A new version of Magento has been released. Since few security issues have been resolved, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
Magento Open Source 220.127.116.11 Release Notes (Magento.com)
This version (or patch SUPEE-10752, which applies to older versions of Magento) provides resolution of multiple critical security issues. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues
Fixed issues and enhancements
- Magento no longer performs unnecessary write operations on the core_url_rewrite table.
- Customers can now successfully register during checkout without being unexpectedly logged out.
- Incorrect escaping in the cron.sh file no longer prevents cron jobs from running in parallel as expected.
- Magento now cleans session data as expected after a customer logs out.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.