Newsfeed Support in your Admin Panel
With our patch MO-23 we introduce a new Mage One feature: Patch Notification via your Magento admin panel. As soon as we release new patches, your admin panel will give you a notification on login.
Custom Patch Notification Mail Address
If you would like to receive our newsletter with an email address other than your account email address on my.mage-one.com, you can change it now under “user settings” in our platform!
This patch Improves compatibility of 3rd party integrations by flagging cookies as
This patch prevents access to the
./downloader directory which was used for the “CardBleed” attack.
We added a few lines to
./downloader/.htaccess. If you want access
./downloader you have to add # in front of the 2 lines at the beginning.
This patch adds patch notification to your admin panel. As soon as a patch is released you’ll be notified on you next login to your shop’s admin panel.
With MO-18 wie improved the formkey validation. Unfortunately this results in a lot of error log entries if you shop is subject of a brute force attack. We changed the way these errors are logged to prevent flooding of your error log files.
An administrator with permission to update product data was able to store an executable file on the server and load it via layout xml. We improved layout xml security with some additional sanitation checks for method executions.
Thanks to Edgar Boda-Majer for sharing his findings!
You can download these patches in your customer account at https://my.mage-one.com/patches. Everything you need to know about the issue and how to install it is explained there.