With the last quarter of the year upon us and the holidays quickly approaching, ensuring that your website is up-to-date and has the latest security fixes is imperative to a successful end of the year.
Last month, both Magento and WordPress released security updates that site administrators should implement as soon as possible to ensure increased security, performance, and functionality.
WSM strongly recommends applying upgrades as soon as possible. If you’re unsure if your site is affected by these security fixes, please contact us and we can help with a security review.
Magento Commerce and Open Source
Magento released the following new versions of Magento Commerce and Magento Open Source that address security enhancements that help close cross-site scripting, request forgery, and other security issues:
- Magento Commerce 2.2.6
- Magento Open Source 2.2.6
- Magento Commerce 2.1.15
- Magento Open Source 2.1.15
- Magento Open Source 1.9.3.10
- Magento Commerce 1.14.3.10
- SUPEE-10888 to patch earlier Magento 1.x versions
Though no confirmed hacks due to the security fixes have occurred to date, it is recommended that you update to the latest version to avoid any exploitation of customer information or administration sessions.
WordPress
Recently, WordPress released WordPress 4.9.8, which is a maintenance release that fixes 46 bugs. Within those bugs are 18 privacy fixes specifically aimed at the new personal data tools rolled out in 4.9.6. These include:
- For all privacy confirmation emails, the type of request being confirmed is now included in the subject line.
- Improved consistency with site name being used for privacy emails in multisite
- Pagination for Privacy request admin screens can now be adjusted
- Increased test coverage for several core privacy functions
The new WordPress version also introduces a new “Try Gutenberg” callout that allows users to try the Gutenberg block editor before its release in WordPress 5.0.
Read a full description of everything that is included in the new WordPress.
Need help applying these and future updates?
WSM provides managed services to companies of all sizes and helps ensure that critical security patches and updates never go unmissed. Learn more about our managed services offerings today or contact us for help applying these updates to your website.