(888) 554-9990

Magento Security Announcement Reminder: SUPEE 9767

Magento has released a new patch that covers critical vulnerabilities.
Attackers are disabling a configuration protection after gaining admin access and are uploading malicious code. Use of the AllowSymlinks option in configuration settings can enable the upload of an image that contains malicious code. Although this option is disabled by default, an attacker with access to store configuration settings can enable it and remotely execute code.

As always, install the patch in a development environment and test before applying it to your live site.

If you need any assistance with security patch updates, please send an email to: magento@eboundhost.com or contact your Account Manager at eBoundHost.

For your convenience, we have quoted some of the announcement from Magento’s Forum below. Read the rest on the Magento site.

Today, Magento is releasing new updates to increase product security and functionality. The releases contain over 15 security enhancements and Magento 2.x updates that also address image resizing and MasterCard BIN number expansion. We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.

These releases include:

Multiple critical security enhancements. These updates help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities. See Magento 2.0.14 and 2.1.7 Security Patches and SUPEE-9767 Security Patches for more information.

Support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN). While certain Magento versions already support the new BINs, merchants using the following versions must upgrade or apply a patch by June 30, 2017 or face potential fines from MasterCard and lost sales:
- Enterprise and Community Edition 2.1.2 or earlier
- All Enterprise and Community Edition 2.0.x releases
- Enterprise Edition 1.14.2.x or earlier releases
- Community Edition 1.9.2.x or earlier releases

More information is available at MasterCard BIN Range Update.

Reversion of the changes to image resizing that we introduced in Magento 2.1.6. Certain image resizing changes introduced unanticipated problems. We have reverted these changes in this release, and will provide improvements to image resizing in a future product update. See the Magento 2.1.7 Enterprise Edition Release Notes for additional information you may need to take when upgrading from Magento 2.1.6 or 2.1.5 to this release.

Download and install the Enterprise Edition updates by logging into My Account and navigating to the version you want to download. Community Edition software is available in the Release Archive of the Community Edition download page.

(See How to get the Magento software for a discussion of Magento 2.x installation procedures, and How to Apply and Revert Magento Patches for Magento 1.x instructions.)

Please refer to SECURITY BEST PRACTICES for additional information on how to secure your site.

Tom P May 31, 2017

Read This Next:

Magento Releases SUPEE-10975 Patch, Magento Commerce 1.14.4, Open Source 1.9.4, and 2.3.0

Magento PHP 7.2 Patch Release

New Magento Releases and Security Patch Update

Magento 2.2.5 and 2.1.14 Security Update

I came to eBoundHost after a very bad experience with a so called "big boy" - you know one of those places you are only a number. I have been a satisfied customer for more than 4 years now. The support is second to none.

Gary Hutchison

Every time I have contacted my host provider. They have responded with speed, courtesy and accuracy they are professional and a joy to work with.

P. LaGambina

Excellent response to questions and issues. Fabulous uptimes. Personable tech support.

Lisa Cowan

EXCELLENT across the board, super quick reply to questions (about 15-30min). Outstanding! Loads of features, excellent price! Loads of space and bandwidth!

Beau B.

eBoundHost.com has been a dream to work with. My questions are answered in minutes, the price is very reasonable, the interface is great, I am very happy with how smooth everything works.

Paul

Reliability and customer service that is rare and refreshing. We have been using eBoundHost for several years and unlike many companies who's service wanes over the years, the staff at eBound has consistently delivered top notch performance. Bravo!

Don Bailey

eBoundHost provides the very best service I've experienced in hosting. It takes less than 24h to get an answer to any question. They're great.

Fabien Papleux

No better web host on the market! Support is second to none.

Roger Hamilton

I'm Stan Bogdashin, a customer of your hosting company for the past 2 years. Our company provides web design, development and Search Engine Optimization (SEO) services. Want to thank you for helping us by providing great hosting seamless support - this is why I continue to recommend you and don't use anyone else for hosting!

Stan Bogdashin

Great customer service. After looking around for a while we signed up with eBoundHost. And I can assure you that we made right decision. Customer service is so good that I don't have words to explain. I would recommend this service to everyone.

Keval

eBoundHost is the best. I have dealt with many hosting providers over the last 10 years. eBoundHost surpasses them all. Absolutely the highest level of quality service anywhere. Do yourself a big favor and sign on with eBoundHost.

Dave "Infodave" Beightol

We at Alico have 4 domain names which we started subscribing at eBoundHost since more than 4 years. In brief they are the best webhosting provider with a sexy Control Panel and perfect fast response support.

Ahmed Hussein
AlicoUAE

I have worked with many hosting companies over the course of my years in the website building and design business. I can say with certainty that eBoundHost.com is among the elite companies. I would and have recommended them to anyone.

Jim Nickerson

I waited to write a review until I had absolutely everything working, thinking that something would come up that eboundhost couldn't solve almost immediately. I've never been so happy to be wrong - their customer support is just incredible.

Shannon I

eBoundHost.com has the best customer service in ANY industry. Their support staff answers phone calls and emails immediately and they have time and time again gone over and above their responsibilities to make sure I am taken care of and that my clients are happy. I have many websites hosted here from small business to corporate level and have dealt with many hosting companies in the industry and eBoundHost.com is by far the BEST hosting provider there is. Great prices, great service, great hosting packages, and a killer reseller program! THANK YOU AGAIN :)

Shannon

Cost, technical support and promptness of return calls are of paramount importance to me since most of my work is done on the road and waiting for a reply is frustrating. eBoundHost has been a pleasure to work with friendly, courteous and professional.

Steve Berry

eBoundHost is really the best hosting service in today's marketplace. Fast and efficient customer service with excellent IT knowledge. Good price and many bundled extra options. Highly recommended!

Goran Paunovic
Artversion Creative Agency

From using your hosting services for dozens of web clients and appreciating your wonderful customer service (all the while enjoying spending my meaty affiliate checks), I look forward to growing with you and watching you evolve surely and steadily into a powerhouse of a force to be reckoned with for your competitors. In an overcrowded abyss of hosting providers it is an absolute MUST to stand out above the crowd if you want to claim your stake and play with the big boys. Period. All I can say is this...Look Out World - GAME ON!!!

S. Gino

GREAT customer service and tech support, with professional, yet personable service.

J. Bitner

I have been a customer since December of 2001, and the service has been nothing less than excellent. I would recommend eBoundHost highly.

Jason Maggard