November 27, 2019
At Magento, we believe transparency with our global community of merchants, partners, and developers is important. Accordingly, we want to share a security update.
On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services.
We have notified impacted Magento Marketplace account holders directly.
We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future.
Magento is the largest open source community in eCommerce. We have all seen the power of this amazing community coming together to solve the most complex problems in commerce, and security is no different.
We appreciate all that you are doing to maintain good security hygiene and to keep your Magento instance and extensions current. Please refer to the Magento Security Center to help ensure the security of your Magento store.