StoreFront Consulting

Blog

StoreFront Consulting provides eCommerce solutions to small and mid-size businesses

Important Magento Security Update (Zend Framework), Action Required

  • Kezia Frayjo
  • 07.06.2012
  • Magento Bug Fixes

pad lock

Yesterday Magento announced a security patch to cover a vulnerability in the Zend Framework used by Magento.

The patch resolves a security issue in the Zend Framework that is affecting many versions of Magento. The vulnerability potentially allows an attacker access to any file on a web server running the affected Magento versions unpatched. Because of the seriousness of the vulnerability, we wanted to make sure you were aware of it and are taking the appropriate steps to install the patch on your platform.

HOW TO KNOW IF YOU ARE AFFECTED?

The following versions of Magento are affected by this vulnerability:

  • Magento Community Edition – 1.4.0.0 through 1.7.0.1
  • Magento Enterprise Edition – 1.8.0.0 through 1.12.0.1
  • Magento Professional Edition – 1.8.0.0 through 1.12.0.0

WHAT YOU NEED TO DO ABOUT IT?

Magento’s patch should be installed to address the security flaw. This is something you can do yourself or engage StoreFront to do. If you decide to apply the patch yourself, Magento provides detailed instructions on their blog. If you would like assistance from us, please contact your project manager immediately.

MORE INFO

For more information on the vulnerabilty and Magento’s patches, please see the Magento Commerce site:
http://www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/

Ready to Start? Let's Chat