Magento Security Patches
Security Updates and News
- Magento 2.2.6 and 2.1.15
- Magento Security Patch 2.2.1, 2.1.10 and 2.0.17 Update
- Magento 2.0.16 and 2.1.9 Security Update
- SUPEE-6788 Technical Details
- SUPEE-6788 Address Zend Framework Vulnerability Update
- Magento Security Patch 2.0.1 Update
- Magento 2.0.4 Security Update
- Magento 2.0.6 Security Update
- Magento Security Update 2.0.10 and 2.1.2
- Magento 2.0.14 and 2.1.7 Security Update
Magento Security Patch SUPEE-10888
SUPEE-10888 is the newest security patch for Magento Commerce 184.108.40.206 and Open Source 220.127.116.11. Introduced on September 10, 2018, SUPEE-10888 provides multiple resolutions for various security vulnerabilities and performance issues detected within the earlier versions of the Magento platform.
The Magento Security Patch SUPEE-10888 is accessible for merchants using the following Magento editions:
- Magento Commerce 18.104.22.168-22.214.171.124 merchants should download the SUPEE-10888 Security Patch or install Magento Commerce 126.96.36.199.
Magento ongoing support professionals recommend that Magento Open Source 188.8.131.52-184.108.40.206 merchants download the SUPEE-10888 Security Patch or go directly to install Magento Open Source 220.127.116.11.
The Magento managed support experts at top Magento agency Forix advise downloading and installing the SUPEE-10888 security patch for your Magento Commerce or Magento Open Source platform.
With the installation assistance of Magento ongoing support from top Magento developer Forix, you can obtain the benefits of all the following security protections that are embedded in the SUPEE-10888 security patch.
APPSEC-2061: Unconfirmed Information Breach Through Layout Injection
This security risks allows an administrator with limited authority to get days he or she does not have the permissions to access. This problem affected all Magento Open Source editions before 18.104.22.168, in addition to all Magento Commerce editions before 22.214.171.124.
APPSEC-1971: Reflective XSS Against Admin Grid Panel
As cross-site scripting security problem, this risk permits the employment of arbitrary JS on the admin sales grid with the use of URL restrictions.
APPSEC-1859: Reset Password URL Includes Consumer ID
This information security threat gives a hacker the chance to obtain a consumer’s ID in a customer’s reset password link for his or her account. After learning a customer’s ID, the hacker can move to breach the user’s account and access classified information.
APPSEC-2067: Admin to Admin Cross-Site Scripting in Custom Attribute Labels
This security hazard can enable an administrator with limited permissions to employ a cross-site scripting attack on another administrator account.
PPSEC-2060: Overwrite Mass Reviews
This issue can potentially allow large amounts of reviews, information, and data to be overwritten with the use of specific configurations.
APPSEC-1936: Customer Data Accessible Within the Database
This security risk can permit an attacker to utilize a brute force attack with the hope of configuring the global/secret/key, located in the platform’s app/local database. That is where an attacker can then obtain the files containing the consumer’s days and decrypt to acquire the Magento user’s password from the sales quote table.
Alongside the various types of security corrections, you can also access the perks of several performance advancements after installing the Magento security patch SUPEE-10888 with the aid of Magento ongoing support from top Magento agency Forix. A few of these performance enhancements include:
APPSEC-2002: Automated Email After a New Admin Account Is Made
This new feature assists admins in distinguishing new administrator accounts by sending an email alert whenever a new administrator account is established.
APPSEC-1730: Doesn’t Force HTTPS Usage
This solution assures that downloaders are only able to use HTTPS connections.
The Magento managed support team at Forix can help you install and test Magento security patch SUPEE-10888 in a development atmosphere first to ensure that is working effectively.