Wednesday, February 28, 2018

Security Release: Magento 2.2.3

Magento has released a new update that contains multiple security enhancements. These help to resolve, amongst others, the Cross-Site Scripting (XSS) and authenticated Admin user Remote Code Execution (RCE) vulnerabilities. Here is the complete list of security enhancements introduced by this new release:

APPSEC-1951: JavaScript execution in the administrator panel
APPSEC-1952: Remote Code Execution using media upload
APPSEC-1865: Cross-Site Scripting in customer information
APPSEC-1907: Cross-Site Scripting in Customer Address
APPSEC-1935: Cross-Site Scripting leading to Denial-of-Service

We highly recommend upgrading your existing Magento Community Edition 2.x sites. For more information about these security issues and many others fixed in Magento 2.2.3, please refer to this blog post in the Magento Security Center.

Bitnami has released Bitnami Magento 2.2.3 Helm charts, containers, installers, virtual machines, and cloud images in order to address these security vulnerabilities. If you already have Bitnami Magento running on any of these platforms, you can upgrade the application by following our documentation.

Users launching Bitnami Magento via a cloud provider's marketplace are advised to select version 2.2.3, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami Magento, post them in our community forum, and we will be happy to help you.