Magento Commerce Enterprise Edition (EE) Version 220.127.116.11 is now available for download and upgrade.
Magento EE 18.104.22.168 provides merchants with performance optimizations, the USPS API patch from June (SUPEE-6237), and four Magento Security Patches (SUPEE-5994, SUPEE-6285, SUPEE-6482), including the new one issued earlier this week, SUPEE-6482.
There are no confirmed reports of attacks related to these issues to-date, but it is important that you either upgrade to Magento EE 22.214.171.124 or deploy the patch immediately in order to protect your store.
Magento Enterprise Edition 126.96.36.199 include:-
- Improvements: Addressed performance issue related to Google Tag Manager.
- Improvements: Addressed performance issues related to logging module.
- Fixes: Fixed an issue that caused content from a block saved in the HTML output cache to be loaded into a CMS static block.
- SUPEE-6482 – Autoloaded File Inclusion in Magento SOAP API: Incorrect validation of a SOAP API request makes it possible to autoload code. The exploit requires the attacker to first log in with API credentials. Depending on the PHP version and/or configuration settings, code can then be loaded from a remote location.
- SUPEE-6482 – SSRF Vulnerability in WSDL File: Incorrect encoding of API password can lead to probing internal network resources or remote file inclusion.
- SUPEE-6482 – XSS in Gift Registry Search: Cross-site scripting vulnerability affects registered users. Attack through unescaped search parameter. Risk of cookie theft and impersonating as the user.
- SUPEE-6237 – USPS API Patch: On May 31, 2015, USPS made changes to their API that impact international shipping rate requests to and from Canada. As a result, some Canadian shipping rates are returned incorrectly, and customers are unable to see all available shipping options. The USPS API patch was released on June 18, to ensure that Canadian international shipping rates are returned correctly, and that customers can see all available shipping options during checkout. The patch is included as part of the Magento Enterprise 188.8.131.52 release.
Magento Mobile SDK for Android
The Magento Mobile Software Development Kit (SDK) for Android is also available. The Magento Mobile SDK for Android includes a library of Android resources that makes it faster and easier to create full-featured Magento mobile applications. The SDK is available only to Enterprise Edition customers, and includes a sample application that can be customized by merchants to accelerate development. With this release, Enterprise Edition merchants can more easily create both iOS and Android applications. The Mobile Software Development Kit is available for download from the Partner Portal and from the dashboard of your Magento account.
For more technical information about Magento EE 184.108.40.206, please visit the release notes.
Please Note: We do NOT recommend upgrading a production installation of Magento directly. Please backup database and all files before upgrading. Please make sure to check for compatibility of your plugins and themes before you upgrade.