Magento CE (Community Edition) 1.9.3.2 and SUPEE-9652A new version of Magento has been released. Since a potential vulnerability was fixed, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
SUPEE-9652 (magento.com)
SUPEE-9652, Enterprise Edition 1.14.3.2 and Community Edition 1.9.3.2 address the Zend library vulnerability described below.
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well.
Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to:
- use sendmail as the mail transport agent
- have specific, non-default configuration settings as described
The previous release was on November 14, 2016.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.
-Webstix Support
