New Security Patch (SUPEE-9652), CE/EE 2.1.4 & 2.0.12 and EE 220.127.116.11, CE 18.104.22.168 Released
Magento has recently released some product and security updates. These new versions provide a range of improvements, including a fix for the recently discovered Zend Framework 1 security vulnerability and quality updates to catalog, payments, and sales modules in Magento 2.
Enterprise Editions 2.1.4 and 2.0.12 & Community Editions 2.1.4 and 2.0.12
These new versions contain more than 20 functional fixes and enhancements, and one security enhancement. Following are the highlights:
- Removal of vulnerability with the Zend framework Zend_Mail For more information, see New Zend Framework 1 Security Vulnerability.
- Updates to the catalog, checkout, indexers, installation, configuration & deployment, payment methods, and sales modules.
Enterprise Cloud Editions 2.1.4 and 2.0.12
Here is the up-to-date information about changes, additions, and fixes to the Magento Enterprise Cloud Edition for versions 2.1.4 and 2.0.12:
- MDVA-913 patch has been removed because the issue is now fixed in Magento Enterprise Edition 2.1.4.
- Fixes in this release: When you disable a module and deploy it to the remote Cloud server, the module stays disabled.
Enterprise Edition 22.214.171.124, Community Edition 126.96.36.199, and the SUPEE-9652 patch resolve the Zend Framework 1 Issue
These patches address the following issues:
- Removal of vulnerability with the Zend framework Zend_Mail library.
- Updated the copyright year to 2017.
It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. As a best practice, install and test these releases in a development environment before releasing into production to avoid any disruption to your store.