Magento – Critical security issues closed

The developer of the eCommerce software Magento has released updates and patches for Magento Commerce and Open Source, which include several, sometimes classified as critical security gaps. Users of the Magento Commerce versions to including the manufacturer recommends an update to version Magento open source users of versions from up to and including should switch to A patch (SUPEE-10266) is also available for both user groups, which must close gaps in all older versions, but must be entered manually.

The updates and patches protect against remote code execution, cross-site scripting and information leaks. Also in the Magento 2er family there are new releases in the form of the commerce and open-source versions 2.0.16 and 2.1.9, which also fix several vulnerabilities.

Patches for Magento 1
Patches for Magento 2