We hope you did not miss this news: Various security patches came out last weeks, and you should be upgrading soon, if not already. This mailing is another reminder for this.

Magento 1.9.3

Already 2 weeks ago a SUPEE patch 8788 came out to fix various security issues, among which a way to execute PHP code in the checkout (and hack your shop with it), SQL injections (that could be used to add more admin users), login as another customer and various other issues. The patch is therefore highly important and should be installed as soon as possible.

At the same moment Magento 1.9.3 was released, shipping the fixes in the SUPEE 8788 patch. However, this release has various issues that caused issues with current installations (SOAP, password confirmation when editing an account, etc) which made upgrading for some people a bumpy ride. However, we still recommend to upgrade to Magento 1.9.3 if you can, because all issues are documented by now (third party blogs, StackExchange) and this release includes security enhancements not made by the patch. It is said Magento 1.9.3.1 is underway, but if you don't patch soon, your shop might already be attacked. So don't wait, but patch.

Joomla 3.6.4

This week a new Joomla version 3.6.4 came out for Joomla as well, fixing two major vulnerabilities. Though we've not seen much in the wild yet, the bugs deal with the ability to register on a Joomla site while actually Joomla is configured to have registration disabled, and the ability to change the usergroup of that registration (elevated privileges). Adding this up, these vulnerabilities allow for any Joomla site to be targetted by hackers, creating new management accounts (potentially Super Users) with automated attacks.

Upgrading Joomla should be easy: In some cases, you will need to update the Joomla Update Component first. Upgrading to Joomla 3.6.4 involves not much more than a simple click. Make sure to create a backup in advance.

Let us know if you need any help with upgrading.

Posted on October 26, 2016

About the author

Author Jisse Reitsma

Jisse Reitsma is the founder of Yireo, extension developer, developer trainer and 3x Magento Master. His passion is for technology and open source. And he loves talking as well.

Sponsor Yireo

Looking for a training in-house?

Let's get to it!

We schrijven niet te commerciële dingen, we richten ons op de technologie (waar we dol op zijn) en we komen regelmatig met innovatieve oplossingen. Via onze nieuwsbrief kun je op de hoogte blijven van al deze coolness. Inschrijven kost maar een paar seconden.

Do not miss out on what we say

This will be the most interesting spam you have ever read

We schrijven niet te commerciële dingen, we richten ons op de technologie (waar we dol op zijn) en we komen regelmatig met innovatieve oplossingen. Via onze nieuwsbrief kun je op de hoogte blijven van al deze coolness. Inschrijven kost maar een paar seconden.