2.1.6 Product Release
This is a repost of a Fooman blog. You can view the actual article here
This email provides updates on remediating sites impacted by the recent malware attacks and issues with newly-released Enterprise Edition 1.14.3 and Community Edition 1.9.3 software.
An updated SUPEE-8788 v3 patch for Enterprise Edition 1.13.0.x is now available in the “Security Patches – October 2016” folder in MyAccount. It addresses missing files that prevent many Enterprise Edition 1.13.0.x merchants from successfully deploying the SUPEE-8788 patch .
Malware attacks targeting ecommerce sites are on the rise and it has never been more critical for merchants to follow security best practices. In most malware cases we’ve analyzed, attackers are not developing new ways to penetrate Magento sites. Instead, they are taking advantage of existing, unpatched vulnerabilities, poor passwords, and weak ownership and permission settings in the file system.
Earlier this week you may have been contacted by your Account Manager, Product Owner or Business Owner about the latest Magento security patch that was released on Tuesday 10/11/2016. Magento security patch SUPEE - 8788 was found to have some issues with earlier versions of Magento EE 1.13 and earlier. Here is the press release for that issue:
Third-Party Themes and Extensions Are at Risk
Today Magento will distribute new releases and patches to improve the security and functionality of Magento sites. While there are no confirmed attacks related to the security issues, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. The security issues vary across products and all versions of Magento are affected. Full articles detailing Magento 1.x and Magento 2.x issues will be added to the Magento Security Center when the code is released. Additionally, the Magento 2.0.1 releases will include several important functional updates. More information on these updates will be posted in Community and Enterprise Edition release notes Wednesday. We strongly encourage you to help clients implement one of the following patches or upgrades:
At CITE Forum, Noah Broadwater, CTO of Sesame Workshop, explains how his IT organization learned to stop being gatekeepers and instead be partners and advocates for the business
By Christian Holst for Smashing Magazine