Browse Cities

Zend Framework Vulnerability Requires Immediate Action

Magento 2 Migration

Earlier this month Magento has identified a new vulnerability with a Zend Framework 1 and 2 email component used by all Magento 1 and 2 software. This is considered a serious vulnerability that can lead to remote code execution.

To protect your site, system administrators should immediately do the following:

  • Check site mail sending settings used to control the “Reply to” address for your store’s emails.
  • For Magento 1 – Go to System > Configuration > Advanced > System > Mail Sending Settings > Set Return-Path
  • For Magento 2 – Go to Stores > Configuration > Advanced > System > Mail Sending Settings > Set Return-Path

 
Should you find that the “Set Return-Path” is set to “Yes” and that your server uses Sendmail, your store is vulnerable to this exploit.

Magento Enterprise Cloud Edition customers do not need to worry about this vulnerability as Magento has already checked and verified your configurations.

For more information on Magento News, Updates, and Security, visit the resources:

Having Trouble Keeping Up With Security Updates?
Forix can help. Get in touch and see how our Magento Managed Support Services can keep your site running and secure.

Related Articles:

We want to ensure your brand delivers a best-in-class shopping experience.

Let’s Talk.

Start with a conversation. From there, we can build a plan.


    Book A Time

    Let’s get something scheduled.