Skip to content

New Release 19.4.8 and 20.0.4

CVE-2020-15244 3 is our second OpenMage CVE and our first CVE that is wholly independent of Adobe! 1 2

This vulnerability was disclosed to us privately from a community member via our HackerOne 4 program and patched in versions 19.4.8 and 20.0.4. Please update to one of these version to receive the patch.

A big thanks to Luke Rogers for submitting the report!

  1. https://github.com/OpenMage/magento-lts/releases/tag/v19.4.8 

  2. https://github.com/OpenMage/magento-lts/releases/tag/v20.0.4 

  3. https://github.com/advisories/GHSA-jrgf-vfw2-hj26 

  4. https://hackerone.com