Security topics play a significant role in the success of every online business. Nowadays, this topic becomes even more important due to such a huge number of different types of hacker attacks and sensitive data leaks all over the world. The duty of every website manager is to make sure that the key security rules are followed and the website is well-protected. The following article describes the most critical security issues and measures required for every website.
A new security patch SUPEE-10570 for Magento 1 was released on Feb 27th 2018. It is affecting ~60 files of Magento Open Source (Community Edition) and ~90 of Magento Commerce (Enterprise edition). Let’s review what actual changes and improvements are behind those files.
A new Magento security patch SUPEE-10415 was released on November 28th of 2017. It adds some security enhancements to your store by changing more than 30 files. Let’s dive into the details of the code changes that the patch makes.
A new Magento 1 security patch SUPEE-10266 was released on September 14th of 2017. It closes the ability of an admin user remote code execution, protects from data leaks and fixes some minor issues. Let’s check the main code changes that are included in the patch.
This post is a short inside-out of the newly released Magento 1 SUPEE-9652 security patch. The patch prohibits an injection of executable code to the Magento email “Reply To” param, if the “Return Path” for emails is enabled. So let’s check what it does.
It is important to keep your online store updated to the latest Magento version, as it has the most recent improvements, security updates, and other fixes. And every time such upgrade is performed, the website should be carefully tested to make sure that all issues or conflicts are fixed after the upgrade.
Today we want to share with you our checklist that we normally use when testing Magento stores after their upgrade to newer versions.
During our work with Magento security patch SUPEE-7405 and its patch-fixes (version 1.1) we’ve noticed an error which is logged as an exception and it can be even a source of security exploit if exception.log file is world readable. In this article we describe this bug and fixes for it.
In one of our recent articles we have described Magento patch SUPEE-7405 installation and its code changes. But, as it turned out, this patch might cause some issues on the websites. And in order to reduce the number of issues Magento has released an update to the patch – SUPEE-7405 v1.1. It does not fix any security issues, meanwhile we would like to review what changes this update contains to understand its role:
Magento has released a new security patch SUPEE-6788, and we would like to share our experience with its installation troubleshooting. We are describing this topic assuming that you’ve already checked a web store on magereport.com and implemented the security recommendations like closing access to var directory, downloader, changed the URL to the admin panel to more secure etc. We will also try to avoid the discussion of the admin routes compatibility here because the patch already contains the back routes compatibility. Therefore, the main goal of this article is to make your store functioning correctly after applying the patch.
The Magento team releases patches when any vulnerability in the system is found in order to keep Magento secure and reliable. On Feb 2015, Magento has already released one critical security patch (SUPEE-5344), which was aimed to address a remote command execution. It’s been more than two months since the release and still more than 50% of all of the Magento installations worldwide have not been patched and are being open to attacks.