The developer of the eCommerce software Magento has released updates and patches for Magento Commerce and Open Source, which include several, sometimes classified as critical security gaps. Users of the Magento Commerce versions 126.96.36.199 to 188.8.131.52 including the manufacturer recommends an update to version 184.108.40.206. Magento open source users of versions from 220.127.116.11 up to and including 18.104.22.168 should switch to 22.214.171.124. A patch (SUPEE-10266) is also available for both user groups, which must close gaps in all older versions, but must be entered manually.
The updates and patches protect against remote code execution, cross-site scripting and information leaks. Also in the Magento 2er family there are new releases in the form of the commerce and open-source versions 2.0.16 and 2.1.9, which also fix several vulnerabilities.