Last week, Magento had quite a few new updates for Magento 1 and Magento 2. These new releases incorporate valuable updates for security and site functionality.

For Magento 1, security patch SUPEE-10975 was released alongside Magento Commerce version 1.14.4.0 and Open Source 1.9.4.0. All three contain multiple security enhancements that help mitigate remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities. For additional details, please feel free to check out the following resources:

• SUPEE-10975
• Magento Open Source 1.9.4.0 Release Notes
• Magento Commerce 1.14.4.0 Release Notes

The latest version of Magento 2 has been released as well, Magento 2.3.0. Their newest version comes with several new tools to improve the user experience for both merchants and developers. Below, is a list of some of the key new features:

• Multi-Source Inventory: allows you to manage inventory across several physical locations from within the Magento Admin
• Progressive Web Apps (PWA) Studio: gives you the tools to affordably build an exceptional mobile experience
• Page Builder: provides you drag and drop tools to allow non-technical users the ability to generate content easily

For more information regarding Magento 2.3.0, please feel free to check out Magento’s blog, Magento 2.3: New Tools to Fuel Growth in 2019, the Magento 2.3.0 Release Notes, and the JetRails Blog posts with information about recent Magento News, and information shared at Meet Magento NYC 2018.

If you have any questions, please let us know. Also, make sure to test thoroughly before updating your production sites as extensions or custom code might require additional modifications.

Magento released a PHP patch enabling Magento 1 users to utilize PHP 7.2. This patch was released as PHP 5.6 and 7.0 will be reaching their end of life this December. This means that they will no longer receive security updates. The PHP 7.2 patch allows Magento 1 users the ability to remain secure and compliant past the end of life of PHP 5.6 and 7.0 in December.

On September 18, Magento released important updates and a security patch for Magento 1. This previous release provided support and maintenance for Magento 1 websites that have not yet upgraded to Magento 2. Magento 1 will continue to receive software and security maintenance until June 2020 according to Magento’s technical information page.

If you have any questions, please let us know. Also, make sure to thoroughly test in development before updating your production sites as extensions or custom code might require additional modifications. This patch may also require previous security patches to be applied prior to the installation based on your current version of Magento:

________________________________

Magento Community

• 1.9.2.0 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2, SUPEE-7405 v1.1, SUPEE-7405, SUPEE-6788, SUPEE-6482
• 1.9.2.1 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2, SUPEE-7405 v1.1, SUPEE-7405, SUPEE-6788
• 1.9.2.2 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2, SUPEE-7405 v1.1, SUPEE-7405
• 1.9.2.3 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2, SUPEE-7405 v1.1
• 1.9.2.4 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2
• 1.9.3.0 – Patch requirements: SUPEE-9652, SUPEE-8167, SUPEE-9767v2, SUPEE-10266, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.9.3.1 – Patch requirements: SUPEE-9652, SUPEE-8167, SUPEE-9767v2, SUPEE-10266, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.9.3.2 – Patch requirements: SUPEE-8167, SUPEE-9767v2, SUPEE-10266, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.9.3.3. (Skipped because of deprecation)
• 1.9.3.4 – Patch requirements: SUPEE-10266, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.9.3.5 (Doesn’t exist)
• 1.9.3.6 – Patch requirements: SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.9.3.7 – Patch requirements: SUPEE-10570v2, SUPEE-10752
• 1.9.3.8 – Patch requirements: SUPEE-10570v2, SUPEE-10752
• 1.9.3.9 – – No patch requirements –

________________________________

Magento Commerce

• 1.14.2.0 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10348, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 v2, SUPEE-7405 v1.1, SUPEE-7405 v1, SUPEE-6788, SUPEE-6482, SUPEE-6285, SUPEE-5994
• 1.14.2.1 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10348, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 v2, SUPEE-7405 v1.1, SUPEE-7405 v1, SUPEE-6788
• 1.14.2.2 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10348, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 v2, SUPEE-7405 v1.1, SUPEE-7405 v1
• 1.14.2.3 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10348, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 v2, SUPEE-7405 v1.1
• 1.14.2.4 – Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10348, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 v2
• 1.14.3.0 – Patch requirements: SUPEE-9652, SUPEE-9767v2, SUPEE-10266, SUPEE-10348, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.1 – Patch requirements: SUPEE-9652, SUPEE-9767v2, SUPEE-10266, SUPEE-10348, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.2 – Patch requirements: SUPEE-9767v2, SUPEE-10266, SUPEE-10348, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.3 – Patch requirements: SUPEE-9767v2, SUPEE-10266, SUPEE-10348, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.4 – Patch requirements: SUPEE-10266, SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.5 (Doesn’t exist)
• 1.14.3.6 – Patch requirements: SUPEE-10415, SUPEE-10570v2, SUPEE-10752
• 1.14.3.7 – Patch requirements: SUPEE-10570v2, SUPEE-10752
• 1.14.3.8 – Patch requirements: SUPEE-10570v2, SUPEE-10752
• 1.14.3.9 – No patch requirements –

Magento released new versions of Magento Commerce, Magento Open Source and a new security patch for Magento 1.x. These new releases will lock down cross-site scripting, cross-site request forgery, provide multiple performance enhancements, and address other security concerns.

The following was included in the release:

• Magento Open Source Commerce 2.2.6
• Magento Open Source and Commerce 2.1.15
• Magento Open Source 1.9.3.10
• Magento Commerce 1.14.3.10
• SUPEE-10888 to patch earlier Magento 1.x versions

As always, install the patch in a development environment and test before applying it to your live site. Please refer to Security Best Practices for additional information on how to secure your site. If you need any assistance with security patch updates, please send an email to magento@eboundhost.com or contact your Account Manager at eBoundHost.

For more information regarding the security changes, please check out the following resources from Magento:

• Magento 2.x Security Updates
• Magento 1.x and SUPEE-10888 Security Updates

For full details regarding the new Magento Commerce and Open Source, please check out their release notes:

• Magento Commerce 2.2.6
• Magento Commerce 2.1.15
• Magento Commerce 1.14.3.10
• Magento Open Source 2.2.6
• Magento Open Source 2.1.15
• Magento Open Source 1.9.3.10