文章彙整

Magento 2.2.1, 2.1.10與2.1.17開源碼安全性加強更新通知

By Astral Web 1 year agoNo Comments
首頁  /  Magento  /  Magento-2  /  Magento 2.2.1, 2.1.10與2.1.17開源碼安全性加強更新通知

magento-221-2110-and-2017-security-update

 

Magento 最新釋出的 2.2.1, 2.1.10和2.0.17包含多個安全增強功能,可以幫助關閉跨網站指令碼 (XSS)與本地文件(LFI),經驗證過的管理用戶可以透過遠端(RCE)方式進行執行與刪除任何具有漏洞的文件。

 

以前沒有下載過Magento 2版本的使用者則可以直接進行Magent商業版開源碼2.2.1的載點即可。

有關如何保護您的網站的其他信息,請參閱安全最佳做法

要下載版本,請從以下選項中進行選擇:

 

合作夥伴:

 

Magento Commerce 2.2.1 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.1
Magento Commerce 2.1.10 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.10
Magento Commerce 2.0.17 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.17
Magento Commerce 2.2.1, 2.1.10 and 2.0.17 (New composer installations) https://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html
Magento Commerce 2.2.1, 2.1.10 and 2.0.17 (Composer upgrades) https://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 社群版:

 

Magento Commerce 2.2.1 (New .zip file installations) My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.1
Magento Commerce 2.1.10 (New .zip file installations) My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.10
Magento Commerce 2.0.17 (New .zip file installations) My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.17
Magento Commerce 2.2.1, 2.1.10 and 2.0.17 (New composer installations) https://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html
Magento Commerce 2.2.1, 2.1.10 and 2.0.17 (Composer upgrades) https://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 開源碼:

 

Magento Open Source 2.2.1, 2.1.10 and 2.0.17 (New .zip file installations) Magento Open Source Download Page > Download Tab
Magento Open Source 2.2.1, 2.1.10 and 2.0.17 (New composer installations) https://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html
Magento Open Source 2.2.1, 2.1.10 and 2.0.17 (Composer upgrades) https://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html
Magento Open Source 2.2.1, 2.1.10 and 2.0.17 (Developers contributing to the Open Source code base) https://devdocs.magento.com/guides/v2.0/install-gde/install/cli/dev_options.html

 

本次更新項目有:

  1. APPSEC-1325: Stored XSS in Billing Agreements
  2. APPSEC-1825: PHP Object Injection in E-mail templates leading to Remote Code Execution
  3. APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution
  4. APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution
  5. APPSEC-1881: PHP Object Injection in Downloadable Products leading to Remote Code Execution
  6. APPSEC-1893: PHP Object Injection in product metadata leading to Remote Code Execution
  7. APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input
  8. APPSEC-1910: Local File Inclusion (LFI) in Import History
  9. APPSEC-1930: PHP Object Injection in Widgets leading to Remote Code Execution
  10. APPSEC-1931: PHP Object Injection in Zend Framework leading to Arbitrary File Deletion

 

如欲瞭解更多訊息,請參考Magento官方說明:

https://magento.com/security/patches/magento-221-2110-and-2017-security-update

 

 

以上內容由Astralweb 歐斯瑞編寫製作

 000

推薦文章

Categories:
  Magento-2Magento消息

留下回應

你的電子郵件地址不會被公開.

取得獨家電子商務祕技

建立更好的策略靈感

跟上全球的網路趨勢

絕佳的電商解決方案

電子商務戰略全指南

每月發送電商戰略指南,只要填寫E-mail即可訂閱!

請到您的信箱確認,即可完成訂閱。