雖然我們是 OpenCart 系統的技術廠商，但我們仍希望透過我們的平台及觸角，傳送這個 Magento 重大的安全更新訊息，盡可能讓多幫一些商家，避免遭受這些安全漏洞的為害，如果你有朋友是使用 Magento，請也將訊息轉給他們。
New Magento Enhancements Available Today
Today, Magento is releasing new versions of Magento Commerce and Open Source to increase product security, performance and functionality:
- Magento Commerce and Open Source 2.3.1
- Magento Commerce and Open Source 2.2.8
- Magento Commerce and Open Source 2.1.17
- Magento Commerce 220.127.116.11
- Magento Open Source 18.104.22.168
- SUPEE-11086 to patch earlier Magento 1.x versions
These releases include security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we strongly recommend that all merchants upgrade as soon as possible.
Additionally, as a reminder we released the following patches recently that might be useful for you:
- Patch to secure Payflow Pro payment method against fraudulent activity for Magento 2.1, 2.2, & 2.3.
- Patch to continue support for payments via Authorize.net Direct Post.
The release of Magento 2.3.1 also includes powerful new merchant and developer experience enhancements and multiple performance improvements.
More information about the security changes is available on https://magento.com/security.