Download your Invoices
We also upgraded our platform. For more self service you can now check the status of your invoices, pay them directly via a [pay now]
link and download the PDFs. Just click Invoices
in the main menu.
Patch MO-26
This patch Improves cookie handling for cookies created by Mage.Cookies
.
Patch MO-27
An administrator with permission to import/export data and to create widget instances was able to store an executable file on the server and load it via layout xml.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-28
An administrator with permission to create products was able to inject an executable file on the server via wishlist functionality.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-29
An administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-30
Improves our patch MO-20 — An administrator with permission to access System > Permissions > Variables
was able to add config paths for encrypted config fields to the allow list. This made it possible to view the decrypted value of private information.
Patch MO-31
Improves MO-21 — Compatibility of 3rd party integrations by flagging cookies as SameSite=None
.
Patch MO-32
Fixes MO-23 — It’s the end of a very special and busy year. This patch fixes the duplicate protocol handler in the news feed url.
You can download these patches in your customer account at https://my.mage-one.com/patches. Everything you need to know about the issue and how to install it is explained there.