cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 2.0.6 Provides Important Security and Functional Updates

Magento 2.0.6 Provides Important Security and Functional Updates

Today, we are releasing Magento Enterprise Edition and Community Edition 2.0.6, which contain important functional improvements. You can now use Redis for session storage and a file permission issue has been fixed by providing a more flexible way to set file ownership. Full details on the functional enhancements are included in the release notes for Enterprise Edition and Community Edition.

 

Additionally, the release has several security improvements, including:

  • Stopping unauthenticated users from using REST or SOAP API calls to remotely execute malicious code on the server.
  • Preventing a site from being remotely triggered to reinstall itself so that the attacker can potentially take control of it.
  • No longer allowing authenticated customers to change other customers’ account information using SOAP or REST API calls.
  • Fully resolving a previous vulnerability with cross-site scripting in the Authorize.net payment module.

 

More information regarding the security updates is available on the Magento Security Center.

 

ACCESSING THE RELEASE

You are advised to deploy this new release right away. It can be accessed from the following locations:

 

  • Enterprise Edition

Enterprise Edition 2.0.6 (New .zip file installations)

My Account > Downloads > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.6

Enterprise Edition 2.0.6 (New composer installations)

http://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html

Enterprise Edition 2.0.6 (Composer upgrades)

http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

 

  • Community Edition

Community Edition 2.0.6 (New .zip file installations)

Community Edition Download Page > Download Tab

 

Community Edition 2.0.6 (New composer installations)

http://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html

Community Edition 2.0.6 (Composer upgrades)

http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

Community Edition 2.0.6 (Developers contributing to the CE code base)

http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/dev_options.html

 

  • Partners

Enterprise Edition 2.0.6 (New .zip file installations)

Partner Portal > Downloads  > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.6

Enterprise Edition 2.0.6 (New composer installations)

http://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html

Enterprise Edition 2.0.6 (Composer upgrades)

http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

 

If you have not previously upgraded to Magento Enterprise Edition 2.0.2 or later releases, you should review the upgrade information posted on our Security Center as there are some additional steps you may need to take. This update should be installed and tested in a development environment before being put into production. Also, please use this occasion to do a security assessment in accordance with our Security Best Practices.

 

Thank you for your prompt attention to these issues.

--

Community Manager, Magento
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: https://magento.com/resources/technical