Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security, performance and functionality:
- Magento Open Source and Commerce 2.3.2
- Magento Open Source and Commerce 2.2.9
- Magento Open Source and Commerce 2.1.18
- Magento Open Source 184.108.40.206
- Magento Commerce 220.127.116.11
- SUPEE-11155 to patch earlier Magento 1.x versions
These releases include security enhancements that help close cross-site scripting, remote code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we strongly recommend that all merchants upgrade as soon as possible.
The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1. As of June 30, Magento 2.1 will no longer receive security updates or product quality fixes now that its support window has expired.
Starting with the release of Magento Commerce 2.3.2, Magento will now assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This will allow users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment.
The release of Magento 2.3.2 also includes multiple performance and functionality enhancements.
Full details are available in the Magento Commerce and Open Source release notes:
- Magento Commerce and Open Source 2.3
- Magento Commerce and Open Source 2.2
- Magento Commerce and Open Source 2.1