May 1, 2015
On February 9, 2015 we issued a patch (SUPEE-5344 available here) and alerted our clients and partners about a remote code execution vulnerability in the Magento platform.
To drive awareness of the patch, we’ve issued a series of communications to our ecosystem of partners and directly to our Enterprise Edition and Community Edition customers. We have also encouraged downloads of the patch in collaboration with our partners, and directly through our services team and developer evangelists. In addition to the patch itself, today we are announcing Magento Community Edition 126.96.36.199, which includes SUPEE-5344. The patch was also incorporated into the latest Enterprise Edition release, 1.14.2.
Magento is the largest open source community in eCommerce. Like other open source communities, it requires conscientious stewardship to ensure it remains strong.
We are committed to platform security and are taking proactive steps intended to ensure this. In the coming weeks, we will be establishing the Magento Alert Registry to serve as a direct line of communications in future urgent situations, separate from any marketing communications. By being able to connect with both our Community and Enterprise Edition merchants directly via your preferred method – email, text or social – we will be able to more quickly inform you of steps to resolution.
In managing this situation, we have all have seen the power of the Magento ecosystem coming together to solve a common problem. Together we will continue to define a new future for commerce and we continue to be humbled by your ongoing participation in defining Magento’s future.