Magento has recently released some product and security updates. These new versions provide a range of improvements, including a fix for the recently discovered Zend Framework 1 security vulnerability and quality updates to catalog, payments, and sales modules in Magento 2.
Magento is a widely used open source eCommerce software. A Magento store is also prone to be a target of malicious activities by malware and hackers. And when transacting online, using credit cards or other mode of payment, security is of utmost importance. Even though Magento gets patched for security reasons on a regular basis, below is the detailed list of best practices which can be applied on Magento to mitigate the vulnerabilities.
A new Magento vulnerability has been found in a Zend Framework 1 and 2 EMAIL COMPONENT. The component is used by all Magento 1 and Magento 2 software and other PHP solutions. This vulnerability is serious and can lead to a remote code execution attack if your server uses Sendmail as a mail transport agent.
Magento 2 is faster. M2 supports PHP 7, which frequently delivers a doubling in performance over previous PHP releases. The new default indexers in Magento 2 include all of the functionality as in the previous enterprise versions. The difference is that they come with more efficient updates and have been improved to speed up the query performance.
SUPEE-8788 is the latest security patch for Magento released on October 11, 2016 that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.
