Magento 2.0.4 Security Update

Released on March 31, 2016, the Magento Enterprise Edition and Community Edition 2.0.4 update is the latest patch available for both the enterprise and community editions of Magento. This update includes performance enhancements and addresses various security vulnerabilities that can threaten the safety of your Magento store. This update highlights a number of reforms in order to defend your Magento platform and ensure its protection from exposure to these hazardous security threats:

  • Cross-Site Scripting. Posing a risk level of 9.3, cross-site scripting can pose a critical risk to your Magento system. This upgrade can protect your system from the possibility of faulty JavaScript code being used as a username during customer registration. The questionable JavaScript can then be administered when an admin accepts the user in the back and requests a report of reviews. This code can control the system, resulting in the theft of the admin’s session and cause the system to be compromised. Another compromising cross-site-scripting issue includes several parameters in authorize.net checkout forms being susceptible to cross-site attacks.
  • Insufficient Data Protection. Encryption forms modified and produced by the system of managing encryption keys are vulnerable to hackers, who can get access to encrypted material and obtain information about the encryption areas. New encryption keys featured in the update provide additional protection from this threat.
  • Remote Code Execution. With a security risk rated as 6.1, remote code executions present a medium risk to your Magento system. Problems found in earlier Magento versions allow intruders to fool a user into clicking on and installing a language package with malicious intentions and administer an attack from a remote area.
  • Brute Force and/or Insufficient Anti-Automation. With the severity rating of 5.9, this problem presents a medium risk to Magento platforms. Issues with the admin and customer token APIs include the fact that they do not require caps on password attempts. This creates an opportunity for potential hackers to guess passwords and eventually obtain access to an administrative account.
  • Information Disclosure. With a severity rating of 5.3, information disclosure threats pose a medium risk to a Magento system. This issue revolves around the Magento Web APIs, which can permit unknown users to obtain information that a customer and merchant may want to keep private. This repair alters the permissions so that the majority of APIS, apart from those necessary for guest checkout and functions such as additions to cart operations, do not permit the access of unknown users on a default basis.

Overall, the Magento 2.0.4 Security Update can offer numerous benefits such as improved security and enhanced protection from the possibility of multiple hazardous security threats. Forix recommends that all Magento merchants upgrade as soon as they can in order ensure the safety of their Magento software and access the advantages of improved protection and functionality.

Note: Magento owners who have not downloaded an older version of a Magento 2.0 upgrade should proceed by installing Magento Enterprise Edition or Community Edition 2.0.4.

Get Magento 2.0.4 Security Update installed today

The experts at Forix know the ins and outs of Magento security upgrades and are familiar with the process of installing upgrades like 2.0.4. If you have any questions or concerns regarding the proper installation and implementation of your Magento upgrade, consider reaching out to the professionals with Forix, who can manage any issues that can arise during the installation process.