This email provides updates on remediating sites impacted by the recent malware attacks and issues with newly-released Enterprise Edition 1.14.3 and Community Edition 1.9.3 software.
New malware strains impacting Magento sites have recently emerged. On Monday, we shared recommendations for identifying impacted sites and protecting your clients from future attacks. Today, we are posting another article on how to remediate a site that has been compromised by malware. You can find the article in the Security Center at https://magento.com/security/best-practices/remediating-your-site-after-malware-attack. Please review it with your team and share it with your clients.
Issues with Enterprise Edition 1.14.3 and Community Edition 1.9.3
Several issues with our most recent Magento 1.x release have been reported. Some affect functionality critical to store operations and we are working on a new release (Enterprise Edition 188.8.131.52/Community Edition 184.108.40.206) that is tentatively scheduled for the end of next week. Magento is aware of the following issues:
- Search results return all store products
- Some integrations using Magento APIs no longer work
- Bundled product prices do not update
- Store-specific attribute labels disappear
- Auto generated passwords do not work for some customers
- Exceptions appear for stores with disabled breadcrumbs
- Free shipping sales rules are not calculated correctly
- PHP warnings occur with the session timestamp variable
We recommend that merchants wait to upgrade to Community Edition 1.9.3 and Enterprise Edition 1.14.3, and instead apply the latest security patch, SUPEE-8788, which does not have these issues.
If merchants have already upgraded, are experiencing issues, and cannot wait for the new release, the Magento community has created a module that resolves the issues outlined above. It can be found at https://github.com/digitalpianism/bugfixes. Magento has not tested this module. If you and your clients decide to use it, we recommend you remove the community module and upgrade to Enterprise Edition 220.127.116.11 or Community Edition 18.104.22.168 as soon as they are available.