文章彙整

Magento SUPEE-10415安全性修補通知

By Astral Web 12 months agoNo Comments
首頁  /  Magento  /  Magento消息  /  Magento SUPEE-10415安全性修補通知

Magento SUPEE-10415

Magento  SUPEE-10415安全性修補通知

SUPEE-10415, Magento 社群版 1.14.3.7和開源碼 1.9.3.7包含多個安全增強功能,可以幫助關閉跨站請求偽造(CSRF)、拒絕服務(DoS)和經過身份驗證的管理員用戶遠程執行代碼(RCE)漏洞。這些版本還包括修復之前客戶遇到由WSDL和SOAP v1交互所引起的修補問題。

 

有關1.14.3.7和1.9.3.7版本中所有更改的信息,請參閱Magento Commerce和Magento Open Source發行說明。

 

修補程序和升級可用於以下Magento版本:

Magento 社群版 1.9.0.0-1.14.3.7:SUPEE-10415或升級到Magento 社群版 1.14.3.7。

Magento開源碼1.5.0.0-1.9.3.7:SUPEE-10415或升級到Magento開源1.9.3.7。

 

要下載修補程序或版本,請從以下選項中進行選擇:

 

合作夥伴

Magento Commerce 1.14.3.7 Partner Portal > Magento Commerce > Magento Commerce 1.X > Magento Commerce 1.x > Version 1.x Releases > Version 1.14.3.7
SUPEE-10415 Partner Portal > Magento Commerce > Magento Commerce 1.X > Magento Commerce 1.x > Support and Security Patches > Security Patches > Security Patches – November 2017

 

Magento 社群版:

Magento Commerce 1.14.3.7

My Account > Downloads Tab > Magento Commerce 1.X > Magento Commerce 1.x > Version

1.x Releases > Version 1.14.3.7

SUPEE-10415 My Account > Downloads Tab > Magento Commerce 1.X > Magento Commerce 1.x > Support and Security Patches > Security Patches > Security Patches – November 2017

 

Magento 開源碼:

Magento Open Source 1.9.3.7 Magento Open Source Download Page > Release Archive Tab
SUPEE-10415 Magento Open Source Download Page > Release Archive Tab > Magento Open Source Patches – 1.x Section

 

本次更新項目有:

  1. APPSEC-1330: Unsanitized input leading to denial of service
  2. APPSEC-1885: Stored XSS in Product Descriptions
  3. APPSEC-1892: Stored XSS in Visual Merchandiser
  4. APPSEC-1894: Remote Code Execution by leveraging unsafe unserialization
  5. APPSEC-1897: Fix WSDL based patching to work with SOAP V1
  6. APPSEC-1913: Remote Code Execution through Config Manipulation
  7. APPSEC-1914: Stored XSS in CMS Page Area
  8. APPSEC-1915: Remote Code Execution in CMS Page Area
  9. APPSEC-1325: Stored XSS in Billing Agreements
  10. APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution
  11. APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution

 

如欲瞭解更多訊息,請參考Magento官方說明:

https://magento.com/security/patches/supee-10415

以上內容由Astralweb 歐斯瑞編寫製作

 000

推薦文章

Category:
  Magento消息

留下回應

你的電子郵件地址不會被公開.

取得獨家電子商務祕技

建立更好的策略靈感

跟上全球的網路趨勢

絕佳的電商解決方案

電子商務戰略全指南

每月發送電商戰略指南,只要填寫E-mail即可訂閱!

請到您的信箱確認,即可完成訂閱。