Magento released Magento Enterprise Edition and Community Edition 2.0.6, with important functional improvements. Now Redis can be used for session storage and a file permission issue is fixed. In addition to this, a flexible way is also provided to set file ownership. All the detailed information about the functional enhancement is included in the Enterprise and Community Edition release notes.

Security Improvements in Magento 2.0.6

Additionally, this release has the following security improvements:

– Unauthorized users will not be able to remotely execute malicious code on the server using the REST or SOAP API calls

– Remote triggering of a site that reinstalls itself for the attacker to potentially take control over it, is no longer allowed

– No authenticated customer will be able to make changes to the accounts of other customers with the SOAP or REST API calls.

– Previous vulnerability with cross-site scripting in the Authorize.net payment module is fully resolved.

– Detailed information about the security updates is available on the Magento Security Center.

Access the Release

You can access this new release from following locations:

Community Edition:

Community Edition 2.0.6 (New .zip file installations)

– Go to Community Edition Download Page > Download Tab.

– Select your format and click on Download button.

Community Edition 2.0.6 (Other Installations)

You can also get Magento 2.0.6 with New Composer installation and upgrades. Here are the useful resources:

– New composer installations:  http://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html

– Composer upgrades:  http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

– Developers contributing to the CE code base: http://devdocs.magento.com/guides/v2.0/install-gde/install/cli/dev_options.html

Enterprise Edition:

Enterprise Edition 2.0.6 (New .zip file installations)

Go to My Account > Downloads > Magento Enterprise Edition 2.X > Magento Enterprise Edition 2.x Release > Version 2.0.6

Enterprise Edition 2.0.6 (Other Installations)

– New composer installations: http://devdocs.magento.com/guides/v2.0/install-gde/prereq/integrator_install.html

– Composer upgrades: http://devdocs.magento.com/guides/v2.0/comp-mgr/bk-compman-upgrade-guide.html

If you haven’t yet upgraded to Magento 2.0.2, then make sure you first upgrade to Magento 2.0.2 and then upgrade to Magento 2.0.6. Make sure you test this update and install on your test environment before putting it to live server. This update is required to be tested and installed before putting it to production.

In case you need Magento Experts to upgrade your Magento website, then feel free to contact us! View our Magento Services to see how we can help you with your ecommerce website.