歐斯瑞官網全新上線!專業團隊持續為您服務!

MAGENTO 2.2.3, 2.1.12和2.0.18 安全性更新

MAGENTO 2.2.3, 2.1.12和2.0.18 安全性更新

Magento企業版和社群版2.2.3, 2.1.12, 2.0.18包含多個安全增強功能,可以幫助關閉跨網站指令碼(XSS)、經驗證管理用戶身分的遠程代碼執行(RCE)以及其他漏洞。

 

這些版本也包含了其他的修補程序,想要了解更多功能修復的相關訊息,可參閱Magento 2.0.18, 2.1.12, 2.2.3版本的發行說明。

 

之前尚未下載過Magento 2版本的使用者請直接進入Magento企業版或社群版2.2.3進行操作。


有關如何保護您網站的其他相關信息,請參閱最佳安全做法

https://magento.com/security/best-practices/security-best-practices

 

請從以下選項中,選擇適合的更新版本:

 

合作夥伴

 

Magento Commerce 2.2.3 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.3
Magento Commerce 2.1.12 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.12
Magento Commerce 2.0.18 (New .zip file installations) Partner Portal > Downloads  > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.18
Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (New composer installations) https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html
Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades) https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 企業版:

 

Magento Commerce 2.2.3 (New .zip file installations)

My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.2.3

Magento Commerce 2.1.12 (New .zip file installations)

 My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.1.12

Magento Commerce 2.0.18 (New .zip file installations)

My Account > Downloads > Magento Commerce 2.X > Magento Commerce 2.x Release > Version 2.0.18

Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (New composer installations)

https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html
Magento Commerce 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades)

https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

 

Magento 社群版:

 

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (New .zip file installations)

 Magento Open Source Download Page > Download Tab

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (New composer installations)

https://devdocs.magento.com/guides/v2.2/install-gde/prereq/integrator_install.html

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (Composer upgrades)

https://devdocs.magento.com/guides/v2.2/comp-mgr/bk-compman-upgrade-guide.html

Magento Open Source 2.2.3, 2.1.12 and 2.0.18 (Developers contributing to the Open Source code base)

https://devdocs.magento.com/guides/v2.2/install-gde/install/cli/dev_options.html

 

本次更新項目有:

  1. APPSEC-1951: JavaScript execution in the administrator panel
  2. APPSEC-1952: Remote Code Execution using media upload
  3. APPSEC-1865: Cross-Site Scripting in customer information
  4. APPSEC-1907: Cross-site Scripting in Customer Address
  5. APPSEC-1935: Cros-site Scripting leading to Denial-of-Service
  6. APPSEC-1977: Common Server Misconfiguration causes data leak
  7. APPSEC-1901: Local file inclusion in customer view
  8. APPSEC-1994: CSRF in Store Backups
  9. APPSEC-1986: Local file inclusion in import history
  10. APPSEC-1929: Path Traversal in Image Upload
  11. APPSEC-1960: Path Traversal in static.php file
  12. APPSEC-1879: Cross-site Scripting in Downloadable Products
  13. APPSEC-1891: Cross-site Scripting in Admin Shipment tracking
  14. APPSEC-1905: Cross-site Scripting in detailed rating
  15. APPSEC-1906: Cross-site Scripting in System Configuration
  16. APPSEC-1908/1948: Cross-site Scripting in custom variable
  17. APPSEC-1916: Cross-site Scripting in Attribute Group Name
  18. APPSEC-1928: Cross-site Scripting in Downloadable Product Link
  19. APPSEC-1944: Cross-site Scripting in Date fields
  20. APPSEC-1945: Cross-site Scripting in Product SKU
  21. APPSEC-1947: Cross-site Scripting in RMA functionality
  22. APPSEC-1973: Cross-site Scripting in Newsletter Template
  23. APPSEC-1873/1979/1980: Cross-site Scripting in Site Settings
  24. APPSEC-1995: Cross-site Scripting in Downloadable Products
  25. APPSEC-1998: Cross-site Scripting in Product Attributes
  26. APPSEC-1878/1890: Cross-site Scripting in CMS hierarchy
  27. APSSEC-1488: Cross-site Scripting in Status Message (continuation)
  28. APPSEC-1272: No CSRF Protection in Order Printing
  29. APPSEC-1889: CSRF Protection Bypass
  30. APPSEC-1553: Access to Gift Registries of Other Users
  31. APPSEC-1937: Information Exposure
  32. APPSEC-1895: Information Exposure
  33. APPSEC-1967: Password Change Session Management
  34. APPSEC-1972: Password Reset Session Management

 

如欲瞭解更多訊息,請參考Magento官方說明:

https://magento.com/security/patches/magento-2.2.3-2.1.12-and-2.0.18-security-update

 

電商快訊

分享此文章

我要留言

你的電子郵件位址並不會被公開。 必要欄位標記為 *

Related Posts

跨境電商在東協十國 2018-09-25

東協十國,跨境電商大金礦!

Read More
2022-12-26

電商賣家注意!網路銷售稅籍登記新規定上路

Read More
安全性漏洞linux 2016-10-26

小心髒牛! Linux的安全性漏洞

Read More
2019-05-21

Magento 開源版軟體維護政策

Read More
2018-03-02

Magento  SUPEE-10570安全性修補通知

Read More
2017-10-13

Magento 安全更新 SUPEE-10266

Read More

WHY ASTRALWEB

讓歐斯瑞陪伴,安心開展電商渠道

具備官方認證的專業團隊,與您一起開創業績前線

架構規劃

不容忽略的建置根基,依需求通盤考量,打造安全穩定的網站

系統整合

ERP、POS、CRM...等系統串接,有效增進企業內部操作效率

功能客製

市面既有功能無法滿足需求?就交給歐斯瑞客製開發

資安保障

掌握最新網路安全訊息,即時提供應有配套措施

速度優化

優化網頁載入速度,讓客戶得到更佳體驗,增進黏著度

即時監控

不停休的監控服務,快速協助解決異常問題

(02)2928-0909