Magento – Critical Security Updates

Issue: On 3/26/2019 the Magento Security team identified and released several security updates. This includes fixes for critical vulnerabilities in some versions of Magento. Who is Impacted? Websites running Magento Commerce 2.1, 2.2, 2.3 or Magento Open Source versions before What should I Do? We are strongly encouraging all Magento Commerce and Magento Open Read More >

Magento – Critical Security Update 2.0.10 and 2.1.2

Issue: Magento has released a critial security update to address know vulnerabilities. The Magento Security team is advising everyone to “ deploy these new releases right away, as attackers may target merchants who are slow to upgrade.” Read more on the official Magento Security team post on the MAGENTO 2.0.10 AND 2.1.2 SECURITY UPDATE. Status: Read More >

Magento 1.x Critical Security Update Released

Issue: It has come to our attention that Magento released a Critical Security Patch (SUPEE-7405) on 1/27/2016. This patch includes fixes for several Critical, and High Severity issues in Magento. Who is impacted? Users of Magento Enteprise Edition prior to and for Community Edition prior to What should I do? We are strongly Read More >

Magento Security Alert

Who is affected? – Users of Magento Community Edition and Enterprise Edition. Have these issues been addressed? – The SUPEE-5994 Patch Bundle covers eight different issues that are listed in the article below. SUPEE-5994 Patch Bundle On May 14, 2015 Magento released a bundle of eight patches that addresses the following issues: Admin Path Disclosure Read More >

Security Alert – 4/30/2015 – Magento code execution vulnerability

Magento Critical Vulnerability Issue: Magento has discovered a code-execution hole in both the community and enterprise editions. Status: Update has been released. Who is impacted? Community and Enterprise editions of Magento. Why was this update released? The web security firms Incapsula and Sucuri have discovered that malicious users are exploiting the bug to create new Read More >

302: How to get Magento to use both regular and secure connections

Many site owners want customers to be able to access their Magento catalog via normal http protocol, but switch over to https (secure) protocol for checkouts. This helps secure the data and prevent snooping or insecure data collection that can result in identity theft or other malicious activities. To enable Magento to function with both Read More >