A new version of Magento has been released. Since a potential vulnerability was fixed, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
SUPEE-9767, Enterprise Edition 184.108.40.206 and Community Edition 220.127.116.11 address several security issues.
Magento CE 18.104.22.168 Release Notes (devdocs.magento.com)
This patch provides resolution of multiple critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento Security Center for a comprehensive discussion of these issues.
This release also provides support for the following issue:
Support for PayPal's update to its Instant Payment Notification (IPN) server URL. PayPal provides more information about this feature in IPN Verification Postback to HTTPS Microsite. This update is essential for retaining uninterrupted service after June 30.
SUPEE-8167, an older patch that also contains this fix, was added on May 8, 2017, and is available from Magento Tech Resources.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.