- PRODSECBUG-2198: SQL Injection vulnerability through an unauthenticated user
- PRODSECBUG-2236: SQL Injection and cross-site scripting vulnerability in Catalog section (XSS)
- PRODSECBUG-2192: Remote code execution though crafted newsletter and email templates
- PRODSECBUG-2287: Remote code execution through email template
We highly recommend upgrading your existing Magento Community Edition 2.x sites. For more information about these security issues and many others fixed in Magento 2.3.1, please refer to this blog post in the Magento Security Center.
Bitnami has released Bitnami Magento 2.3.1 Helm charts, containers, installers, virtual machines, and cloud images in order to address these security vulnerabilities. If you already have Bitnami Magento running on any of these platforms, you can upgrade the application by following our documentation.
Users launching Bitnami Magento via a cloud provider's marketplace are advised to select version 2.3.1, once it is published. Installations based on previous versions will need to be upgraded as described above.
If you have additional questions about Bitnami Magento, post them in our community forum, and we will be happy to help you.