>New Important Magento 1.x and 2.x Security Updates

New Important Magento 1.x and 2.x Security Updates

Magento provider has an announcement about significant improvements on both of  Magento versions recently. Let’s check out those changes and optimize your online store’s performance by utilizing the newest updates!

Updates to Magento 1: Community Edition 1.9.3.3, Enterprise Edition 1.14.3.3, And SUPEE-9767

New security update on Magento Community Edition 1.9.3.3 and Enterprise Edition 1.14.3

Magento has updated multiple security improvement. These critical enhancements contain remote code execution for admin, access control bypass and cross-site requested for forgery issues. Besides, these releases support PayPal’s update to Instant Payment Notification (IPN) server URL.

Release Supee 9767

Because Magento received reports that the registration of customers after checkout might fail if ‘’Enable Form Key Validation On Checkout’’ option is enabled. Therefore, customers cannot register and checkout as guests. Hence, Magento has an updated version of the patch by the way that disabling the option ‘Enable Form Key Validation On Checkout’ will revert the incorrect behavior.

Here are more detailed updates for Supee 9767

Updates to Magento 2: Enterprise Edition 2.0.14 and 2.1.7

Like Magento 1.x, Magento 2.x also received several improvements. For details, there are also multiple security enhancements for access control bypass, CSRF and authenticated admin users remote code execution vulnerabilities.

Besides, this update supports expanding MasterCard BIN number. Recently, MasterCard added a new series of Bank Identification Numbers (BIN). Meanwhile, those certain Magento versions already support the new BINs, wholesalers who use this version must update or apply a patch by June 30, 2017, or face potential fines from MasterCard and even lost sales. Furthermore, these new updates provide reversion of changes to resize images.

Please check this link for more information about Magento updates.

For your information, BSSCommerce now supplies security patch installation service with a great support team. So if you are interested, please contact us via email: support@bsscommerce.com