文章彙整

MAGENTO 2.2.3, 2.1.12和2.0.18 安全性更新

By Astral Web 9 months agoNo Comments
首頁  /  Magento  /  Magento-2  /  MAGENTO 2.2.3, 2.1.12和2.0.18 安全性更新

Magento企業版和社群版2.2.3, 2.1.12, 2.0.18包含多個安全增強功能,可以幫助關閉跨網站指令碼(XSS)、經驗證管理用戶身分的遠程代碼執行(RCE)以及其他漏洞。

 

這些版本也包含了其他的修補程序,想要了解更多功能修復的相關訊息,可參閱Magento 2.0.18, 2.1.12, 2.2.3版本的發行說明。

 

之前尚未下載過Magento 2版本的使用者請直接進入Magento企業版或社群版2.2.3進行操作。


有關如何保護您網站的其他相關信息,請參閱最佳安全做法

https://magento.com/security/best-practices/security-best-practices

 

請從以下選項中,選擇適合的更新版本:

 

合作夥伴

 

Magento Commerce 2.2.3 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.3
Magento Commerce 2.1.12 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.12
Magento Commerce 2.0.18 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.18
Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (New composer installations) https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html
Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades) https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 企業版:

 

Magento Commerce 2.2.3 (New .zip file installations)

My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.3

Magento Commerce 2.1.12 (New .zip file installations)

My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.12

Magento Commerce 2.0.18 (New .zip file installations)

My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.18

Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (New composer installations)

https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html

Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades)

https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 社群版:

 

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (New .zip file installations)

Magento Open Source Download Page > Download Tab

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (New composer installations)

https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades)

https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (Developers contributing to the Open Source code base)

https://devdocs.magento.com/guides/v2.2/install-gde/install/cli/dev_options.html

 

本次更新項目有:

  1. APPSEC-1951: JavaScript execution in the administrator panel
  2. APPSEC-1952: Remote Code Execution using media upload
  3. APPSEC-1865: Cross-Site Scripting in customer information
  4. APPSEC-1907: Cross-site Scripting in Customer Address
  5. APPSEC-1935: Cros-site Scripting leading to Denial-of-Service
  6. APPSEC-1977: Common Server Misconfiguration causes data leak
  7. APPSEC-1901: Local file inclusion in customer view
  8. APPSEC-1994: CSRF in Store Backups
  9. APPSEC-1986: Local file inclusion in import history
  10. APPSEC-1929: Path Traversal in Image Upload
  11. APPSEC-1960: Path Traversal in static.php file
  12. APPSEC-1879: Cross-site Scripting in Downloadable Products
  13. APPSEC-1891: Cross-site Scripting in Admin Shipment tracking
  14. APPSEC-1905: Cross-site Scripting in detailed rating
  15. APPSEC-1906: Cross-site Scripting in System Configuration
  16. APPSEC-1908/1948: Cross-site Scripting in custom variable
  17. APPSEC-1916: Cross-site Scripting in Attribute Group Name
  18. APPSEC-1928: Cross-site Scripting in Downloadable Product Link
  19. APPSEC-1944: Cross-site Scripting in Date fields
  20. APPSEC-1945: Cross-site Scripting in Product SKU
  21. APPSEC-1947: Cross-site Scripting in RMA functionality
  22. APPSEC-1973: Cross-site Scripting in Newsletter Template
  23. APPSEC-1873/1979/1980: Cross-site Scripting in Site Settings
  24. APPSEC-1995: Cross-site Scripting in Downloadable Products
  25. APPSEC-1998: Cross-site Scripting in Product Attributes
  26. APPSEC-1878/1890: Cross-site Scripting in CMS hierarchy
  27. APSSEC-1488: Cross-site Scripting in Status Message (continuation)
  28. APPSEC-1272: No CSRF Protection in Order Printing
  29. APPSEC-1889: CSRF Protection Bypass
  30. APPSEC-1553: Access to Gift Registries of Other Users
  31. APPSEC-1937: Information Exposure
  32. APPSEC-1895: Information Exposure
  33. APPSEC-1967: Password Change Session Management
  34. APPSEC-1972: Password Reset Session Management

 

如欲瞭解更多訊息,請參考Magento官方說明:

https://magento.com/security/patches/magento-2.2.3-2.1.12-and-2.0.18-security-update

 

以上內容由Astralweb 歐斯瑞編寫製作

 000

推薦文章

Categories:
  Magento-2Magento消息

留下回應

你的電子郵件地址不會被公開.

取得獨家電子商務祕技

建立更好的策略靈感

跟上全球的網路趨勢

絕佳的電商解決方案

電子商務戰略全指南

每月發送電商戰略指南,只要填寫E-mail即可訂閱!

請到您的信箱確認,即可完成訂閱。