Magento LiteMage Extension version 1.0.9 is now available for download and upgrade.
Magento LiteMage Extension is one of the component for LiteMage Cache which is installed in each Magento store to control what should and should not be cached (ESI Hole Punching).
We skipped the announcements for version 1.0.6, 1.0.7 and 1.0.8 as there’s not much improvements which are important. Version 1.0.9 is different from the previous versions though as it greatly improves LiteMage’s compatibility with other customized extensions.
If you have tried LiteMage in the past where it is incompatible with your Magento store, we highly recommend that you give it a try again with version 1.0.9.
WordPress 4.3 is now available for download and upgrade. New features in 4.3 make it even easier to format your content and customize your site.
Menus in the Customizer
Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.
Magento Commerce Enterprise Edition (EE) Version 126.96.36.199 is now available for download and upgrade.
Magento EE 188.8.131.52 provides merchants with performance optimizations, the USPS API patch from June (SUPEE-6237), and four Magento Security Patches (SUPEE-5994, SUPEE-6285, SUPEE-6482), including the new one issued earlier this week, SUPEE-6482.
There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento EE 184.108.40.206 or deploy the patch immediately in order to protect your store.
Magento Commerce Community Edition (CE) Version 220.127.116.11 is now available for download and upgrade.
Magento CE 18.104.22.168 is a security release which includes the latest Magento Security Patch, SUPEE-6482.
SUPEE-6482 addresses two security issues identified through Magento’s comprehensive security program and resolves two issues related to APIs and two cross-site scripting risks.
There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento 22.214.171.124 or deploy the patch immediately in order to protect your store.
The four security issues covered by SUPEE-6482 are:-
- Autoloaded File Inclusion in Magento SOAP API: Incorrect validation of a SOAP API request makes it possible to autoload code. The exploit requires the attacker to first log in with API credentials. Depending on the PHP version and/or configuration settings, code can then be loaded from a remote location.
- SSRF Vulnerability in WSDL File: Incorrect encoding of API password can lead to probing internal network resources or remote file inclusion.
Magento CE 126.96.36.199 also includes these Magento Security Patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285
For more technical information about Magento CE 188.8.131.52, please visit the release notes.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check for compatibility of your plugins and themes before you upgrade.
WordPress 4.2.4 is now available for download and upgrade.
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress 4.2.4 addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.
WordPress 4.2.4 also fixes four bugs. For more information on all of the changes, see the release notes or consult the list of changes.
Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.