Magento released important updates for Magento 2.x. However, with being so close to the major holiday sales season, these updates should be tested with your theme and extensions on a backup installation before you use them in a production environment.
Here is the Press Release From Magento
Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security and functionality:
- Magento Open Source and Commerce 2.2.1
- Magento Open Source and Commerce 2.1.10
- Magento Open Source and Commerce 2.0.17
These releases contain almost 15 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. They also contain over 40 functional enhancements, including significant contributions from community members.
We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
Download and install the Commerce updates by logging into My Account and navigating to the version you want to download. Magento Open Source software is available from the Open Source download page. (See how to get the Magento software for a discussion of Magento 2.x installation procedures.)
More information about the security changes is available on the Magento Security Center.
Full details are available in the Magento Commerce and Open Source release notes:
Subscribe to Our Newsletter Today
Stay in touch with the latest business insights for your online business
We do not share your information and you can unsubscribe anytime
Connect With Us And Other Small Business Owners
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.