A new version of Magento has been released. Since few security issues have been resolved, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
Magento Open Source 1.9.3.9 Release Notes (Magento.com)
This version (or patch SUPEE-10752, which applies to older versions of Magento) provides resolution of multiple critical security issues. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues
Fixed issues and enhancements
- Magento no longer performs unnecessary write operations on the core_url_rewrite table.
- Customers can now successfully register during checkout without being unexpectedly logged out.
- Incorrect escaping in the cron.sh file no longer prevents cron jobs from running in parallel as expected.
- Magento now cleans session data as expected after a customer logs out.
The previous release was on February 27, 2018.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.
Thank you,
–Tony
