Magento received reports that customer registration after checkout might fail if the option to ‘Enable Form Key Validation On Checkout’ is enabled. This results in customers not being registered but checking out as guests. Magento is working on updated version of the patch. As a workaround, disabling the ‘Enable Form Key Validation On Checkout’ option will revert the incorrect behavior.
SUPEE-9652, Enterprise Edition 1.14.3.2 and Community Edition 1.9.3.2 address the Zend library vulnerability described below. Patches and upgrades are available for the following Magento versions: Enterprise Edition 1.9.0.0-1.14.3.1: SUPEE-9652 or upgrade to Enterprise Edition 1.14.3.2 ...
As far as we take the safety of our products just serious Aheadworks releases one more security patch for our Follow Up Email extension for Magento 1 stores. Further tests showed that it contains some more potential vulnerabilities able to provide cyber criminals with an opportunity to get access to the Magento file system. In the affected versions of the extension (3.5.8 and above) attackers were likely able to create and read files through the discovered controller vulnerability.
SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities, ensure sessions are invalidated after a user logs out, and make several other security enhancements that are detailed below. Patches and upgrades are available for the following Magento versions: Enterprise Edition 1.9.0.0-1.14.2.4: SUPEE-8788 or upgrade to Enterprise Edition 1.14.3 ...
Due to the found security issue we strongly recommend our Magento 1 customers to update the Follow Up Email extension till the latest secure version. Recently, Aheadworks discovered a potential security vulnerability in its Follow Up Email extension for Magento 1 stores. The vulnerability is related to a potential opportunity of SQL injections and unauthorized access to Magento databases.
The updates add support for PHP 5.3 and address issues with upload file permissions, merging carts, and SOAP APIs experienced with the original release. They DO NOT address any new security issues. Magento highly recommends that all users either install the SUPEE-7405 v1.1 patch bundle, or upgrade to Magento Enterprise Edition 1.14.2.4 or Magento Community Edition 1.9.2.4.
Recently Magento notified its users and partners about another security issue concerning sensitive payment information, in particular credit card credentials forwarded to external sites by frauds. The good thing is that this security issue is covered by the February 2015 Shoplift patch, still we ask you to scan your system and check it for any unknown files.
SUPEE-6788 is a bundle of patches that resolve several security-related issues. There were several CVSSv3 Severity issues found which affected the Magento products. Below are the few bugs ...
Today, Magento has released new security patch called SUPEE-6788, available as a part of Enterprise Edition 1.14.2.2 and Community Edition 1.9.2.2. The patch fixes a number of store security issues, which is why it is highly recommended you install it. But, at the same time, it has a routing issue that breaks backward compatibility, which may impact your extensions and customizations.
SUPEE-6482 is a bundle of patches that resolve several security-related issues.
There were several CVSSv3 Severity issues found which affected the Magento products.
