Tuesday, March 26, Magento published critical security updates. We therefore request that customers using Magento upgrade ASAP, if they have not already done so.
These new versions address security vulnerabilities that allow unauthenticated users full access to Magento and other software installed to the same webhotel.
Additionally, Magento offers a patch for Magento 1.9 to version 220.127.116.11, and a patch for Magento 1.14 to version 18.104.22.168.
Magento 2.0 is unsupported, and must be upgraded to 2.1, 2.2, or 2.3, or be deleted.