Aarti Patole

MAGENTO SECURITY PATCH SUPEE-10415 RELEASED

SUPEE-10415, Magento Commerce 1.14.3.7 and Open Source 1.9.3.7 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities. These releases also include a fix for a prior customers that had experienced issues patching caused by SOAP v1 interactions in WSDL.

MAGENTO SECURITY PATCH SUPEE-9767 RELEASED

Magento received reports that customer registration after checkout might fail if the option to ‘Enable Form Key Validation On Checkout’ is enabled. This results in customers not being registered but checking out as guests. Magento is working on updated version of the patch. As a workaround, disabling the ‘Enable Form Key Validation On Checkout’ option will revert the incorrect behavior.

MAGENTO SECURITY PATCH SUPEE-8788 RELEASED

SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities, ensure sessions are invalidated after a user logs out, and make several other security enhancements that are detailed below. Patches and upgrades are available for the following Magento versions: Enterprise Edition 1.9.0.0-1.14.2.4: SUPEE-8788 or upgrade to Enterprise Edition 1.14.3 ...

MAGENTO SECURITY PATCH SUPEE-7405 RELEASED

The updates add support for PHP 5.3 and address issues with upload file permissions, merging carts, and SOAP APIs experienced with the original release. They DO NOT address any new security issues. Magento highly recommends that all users either install the SUPEE-7405 v1.1 patch bundle, or upgrade to Magento Enterprise Edition 1.14.2.4 or Magento Community Edition 1.9.2.4.