SUPEE-10975 and new magento versions
On the 28th of November Magento released the following versions for Magento: 2.3, 2.2.7, 2.1.16, 184.108.40.206 and 220.127.116.11. In addition to these new versions they also released SUPEE-10975. The new versions plus the SUPEE fix some critical security issues in Magento and it is highly recommended you patch or upgrade as soon as possible. Magereport now supports these new versions and there is a new SUPEE-10975 check which checks if your shop has been patched. Please note that we can only detect SUPEE-10975 for Magento versions higher than 1.9.1.x and Magento version higher than 1.14.1.x.
For some time now there has been an issue where shops which are located in a sub-path of the website i.e. example.com/shop/ would not get added to the sidebar for easy re-use in the future. This has now been fixed.
Thanks to Mattias Glitzner-Zeis (@mzeis) for the notification.
New malware signatures
With the recent Magecart zero day exploits there have been a ton of additions to the malware signatures Magereport uses for its checks. Over a thousand additions were made to make sure we have the latest malware signatures available. However we are aware that there are always more malware signatures to find. Feel like contributing to the cause by providing malware signatures? We make heavy use of Willem de Groot’s magento-malware-scanner for our signatures. Open a PR with malware signatures there if you want them to be incorporated in Magereport as fast as possible.
Updated EM_Ajaxproducts RCE title
We were notified that there were two checks for an EM_Ajaxproducts module. That was correct, but they were for different vulnerabilities. We’ve updated the title to make sure there’s no more confusion.
Thanks to who-ever reported it! Unfortunately we’re having a hard time finding who it was.
- We’ve updated our SSL certificate so we stay secure.
- We’ve updated our automation for updating SSL certificates so it’s easier to deploy.