The Magento Team has released the following accouncement about an serious vulnerability:
--- start ---
Adjust Mail Settings to Protect Your Sites A new vulnerability has been found in a Zend Framework 1 and 2 email component . The component is used by all Magento 1 and Magento 2 software and other PHP solutions. This vulnerability is serious and can lead to a remote code execution attack if your servers use Sendmail as a mail transport agent.
Review our Magento Security Center posting to learn how you can protect your sites from this vulnerability. Until patches are available in the next several weeks, we recommend you immediately update your mail settings.
Please note that we’ve checked all Enterprise Cloud Edition sites and they are not affected by this issue.
Thank you for your immediate attention to this matter.
Best regards, The Magento Team © Magento 2017
--- end ---
|