Magento leads the league of global Open Source eCommerce platforms enjoying 10.21 % share in the top 1million Alexa top websites. This has been rated the most popular eCommerce platform around the globe, which offers a wide range of premium Magento extensionsand themes for website owners to sell products better.
Magento aims at serving the online merchants and buyers with most powerful features using eCommerce Extensions and unbeatable security and hence security updates are released to improve performance and security of the online shopping websites.
Recently, Magento also released its latest update 2.0.6 for Magento Community Edition, which includes security enhancements and many other functional fixes and enhancements.
Fixed Issues
Once the cache is clear, the 400 bad request error message no longer exists or returns. Previously this issue occurred with Magento instances that were running on GoDaddy.
Security Enhancements
The latest release for Magento Community Edition includes enhancement s to improve the security of Magento installation. The update comes with various security benefits as no attacks related issues have been reported till date with this edition. Experts highly recommend that you upgrade the existing Magento installation to make your store safer and reliable as soon as possible.
Here is a list of security issues fixed in this release:
1.No unauthenticated user is allowed to remotely execute code on the server through APIs.
2.Authenticated customers are no longer allowed to change other registered users’ account information using either SOAP or REST calls.
3.Retrieving private data of registered customers is no longer in the limits of anonymous users. Magento has announced the quote_id_mask table of the Quote API includes no cart id mask value.
4.Customers with minimum privileges are no longer allowed to force re-install of Magento.
5.Once installation process has completed, Magento installation code cannot be accessed.
6.Internal path information is not disclosed during the installation process.
7.The administrator URL is not disclosed to an unauthenticated user during setup.
8.The path to the file where the error occurred is no longer included in the application error message.
9.Instead of the customer key, Magento now bases the OAuth customer key expiration from when token exchange begins when an integration is created.
10.The guest cart can be assigned only by a registered user. Previously, an anonymous user could modify the state of a registered customer.
Functional Enhancements
With the latest security update, Magento aims to provide a more flexible way for the users to set file ownership and permission. You need to make sure the files and directories are writable for installation, instead of setting permission explicitly.
Upgrade Existing Installations
If you are currently using the Magento Community Edition 2.0.0 from archive, additional tasks may be required to perform to upgrade the current installation. First update the installet from the command file and then update the installation from Command Line or Web Setup Wizard.
Installation upgrade from Web Setup Wizard.
Log in to Admin.
Click System. Under Tools, choose Web Setup Wizard.
Follow the onscreen instructions to complete the upgrade after you click System Upgrade.
Installation upgrade from GitHub Repository
If you contribute to the CE code base, upgrade can be executed manually from the Magento CE GitHub repository. Follow the given steps to upgrade.
Go to the Contributing Developers Page.
Follow the instructions to update.
If you’re new to the development or have no technical knowledge about installation update, let the experts take charge with professional Magento store upgrade service and stay relaxed about the safety of your store.