Magento has recently released some product and security updates. These new versions provide a range of improvements, including a fix for the recently discovered Zend Framework 1 security vulnerability and quality updates to catalog, payments, and sales modules in Magento 2.

Enterprise Editions 2.1.4 and 2.0.12 & Community Editions 2.1.4 and 2.0.12

These new versions contain more than 20 functional fixes and enhancements, and one security enhancement. Following are the highlights:

  • Removal of vulnerability with the Zend framework Zend_Mail For more information, see New New Zend Framework 1 Security Vulnerability.
  • Updates to the catalog, checkout, indexers, installation, configuration & deployment, payment methods, and sales modules.

Enterprise Cloud Editions 2.1.4 and 2.0.12

Here is the up-to-date information about changes, additions, and fixes to the Magento Enterprise Cloud Edition for versions 2.1.4 and 2.0.12:

  • MDVA-913 patch has been removed because the issue is now fixed in Magento Enterprise Edition 2.1.4.
  • Fixes in this release: When you disable a module and deploy it to the remote Cloud server, the module stays disabled.

Enterprise Edition, Community Edition, and the SUPEE-9652 patch resolve the Zend Framework 1 Issue

These patches address the following issues:

  • Removal of vulnerability with the Zend framework Zend_Mail library.
  • Updated the copyright year to 2017.

It is highly recommended by Magento to deploy these new releases right away, to ensure optimal security and performance. As a best practice, install and test these releases in a development environment before releasing into production to avoid any disruption to your store.