Magento Community Edition 2.0.4 is the latest edition of Magento platform. Working with this latest release encourage users to work with all sorts of enhanced security features. A user is highly recommended to download as well as install 2.0.4 version of community edition to make sure that they are able to receive all the latest security enhancements that was not included in 2.0.3 version.
It is obviously perfect to say that a high-powered content management system (CMS) with an aim to build numerous of e-commerce web applications as well as websites, Magento is one of the highly preferred e-commerce platforms by most of the mid-market merchants due to its enhanced features such as payment engines and shipping modules, custom product options, and its excellent security support system that it offers to its customers. Keeping in view all these above benefits of Magento e-commerce platform, it is highly recommended for organizations to hire a Magento developer who is sound enough to offer as well as to develop a highly enhanced e-commerce security website to offer its customers with optimized e-commerce solutions. As, it will further focus towards offering its clients as well as customers with full satisfactory e-commerce features by taking care of Magento website customization as well as management process. Hiring any proficient as well as proficiently sound Magento developer has never been that easy process to deal with.
Fixing of various issues:
Working with up-gradation and installation section
1. Magento platform is no more confined with the creation process of storing data in an inconsistent way at the time of installation process.
2. The setup:config:set script not at all supports the process of deleting values in the env.php file at the time of up-gradation process.
1. Magento platform now successfully supports the process of importing all the existing products as well as all the products that are confined with the use of custom URLs.
1. The shipping address is now shown in the Order APIs that helps in solving the issues to integrate APIs with third-party systems.
2. When API to add attribute options is used, the SOAP API efficiently works with the process of returning attribute types TEXT SWATCH and VISUAL SWATCH.
1. URL type arguments in nested arrays can easily be used in Magento’s up-to-the-minute version. Earlier, it was witnessed that passing any route parameter was only allowed if the url argument was declared at the top level.
1. At the time of working with messages, HTML tags are no longer supported.
2. Working with the functionalities of loading catalog products with multiple color swatches with respect to product performance has highly been improved in Magento’s latest Community Edition.
3. Saving as well as displaying various new customer attributes are now well supported in Magento’s Community Edition.
Security enhancement section:
This release comprises of several profound enhancements in order to improve the security features of your Magento 2.0 installation. This release is free from any malicious attacks till date, but surely users will experience certain vulnerabilities that can potentially be exploited to access customer’s data or can take over administrator sessions. So, in this case, it is highly recommend for users to upgrade their existing Magento 2.0 installation to its latest version as soon as possible.
The below given list encourage users to get an overview of various latest security issues that are fixed in this release:
1. Consistent cross-site scripting issue via any specific user account has been resolved fully.
2. Magento now works effectively with the process of setting limits on infinite number of password attempts by the user. In the previous version, it was analysed that Admin and Customer Token API accessing process did not limit the number of attempts, whenever any user is tries to enter a correct password infinite number of times, by heedlessly allowing brute force attempts to guess their password.
3. High permission level has been set with respect to APIs that previously granted its way to anonymous users. In-built product attribute does not permit any kind of bootlegged access to Catalog panel, Stores as well as CMS APIs. However, working with the interference of any anonymous access can be proceeded with help of adjustments of settings
4. An arbitrary execution of PHP code in Magento is now completely intercepted with the help of language package CSV file.
5. All the created encryption keys that can easily be accessed in the System > Manage Encryption Key panel have now been reinforced properly.
6. Occurrence of reflected XSS with the help of Authorizenet module’s redirect data. is not at all supported in the latest version of Magento.s
7. More updates related to Magento’s latest version security can be found in the Magento
8. Security Center
It is highly recommend for users to review each and every Magento’s Security Best Practices in order to confirm about the fact that all the precautions are taken that is capable of protecting the system from any illegal activities.