Magento Community Edition 2.0.6 has been released, this release includes several significant functionality improvements as well as security enhancements.
- Improved Redis support
- Improved file permission handler with options
- Stopping unauthenticated users from using REST or SOAP API calls to remotely execute malicious code on the server.
- Preventing a site from being remotely triggered to reinstall itself so that the attacker can potentially take control of it.
- No longer allowing authenticated customers to change other customers account information using SOAP or REST API calls.
- Fully resolving a previous vulnerability with cross-site scripting in the Authorize.net payment module.