Suche

Kontakt

OpenMage 19.4.22/23 and 20.0.19/20 Releases

Nick Weisser

·

·

OpenMage Hacker Swiss Mountains

OpenMage 19.4.22 and 20.0.19

On January 26, 2023 versions 19.4.22 and 20.0.19 were released including 6 security fixes:

  • CVE-2021-21395 – GHSA-r3c9-9j5q-pwv4 – Reset Password not protected against well-timed CSRF
  • CVE-2021-41144 – GHSA-5j2g-3ph4-rgvm – Fix for authenticated remote code execution through layout update
  • CVE-2021-41143 – GHSA-5vpv-xmcj-9q85 – Fix for arbitrary file deletion in customer media allows for remote code execution
  • CVE-2021-41231 – GHSA-h632-p764-pjqm – DataFlow upload remote code execution vulnerability
  • CVE-2021-39217 – GHSA-c9q3-r4rv-mjm7 – Fix for arbitrary command execution in custom layout update through blocks
  • CVE-2023-23617 – GHSA-3p73-mm7v-4f6m – DoS vulnerability in MaliciousCode filter

All of these updates should be totally backward compatible, except one, CVE-2021-21395 – GHSA-r3c9-9j5q-pwv4 – Reset Password not protected against well-timed CSRF in fact is a breaking change and you will need to take action after upgrading to this version of OpenMage.

Specifically, you will have to modify the customer/form/resetforgottenpassword.phtml file of your custom theme (in case you have customized it) and add this code

In case your custom theme does not have the customer/form/resetforgottenpassword.phtml or in case you are not using a custom theme then you will not have to do the aforementioned procedure.

OpenMage 19.4.23 and 20.0.20

On February 2, 2023 Fabrizio Balliano released security updates OpenMage 19.4.23 and 20.0.20:

  • single fix regarding CVE-2020-27511
  • ReDos (Regular Expression Denial of Service) vulnerability in prototypejs

About OpenMage LTS

OpenMage LTS Is the new life of Magento 1 Community Edition, free of any charges. Migrate easily from Magento Community Edition. The OpenMage community is continuing to support Magento 1 by releasing security patches, tending to bugs, and providing general improvements to the platform. You can upgrade your Magento 1 installation, or set up a new store from GitHub.

OpenMage Version 19.x

Will be an LTS Version with indefinite Lifetime, but at least 5 Years. It will ensure a maximum on backwards compatibility to Magento 1.

OpenMage Version 20.x

Will not be backward compatible with Magento. It is an independent project in which there will be bolder changes.

Credits

  • Release notes from OpenMage Github
  • Picture made with Midjourney
Aktuelle Artikel
Kategorien
Beliebte Tags

AI blockchain ecommerce ethics events Magento marketing Metaverse NFTs privacy security SEO shopify socialmedia update WooCommerce WordPress

Beyond the Meme

Der englischsprachige Podcast von Openstream. Discover how memes, AI, and digital culture shape our world, challenge norms, and redefine what it means to be human.

spotify-podcast-badge
Listen on Apple Podcast
,

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert