPSEC-2003: RCE via Varnish settings in admin
  • APPSEC-2045: PHP Files Can Be Uploaded Via Custom Options
  • APPSEC-2081: Magento is leaking customer address attribute data.
  • APPSEC-2027: Multiple CSRF (Website, Store, Store View deletion)
  • APPSEC-2092: CSRF on Changing of orders status
  • APPSEC-2006: Admin Stored XSS via Enterprise Logging
  • APPSEC-2059: CSRF Mass Deletion of Customers
  • APPSEC-2058: CSRF Mass Deletion of Products
  • APPSEC-2037: Local file disclosure
  • APPSEC-2033: XSS When Viewing Catalog Product Link Widget Via Product Name
  • APPSEC-2031: XSS When Viewing Email Reminder Rule via Cart Price Rule Name
  • APPSEC-1904: Stored Cross Site Scripting in Category Content
  • APPSEC-2032: XSS When Viewing Catalog Category Link Widget Via Category Name
  • APPSEC-2047: Customer orders viewable on frontend by other customers
  • APPSEC-2106: Product Video feature not GDPR compliant
  • APPSEC-2011: Stored Cross-Site Scirpting (Product Video Uploader Name)
  • APPSEC-1902: Stored Cross Site Scripting in Product Content Short Description
  • APPSEC-1903: Stored Cross Site Scripting in Product Content Description
  • APPSEC-1909: Admin account takeover via File upload information disclosure
  • APPSEC-1950: Encrypted data is cached in decrypted form
  • APPSEC-1859: Reset password URL includes the customer ID
  • APPSEC-2002: E-mail admin users when a new administrator is created
  • APPSEC-1902: Stored Cross Site Scripting in Product Content Short Description

Wat moet ik doen om Magento Security issues te bestrijden?

Gebruik altijd de laatste versie van Magento Open Source (2.2.6) of Magento Commerce (2.1.15) om zo de nieuwste verbeteringen, features en beveiligingsupdates te krijgen.
Wij helpen u graag hiermee. Mail ons via het supportaanvraagformulier of bel ons op 020-3375906

Are u ready 4 Magento 2?

Are u ready 4 Magento 2?

Are you currenty using Magento 1, and looking forward to continue your business using the latest functionality in ecommerce, than Magento 2 is ready for you.

Magento 2 is a brand new platform and ready to serve your ecommerce needs now and in the future.

more info

Stel je vraag

Stel je vraag

Stap 1. Impact analyse

Stap 1. Impact analyse

Stap 2. Pre-paid ticket

Stap 2. Pre-paid ticket

Stap 3. Uitvoeren

Stap3: Uitvoeren

Bel nu! 020 337 5961

SupportDesk B.V.
Hogehilweg 19
1101 CB Amsterdam

E-mail: support @ supportdesk.nu

meer gegevens