Magento Hosting Emergency? Learn About Our Magento Hosting Rescue Service! ❯
1 (888) 997-2457 Chat Status Login

    We can help you. Right now.
    Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
    Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]
    Call us at:1 (888) 997-2457
    LETS TALK

    Magento 2.3.3, 2.2.10, 1.9.4.3, 1.14.4.3, SUPEE-11219 and 2.3.2-P2

    10/10/2019 • Authored By Robert Rand
    RSS
    Subscribe
    Facebook
    Twitter
    YouTube
    LinkedIn
    Share
    Telegram
    Speak With A Specialist!

    On October 8th, 2019, Magento released the latest iterative versions of their software. With these new releases, you have a very important choice to make. Upgrade your storefront to incorporate the latest bug and security fixes and improvements, or apply a patch to your existing version to ensure you are gaining the security enhancements needed.

    Magento 1.9.4.3 and 1.14.4.3

    If you’re still on Magento 1.x, you’ll be able to download Magento Open Source (Community Edition) version 1.9.4.3. Alternatively, for those with a paid license, you’ll be able to access Magento Commerce (Enterprise Edition) 1.14.4.3. 

    Both are considered minor releases on the path toward Magento 1 End of Life. You can listen to Episode 1 of The JetRails Podcast to learn more about that upcoming sunset of the very much aged (but beloved by many) original version of Magento. 

    If you upgrade, you’ll get important security fixes in addition to core updates, such as to remove WebserviceX from the Magento 1.x code base and add CurrencyConverterAPI and FixerIO as additional currency services.

    Magento SUPEE-11219

    While upgrading will include some core enhancements, alternatively, you can opt to patch your site with SUPEE-11219 to address known security holes. These include vulnerabilities that, unaddressed, can allow for:

    – Remote Code Execution

    – Cross-Site Scripting

    – Information Leakage

    – Insufficient Logging and Monitoring  

    Please note that the Magento team only initially launched a copy of this patch for Magento 1.9.3.x and 1.9.4.x. The Magento team is still working on releasing copies of the SUPEE-11219 patch for older versions of Magento. If there isn’t a patch for your version yet, you may need to keep checking back until it’s available. This is a crucial security patch.

    Magento 2.2.10

    Magento 2.2 is approaching its end of life in December of 2019. With that in mind, this is expected to be the last release for 2.2.x, so if you’re looking for the latest bells and whistles, you’ll want to plan to upgrade to 2.3.x. However, there are some important updates included with 2.2.10. These include support for PHP 7.2

    Even though there are only a couple more months of support ahead for Magento 2.2, this is a pretty extensive upgrade. It includes 75 security enhancements, 147 fixes and improvements to Magento’s core, and includes fixes to 56 issues submitted by the community through GitHub. 

    This release includes updates for multiple payment gateways to make them PSD2 compliant. PSD2 compliance is really important for stores selling in the EU and your storefront’s overall checkout security. 

    In regard to payment modules, you should also be aware that Cybersource and eWay modules have deprecated. Moving forward, merchants will be able to download Magento Extensions (as available) for such gateways, but Magento won’t be including them in Magento’s core. This may also be a precursor for Magento Payments moving to general release.

    Overall, this release included some major improvements to security, such as to improve protections against future cross-site scripting exploits.

    Magento 2.3.3

    Like 2.2.10, this release addresses many issues related to PSD2 compliance, cross-site scripting along with other security and compliance improvements. It also addresses specific issues faced by users of Magento 2.3.x, such as a critical issue with Elasticsearch 6.x. One major security issue that this update addresses, is a critical security vulnerability in Page Builder, a feature in Magento Commerce. 

    Magento will now support PHP 7.3.x and Varnish 6.2.0, and PWA Studio 4.0.0 has been released. There were also improvements made to Magento Shipping, although it’s worth noting that it’s been announced that Temando, which is an important part of Magento Shipping, is facing a pending shutdown. It’s foreseeable that Magento Shipping users will consider other solutions, like ShipperHQ, in order to meet their needs in the future.

    One item that we’re less sure about is an option to automatically share user data with Adobe. Specifically, Adobe will prompt you to automatically share admin user actions and events. While it makes sense for Adobe to learn about how Magento admins are interacting with their admin panels, as with all data sharing, we recommend pausing to consider if this is data that you want being transmitted and stored. 

    Magento 2.3.2-p2 Security Patch

    For those that can’t or simply won’t always keep up with Magento 2.x upgrades, Magento is now making security-only patches available. These are smaller updates that don’t include other bug fixes and overall iterative improvements. This would be helpful in various scenarios. For instance, if your team is attempting to move into a coding freeze for the holiday shopping season, now might not be the time to apply a bigger update with 100+ additional fixes and improvements, but you don’t want to leave 75 security vulnerabilities sitting in your website in the meantime.

    The initial patch was originally made available in a pre-release version, 2.3.2-p1, but Magento is strongly urging merchants to upgrade to 2.3.2-p2 asap. The new 2.3.2-p2 patch release includes the critical security fixes that were released with both Magento 2.3.3 and Magento  2.2.10.

    … but don’t stop there. Even if you’re upgraded or patched, it’s important to follow security best practices. For instance, you can use a CDN and WAF to better protect your site and should consider if you’ve conducted a Magento security audit recently. 

    About The Author
    Robert Rand
    Director of Partnerships & Alliances

    Robert is a Magento 1 and 2 Solution Specialist with over a decade of experience in helping merchants benefit from sound ecommerce and digital marketing strategies. He’s highly experienced at harnessing the power of ecommerce technologies and solutions to help businesses of all types and sizes grow and succeed.

    Get A Free Consultation From The JetRails Team

    Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

      More Articles
      Why Improved Import & Export Is Such A Popular Magento 2 Extension
      View Article
      Magento Critical Security Patches 2.4.5-p1 and 2.4.4-p2
      View Article
      Magento 2.4.5 and August 2022 Magento Ecosystem News
      View Article
      © 2023 JetRails.com
      an ADF, Inc. brand.
      All Rights Reserved
      Terms of Service | Privacy Policy
      Solutions
      Magento Managed Hosting Shopware Hosting Magento Hosting Rescue Service Drupal CMS Hosting WordPress High-Stakes Hosting Best Magento Hosting FAQ Magento 1 End of Life Hosting PCI Compliant Hosting Development Hosting Environments
      Tools
      Speed Test Security Audit Load Test Hosting Migrations Hosting Consultations Magento 2FA Extension Mage Cloudflare Extension Find a Magento Agency One-Time Secret
      JetRails
      About Us Blog Partners System Status Knowledge Base Case Studies Podcast Careers Get in Touch
      [email protected] 1 (888) 997-2457
      © 2023 JetRails.com
      an ADF, Inc. brand.
      All Rights Reserved