Magento recently released new updates to increase product security and functionality. Containing over 15 security enhancements and Magento 2.x updates, the release addresses image resizing and MasterCard BIN number expansion. Magento recommends that all merchants upgrade to these versions as soon as possible. As a solutions provider, we are updating our clients sites.
To download and install the Enterprise Edition updates log into “My Account” and navigating to the version you want to download. Community Edition software will be available in the Release Archive of the Community Edition download page.
These release includes multiple critical security enhancements. These updates help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities.
It also includes support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN). While certain Magento versions already support the new BINs, if you are using the following versions that do not apply a patch by June 30, 2017 may face potential fines from MasterCard and lost sales.
• Enterprise Edition 2.1.2 or earlier
• All Enterprise Edition 2.0.x releases
• All Enterprise Edition 1.14.2.x releases or earlier
• All Community Edition 1.9.2.x releases or earlier
Another update is the changes to image resizing that was introduced in Magento 2.1.6. Certain image resizing changes introduced unanticipated problems. All of the changes have been reverted in this release, and will provide improvements to image resizing in a future product update.
Implementing best practices is critical for long-term security, and we strongly recommend reaching out to your developer to address these issues. If you need any assistance, you can reach us either by filling out our contact us form, emailing us at info@121ecommerce, or calling us directly at 216-586-6656.