Magento 發布重大安全更新 (2019.03.27)

Magento 使用相關問題討論及交流
文章: 345
註冊時間: 2018-01-05, 17:40

Magento 發布重大安全更新 (2019.03.27)

文章 admin » 2019-03-27, 11:10

Magento 今日以 「Important Magento Security Updates」 為標題,通知 Magento 用戶進行系統更新,而且是強烈建議所有的商家盡快更新。

雖然我們是 OpenCart 系統的技術廠商,但我們仍希望透過我們的平台及觸角,傳送這個 Magento 重大的安全更新訊息,盡可能讓多幫一些商家,避免遭受這些安全漏洞的為害,如果你有朋友是使用 Magento,請也將訊息轉給他們。

Magento 的信件內容如下
New Magento Enhancements Available Today

Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security, performance and functionality:

- Magento Commerce and Open Source 2.3.1
- Magento Commerce and Open Source 2.2.8
- Magento Commerce and Open Source 2.1.17
- Magento Commerce
- Magento Open Source
- SUPEE-11086 to patch earlier Magento 1.x versions

These releases include security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we strongly recommend that all merchants upgrade as soon as possible.

Additionally, as a reminder we released the following patches recently that might be useful for you:

- Patch to secure Payflow Pro payment method against fraudulent activity for Magento 2.1, 2.2, & 2.3.
- Patch to continue support for payments via Direct Post.

The release of Magento 2.3.1 also includes powerful new merchant and developer experience enhancements and multiple performance improvements.

More information about the security changes is available on 電商便利中心 電商工程筆記
OpenCart 購物網站代管及維護
OpenCart 台灣電商社群