SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities, ensure sessions are invalidated after a user logs out, and make several other security enhancements that are detailed below.
Information on additional functional enhancements available the new 1.14.3 and 1.9.3 releases is available in the ENTERPRISE EDITION and COMMUNITY EDITION RELEASE NOTES.
Patches and upgrades are available for the following Magento versions:
- Enterprise Edition 184.108.40.206-220.127.116.11: SUPEE-8788 or upgrade to Enterprise Edition 1.14.3
- Community Edition 18.104.22.168-22.214.171.124: SUPEE-8788 or upgrade to Community Edition 1.9.3
Please refer to SECURITY BEST PRACTICES for additional information how to secure your site.
Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.
The SUPEE-8788 security patch released in October 2016 has potential issues for certain Magento EE versions. See How to Apply the SUPEE-8788 Patch.
To read more or to download a patch, please click here: https://magento.com/security/patches/supee-8788.