Know about Magento Commerce 1.14.3.9 Release Notes

Data security is important for ecommerce businesses. Supporting your need for data security recently Magento Commerce 1.14.3.9 and Magento Open Source 1.9.3.9 have been proclaimed with security enhancements and fixes.

Magento Security Patch SUPEE-10752 provides solutions to various security issues like remote code execution, cross-site scripting and cross-site request forgery. It’s essential that you get these critical updates installed. Without the Magento security patch your customer’s data is at risk. Slightest blooper could let your data land in stranger’s hands putting your entire business at jeopardy.

Fixes and Enhancements of Magento Commerce 1.14.3.9 and Open Source 1.9.3.9

• Magento no more performs needless write operations on the core_url_rewrite table.
• Magento will now erase the customers’ session data once they log out.
• Customers can now triumphantly get themselves registered during checkout without becoming logged out unexpectedly.
• The incorrect escaping in the cron.sh file no more averts cron jobs from running in parallel as anticipated.

These added security fixes connote that your customer’s data is secured. Installation of such updates assures two things to your customers:

1. Their privacy matters a lot to your business and
2. You stay updated with the latest security developments.

Sometimes problems may occur while installing this security patch. This is because a previous version of this patch (SUPEE-10570v1) is still functioning on your site. To overcome this error, uninstall SUPEE-10570v1 and replace it with SUPEE-10570v2 before installing SUPEE-10752. Try out any of the following actions to test and be sure that the installation is properly done

• Craft a new customer
• Login and log out of your site as a customer
• Place an order as a fictitious customer
• Navigate your ecommerce prospectus

Critical fixes fixed by Magento Security Patch SUPEE-10752:

APPSEC-2001: Authenticated Remote Code Execution Using Custom Layout XML:

Admin right users are able to use custom XML file to replicate any file to any location. This means that your customers’ data is at peril for replication where one can take the data on another file.

APPSEC-2015: Authenticated Remote Code Execution (RCE) through the Create New Order feature:

Users have the authorization to craft new sales order. With the use of Admin Panel they are able to use the gift card function to manipulate the data that is being requested while injecting a malevolent code into your site. This code can later be underserialized.

APPSEC-2042: PHP Object Injection and RCE in the Magento Admin Panel:

Admin users having the access to Enterprise Target rule module can craft rule-based product relations in a manner that are capable enough to operate and trigger remote code execution.

Wrap up:

It is recommended that you upgrade your Magento store to this latest version to avail enhanced fixes and security features so that your data is secured.

MagentoGuys is a reputed Magento 2 development company, delivering innovative Magento solutions & support to clients worldwide.