Zend Framework Vulnerability
Scheduled Maintenance Report for Webscale STRATUS
Completed
The scheduled maintenance has been completed.
Posted Jan 18, 2017 - 12:45 EST
Scheduled
Magento has released an advisory of a potential remote code execution vulnerability in Zend Framework which is bundled as part of the Magento application. This vulnerability is only exploitable if the following option is turned on and Magento has advised disabling this option until an official patch is released.

We have scanned for affected customers and notified them by email. We will automatically disable this tonight, for affected and notified customers, starting at 9 PM EST to protect Magento from this critical bug and further advise when an official patch is available. If this is something required to be enabled, you can also set this option to "Specified" and enter a static return path.

Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path

Official Magento Security Notification:
https://magento.com/security/news/new-zend-framework-1-security-vulnerability
Posted Jan 16, 2017 - 14:15 EST