Home / Support Blog / Magento Update Released - 01-21-2016

Magento Update Released - 01-21-2016

Magento Community Edition 1.9.2.3: Security Patch Bundle (SUPEE-7405) and USPS Patch (SUPEE-7616)

Magento has published a software update that covers security issues.

Important New Security Releases and Patches (community.magento.com)

Today, we are making new releases and patches available to improve the security and functionality of Magento sites. While there are no confirmed attacks related to the security issues, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. The security issues vary across products and all versions of Magento are affected. Full articles about the Magento 1.x and Magento 2.x issues are posted in the Magento Security Center. Additionally, all new releases and a separate USPS patch support recent USPS changes.

The Magento 2.0.1 releases also contain several important functional updates, including official support for PHP7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports brand-new PHP language features. More information on these updates is posted in the Community and Enterprise Edition release notes.

and:

SUPEE-7405 (magento.com)

A user can append comments to an order using a specially crafted request that relies upon the PayFlow Pro payment module. Magento does not filter the request properly, which potentially results in JavaScript code being saved in database (see issue APPSEC-1240) and then executed server-side when the administrator tries to view the order. This attack can lead to a takeover of the administrator session or executing actions on behalf of administrator.

The previous release was on October 27, 2015.

Our Website Maintenance Department will be in contact with our clients regarding this upgrade.

Also, we don't charge this much but I got an email from another company that wants to charge $190 - $390 to get this update done. We're a bit cheaper and we do testing for you.

-Tony

SEO / PPC
Get found, increase conversion!
Website Marketing
Get your website noticed and get results.
Design Portfolio
Result driven design makes your website work 24/7 for your business.

What Our Clients Say

“Your company and its professionalism are proof positive that distance truly does not matter when completing a large project such as this.”
-Julie Hilliger
Malcolm-Eaton Enterprises
Our Clients Love Us - CLICK

Need Website Maintenance?

 

Put Our Team

To Work For You

Click Here

Website Financing Options Available
UpCity

FOLLOW US ON
Webstix in Madison, WI
2820 Walton Commons Ln.
Suite 108
Madison, WI 53718
608-277-7849 608-661-8529
magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram