Yesterday Magento announced a security patch to cover a vulnerability in the Zend Framework used by Magento.
The patch resolves a security issue in the Zend Framework that is affecting many versions of Magento. The vulnerability potentially allows an attacker access to any file on a web server running the affected Magento versions unpatched. Because of the seriousness of the vulnerability, we wanted to make sure you were aware of it and are taking the appropriate steps to install the patch on your platform.
HOW TO KNOW IF YOU ARE AFFECTED?
The following versions of Magento are affected by this vulnerability:
- Magento Community Edition – 18.104.22.168 through 22.214.171.124
- Magento Enterprise Edition – 126.96.36.199 through 188.8.131.52
- Magento Professional Edition – 184.108.40.206 through 220.127.116.11
WHAT YOU NEED TO DO ABOUT IT?
Magento’s patch should be installed to address the security flaw. This is something you can do yourself or engage StoreFront to do. If you decide to apply the patch yourself, Magento provides detailed instructions on their blog. If you would like assistance from us, please contact your project manager immediately.
For more information on the vulnerabilty and Magento’s patches, please see the Magento Commerce site: