Fix Magento 2.3 issues right now!
For customers who have already on the newest version of Magento Commerce, we sadly to inform you that the Magento team have identified a security vulnerability you need to be aware of.
On October 2019, Magento released an update for Magento 2.3.3. One of the issues addressed in this update mitigates a critical vulnerability that allows remote code execution through a crafted Page Builder template - CVE-2019-8144.
How to fix
For different versions of Magento Commerce
- For Magento 2.3.1— Install the MDVA-22979_EE_2.3.1_v1 patch now and then schedule your upgrade to 2.3.3 or 2.3.2-p2 as soon as possible
- For Magento 2.3.2 — Install the MDVA-22979_EE_2.3.2_v1 patch now, then schedule your upgrade to 2.3.3 or 2.3.2-p2 as soon as possible
- Instructions to Install the patch:
- For Magento Cloud customers: Ensure they are on or have upgraded to, the latest version of ece-tools (2002.0.22 or higher). In either case, redeploy your entire instance and the patch will be installed automatically.
For On-premise customers
Download and install the patch from the My Account/Downloads tab if you’re on 2.3.1 or 2.3.2 2.
So please quickly check the performance of the page and server for signs of compromise. You should restart the server to remove any activities that are running in memory only.
Besides, it’s important to review all administrative and third-party user accounts (including application accounts at support.magento.com and accounts.magento.com). You should pay extra attention to any administrative logins from unknown IP’s or newly created administrative accounts that are unrecognized.
For more safety, you can:
- Reset all administrative user account passwords
- Rotate all SSH access keys.
- Remove any unknown or unused accounts you identify.
Contact Magenest for more support and problem fixing!
How to Get and Set Config Value programmatically in Magento 2August 13, 2019
How to send email in Magento 2 programmaticallyMay 1, 2019
How to add custom fields in Product Edit pages in Magento 2April 19, 2019
Add more columns to Sales order grid in Magento 2November 20, 2019
Magento Black Friday 2019: Huge deals for M2 extensionsNovember 20, 2019
Do you ACTUALLY need eCommerce Loyalty Program?November 7, 2019
How to create a Custom Widget in Magento 2December 4, 2019
Fix Magento 2.3 issues right now!November 23, 2019
Best Store Locator Page Examples: Sell online & offline smarterNovember 22, 2019