PHP vulnerability

PHP vulnerability

Magento recently put out the following warning to all merchants.

A vulnerability has recently been discovered in PHP and we recommend Magento Commerce customers adopt changes to address the issue. MS-ISAC has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP 

Since Magento Commerce relies on PHP, we recommend that all Merchants using Magento Commerce review necessary updates for PHP with their hosting provider. We also recommend that Merchants complete this review and any updates by September 30 in order to mitigate the vulnerability and to avoid PCI compliance issues that may go into effect as a result of these vulnerabilities at the end of the month. For those using Magento Commerce on our cloud infastructure, please find specific information on these changes here.

Per the alert, recommended patches for this vulnerability include: PHP 7.1: https://www.php.net/ChangeLog-7.php#7.1.32 PHP 7.2: https://www.php.net/ChangeLog-7.php#7.2.22 PHP 7.3: https://www.php.net/ChangeLog-7.php#7.3.9 If you would like more information on PHP and recent releases, you can visit PHP’s site. And if you have questions or would like more information on best practices for security, please check out our DevBlog article on Security.

PHP put out new incremental updates on a frequent basis. As all Dx3webs clients are using a Managed Service provided by us these patches are automatically applied on a regular basis. These patches are no exception other than they need to be applied quicker than the usual incremental patches. These have been rolled out to all servers already. There is no danger that they will interrupt your site as they are no different to any of the usual patches we apply on a regular basis.

© 2016 Dx3webs Ltd. All Rights Reserved. | Company No. 08221801 | VAT No GB142 6020 55 | Terms & Conditions | Privacy Policy