How often do you hear or read that someone’s website has been hacked? It’s sad to admit, but not all the website owners fully understand the importance of security ensuring. And now just try to imagine how much money you can lose, if somebody gains the access of your web store (in which you have invested thousands of dollars and months or years of meticulous work) without your permission or it will be affected by malware. So when Magento releases new security patches, you probably ask yourself: “Should I invest money into having those patches applied?” The right answer is – “Yes”.
Every new patch is a package of modified core files that aims to fix certain security problems, that were found in Magento. And the latest version of the patch gives you an ability to protect your web store in full measure. Let’s explore the features of new SUPEE-8788 security patch for Magento:
- A vulnerability allowing to execute random commands in checkout has been eliminated (malicious user could get an access to control your website);
- SQL vulnerability has been eliminated (malicious user could erase all the products, orders data, etc.);
- Ability to get an access to hidden admin sections and store settings has been closed for users with the limited access (a limited user can not crash your website anymore, even he has an access to the admin panel);
- The bug allowing to log-in as a customer, without knowing the password, has been fixed (for example, if you save credit cards data in payment module, then someone can make a purchase using card, that belongs to another person);
- Ability to execute side code and get the full access to a website during the import process has been eliminated (a person, who perform data import, could get a full access and then blackmail you);
- Ability to send a message with malware link to a customer, for the purpose of obtaining his account, has been closed;
- A vulnerability allowing to get a full access to admin panel, in case of having access to ‘’catalog’’ section, has been eliminated;
- Eliminated vulnerability of crashing a site by uploading images in custom option (often used by small web stores, that sell t-shirts/cups with custom prints);
- Ability to login as another customer, by getting the link to a file (document, scan, etc. ), that was uploaded to your site, has been closed (the most popular crime – identity fraud).
These are the most important updates, that will let you protect your web store on a brand new level. BelVG company is ready to help and offering you the professional installation of the latest Magento security patch SUPEE-8788.
Magento Community Edition 1.9.3 has been released!
New Magento Community Edition 1.9.3 is the result of hard work, so let us tell you about improvements and new features that this version includes:
- PHP 5.6 support (more stable with this version, increased speed);
- Password recovery process has been changed. A limit of requests for password change per 1 hour has been implemented for one IP address or one User;
- A bug, not allowing new user to get automatically generated password via email, has been fixed;
- Tax calculating process bug has been fixed. (Price including taxes);
- Mini Cart and bundle with products have been fixed;
- Incorrect discounts, based on shipping method and address have been fixed;
- Errors that were displayed in checkout have been eliminated;
- Gateways responds processing bug has been fixed;
- Sorting of configurable products in catalog has been changed;
- Price rules calculating bug for bundle products has been fixed;
- Color swatches have been fixed and optimized;
- Optimized Import/ Export;
- Indexing process has been optimized;
- Updated USPS API;
- Improved WYSIWYG editor;
- Google sitemap generating has been fixed;
- Static blocks functioning with enabled cache has been fixed;
- Adobe Flash is not used for images upload anymore.
Please feel free to contact our managers in case you have any questions regarding new SUPEE-8788 security patch or upgrading to the latest Magento version. We are ready to help you and answer any questions!
Dmitry Klim
Skype: dima-belvg
Email: [email protected]