Magento CE (Community Edition) 1.9.3.3 and SUPEE-9767A new version of Magento has been released. Since a potential vulnerability was fixed, we’re considering this a security fix and we recommend all Magento website owners have this upgrade done.
SUPEE-9767 (magento.com)
SUPEE-9767, Enterprise Edition 1.14.3.3 and Community Edition 1.9.3.3 address several security issues.
And this:
Magento CE 1.9.3.3 Release Notes (devdocs.magento.com)
This patch provides resolution of multiple critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento Security Center for a comprehensive discussion of these issues.
This release also provides support for the following issue:
Support for PayPal's update to its Instant Payment Notification (IPN) server URL. PayPal provides more information about this feature in IPN Verification Postback to HTTPS Microsite. This update is essential for retaining uninterrupted service after June 30.
SUPEE-8167, an older patch that also contains this fix, was added on May 8, 2017, and is available from Magento Tech Resources.
The previous release was on February 13, 2017.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.
-Tony
