The Magento project has released a new update that fixes several security vulnerabilities. A few of the notable fixes include:
- APPSEC1420: Magento no longer permits an unauthenticated user to remotely execute code on the server through APIs.
- APPSEC1421: The Magento installation code is no longer accessible once the installation process has completed.
- APPSEC1422: Magento no longer allows authenticated customers to change other customers' account information using either SOAP or REST calls.
We highly recommend upgrading your existing Magento Community Edition 2.0 sites. For more information about the security issues fixed with this recently released update, please check out Magento's Security Center.
We have released Bitnami Magento 2.0.6 installers, virtual machines and cloud images that fix the security issues.
If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps on our wiki page:
Do you have additional questions about Bitnami Magento? Post to our community forum, and we will be happy to help you.