Security¶

New Release 20.10.1

With this security update a single issue was fixed. ¹

New Release 20.5.0

🎉🎉🎉 We are thrilled to announce OpenMage 20.5.0, the latest and greatest version of your favorite ecommerce platform! 🎉🎉🎉

This release surely packs a good amount of new features, so much so that we had to add a dedicated section to the changelog! But it also comes with a bunch of bugfix, components updates and most importantly a security fix! ¹

New Release 19.4.23 and 20.0.20

With this security update a single issue was fixed.

New Release 19.4.22 and 20.0.19

This important security update includes six security issues:

New Release 19.4.15 and 20.0.13

With the release of OpenMage 19.4.15 ¹ and 20.0.13 ², the system is now fully compatible with PHP 8.

New Release 19.4.13 and 20.0.10

Placeholder for the change ^{1 2}

• CVE-2021-21426 ³- Fixing a bug in Zend Framework’s Stream HTTP Wrapper
• CVE-2021-21427 ⁴ - Security Update for SQLi for Magento 2 (a backport of CVE-2021-3007 of laminas-http)

New Release 19.4.10 and 20.0.6

Placeholder for the change ^{1 2}

• CVE-2020-15244 ³ CMS Editor code execution
• CVE-2020-26285 ⁴ Widget instances allows a hacker to inject an executable file on the server
• CVE-2020-26252 ⁵ Layout XML RCE Vulnerability

New Release 19.4.8 and 20.0.4

CVE-2020-15244 ³ is our second OpenMage CVE and our first CVE that is wholly independent of Adobe! ^{1 2}

New Release 19.4.6 and 20.0.2

Our Release Today marks a new and Important Milestone for the OpenMage Project. Not even 2 Months since the end of life for Magento 1, we are now shipping the first Security Patch, which is not included in the official Magento 1 Release.