Make sure you thoroughly test in your Development Environment before pushing into Production. As always, lets keep both you and your customers safe
Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security, performance and functionality:
- Magento Open Source and Commerce 2.3.2
- Magento Open Source and Commerce 2.2.9
- Magento Open Source and Commerce 2.1.18
- Magento Open Source 1.9.4.2
- Magento Commerce 1.14.4.2
- SUPEE-11155 to patch earlier Magento 1.x versions
These releases include security enhancements that help close cross-site scripting, remote code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we strongly recommend that all merchants upgrade as soon as possible.
The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1. As of June 30, Magento 2.1 will no longer receive security updates or product quality fixes now that its support window has expired.
Starting with the release of Magento Commerce 2.3.2, Magento will now assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This will allow users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment.
The release of Magento 2.3.2 also includes multiple performance and functionality enhancements.
More information about the security changes is available on:
Magento 2.x Security Updates
Magento 1.x and SUPEE-11155 Security UpdatesFull details are available in the Magento Commerce and Open Source release notes:
Best regards,
The Magento Security Team