On Tuesday Magento is released new versions of Magento Commerce and Open Source to increase product security and functionality:

  • Magento Open Source and Commerce 2.2.3
  • Magento Open Source and Commerce 2.1.12
  • Magento Open Source and Commerce 2.0.18
  • Magento Open Source 1.9.3.8
  • Magento Commerce 1.14.3.8
  • SUPEE-10570 to patch earlier Magento 1.x versions

These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.

The new releases also support API changes implemented recently by USPS.

Additionally, Magento Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks.

This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.

Magento user can find more information and download links here:

Magento 2.x Security Updates
Magento 1.x and SUPEE-10570 Security Updates

Full details are available in the Magento Open Source release notes:

Magento Open Source 2.2.3
Magento Open Source 2.1.12 
Magento Open Source 2.0.18
Magento Open Source 1.9.3.8

Full details are available in the Magento Commerce release notes:

Magento Commerce 2.2.3
Magento Commerce 2.1.12 
Magento Commerce 2.0.18
Magento Commerce 1.14.3.8

Should I Update?

Right now is a good time for eCommerce stores to update and possibly upgrade. If you are running Magento 1.x, moving to Magento 2.x is going to take a lot of work.

As a merchant, that type of major upgrade will require some planning, but if you are selling on Amazon or planning to sell on Amazon, Magento did release last week the news they are adding Amazon integration into the core of Magento 2.x.

That could sway some online retailers to make the plunge from Magento 1.x to 2.x.

However, if your plans do not include the major upgrade, you still should always wait a couple weeks before updating Magento to the latest version.

That way any issues that may impact extensions or other bugs that may be found in a wide release can be squashed, and you are not risking your running business.

Of course, another option is to have a secondary or test site you can use to check the new upgrade if it works with all of your extensions.

We do like your feedback on this update if you plan to use a test site. Head over to our Facebook Discussion Group or use the comments section below to voice your thoughts on this Magento update.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *