文章彙整

不可不知的Magento2.2.3!

Astral WebBy Astral Web 3 years agoNo Comments
首頁  /  Magento  /  Magento消息  /  不可不知的Magento2.2.3!

最新的Magento2.2.3已於三月底悄悄釋出,現在就讓我們來快速看一下此版的有哪些更新項目吧!

項目一:安全性更新

用過Magento1.X的用戶都知道,Magento會不定期釋出最新的安全性封包,來協助你提升網站安全性,但在Magento2.X上並不會採用此方式,而會使用直接更新系統版本的方式,來更新你的系統安全性。

Magento2.2.3更新的安全性項目如下:

  • APPSEC-1951: JavaScript execution in the administrator panel
  • APPSEC-1952: Remote Code Execution using media upload
  • APPSEC-1865: Cross-Site Scripting in customer information
  • APPSEC-1907: Cross-site Scripting in Customer Address
  • APPSEC-1935: Cros-site Scripting leading to Denial-of-Service
  • APPSEC-1977: Common Server Misconfiguration causes data leak
  • APPSEC-1901: Local file inclusion in customer view
  • APPSEC-1994: CSRF in Store Backups
  • APPSEC-1986: Local file inclusion in import history
  • APPSEC-1929: Path Traversal in Image Upload
  • APPSEC-1960: Path Traversal in static.php file
  • APPSEC-1879: Cross-site Scripting in Downloadable Products
  • APPSEC-1891: Cross-site Scripting in Admin Shipment tracking
  • APPSEC-1905: Cross-site Scripting in detailed rating
  • APPSEC-1906: Cross-site Scripting in System Configuration
  • APPSEC-1908/1948: Cross-site Scripting in custom variable
  • APPSEC-1916: Cross-site Scripting in Attribute Group Name
  • APPSEC-1928: Cross-site Scripting in Downloadable Product Link
  • APPSEC-1944: Cross-site Scripting in Date fields
  • APPSEC-1945: Cross-site Scripting in Product SKU
  • APPSEC-1947: Cross-site Scripting in RMA functionality
  • APPSEC-1973: Cross-site Scripting in Newsletter Template
  • APPSEC-1873/1979/1980: Cross-site Scripting in Site Settings
  • APPSEC-1995: Cross-site Scripting in Downloadable Products
  • APPSEC-1998: Cross-site Scripting in Product Attributes
  • APPSEC-1878/1890: Cross-site Scripting in CMS hierarchy
  • APSSEC-1488: Cross-site Scripting in Status Message (continuation)
  • APPSEC-1272: No CSRF Protection in Order Printing
  • APPSEC-1889: CSRF Protection Bypass
  • APPSEC-1553: Access to Gift Registries of Other Users
  • APPSEC-1937: Information Exposure
  • APPSEC-1895: Information Exposure
  • APPSEC-1967: Password Change Session Management
  • APPSEC-1972: Password Reset Session Management

項目二:支持Elasticsearch 5.x

相較於前一版Magento所支持的Elasticsearch 2.x, 新一版本的Elasticsearch 5.x改善了25%以上的索引效能。

項目三:USPS取消了無郵資標籤

在今年二月份,美國郵政移除了創建無郵資標籤的API接口,據官方說法是為了提升客戶更好的服務,且不影響任何客戶體驗與收益。因此該功能已從Magento2.2.3版本中移除。

項目四:後台快取

Magento改善了後台快取的作業方式,新一版本的Magento後台能夠更快速的刷新快取,並提供管理者更流暢的作業。

 

更多的Magento2.2.3請參考官方的發行說明!或請追蹤我們的Facebook粉絲專頁,我們也都會不定期發佈相關資訊喔!

 

以上內容由Astralweb 歐斯瑞編寫製作

 000

推薦文章

Category:
  Magento消息

留下回應

你的電子郵件地址不會被公開.

請到您的信箱確認,即可完成訂閱。