On February 9, 2015 we issued a patch (SUPEE-5344
available
here) and alerted our clients and partners about
a
remote code execution vulnerability in the Magento platform.
To drive awareness of the patch, we’ve issued a series
of
communications to our ecosystem of partners and directly to
our
Enterprise Edition and Community Edition customers. We
have
also encouraged downloads of the patch in collaboration
with
our partners, and directly through our services team and
developer evangelists. In addition to the patch itself,
today
we are announcing Magento Community Edition
1.9.1.1,
which includes SUPEE-5344. The patch was also incorporated
into
the latest Enterprise Edition release, 1.14.2.
Magento is the largest open source community in
eCommerce. Like other open source communities, it
requires
conscientious stewardship to ensure it remains strong.
We are committed to platform security and are taking
proactive
steps intended to ensure this. In the coming weeks, we will
be
establishing the Magento Alert Registry to serve as a
direct line
of communications in future urgent situations, separate
from
any marketing communications. By being able to connect
with
both our Community and Enterprise Edition merchants
directly
via your preferred method – email, text or social – we will
be
able to more quickly inform you of steps to resolution.
In managing this situation, we have all have seen
the
power of the Magento ecosystem coming together to solve a
common problem. Together we will continue to define a new
future for commerce and we continue to be humbled by your
ongoing participation in defining Magento’s
future.
– Mark