Magento is releasing new versions of our Magento Open Source (formerly Community Edition) and Magento Commerce (formerly Enterprise Edition) products to improve product security:
Magento Open Source and Magento Commerce 2.1.9
Magento Open Source and Magento Commerce 2.0.16
Magento Commerce 22.214.171.124
Magento Open Source 126.96.36.199
SUPEE-10266 (patch for earlier Magento 1.x versions)
These releases contain almost 40 security changes and enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
We’ve also updated the USPS API in Magento 2.x to support service changes that USPS enacted on September 1, 2017. After installing or upgrading to this release, the discontinued “First-Class Mail Parcel” service will change to “First-Class Package Service – Retail.” Patches are also available for Magento 1.x versions. More information about this change is available in ourTechnical Bulletin.
We strongly recommend that all merchants upgrade to these versionsas soon as is reasonably possible.