A new version of Magento has been released (1.9.3.8). Since security issues were addressed, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also support API changes implemented recently by USPS. Additionally, Magento Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks. This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.
Magento 1.x and SUPEE-10570 Security Updates (magento.com)
SUPEE-10570, Magento Commerce 1.14.3.8 and Open Source 1.9.3.8 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS, and other issues. These releases also include small functional fixes listed in the release notes.
The previous release was on November 28, 2017.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.
-Tony
