Security Center

Get the latest patches, security updates, and best practices for your Magento sites

New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

See the Details

NEW! Magento Security Scan Tool

Monitor your sites for security risks, update malware patches, and detect unauthorized access with Magento Security Scan, the latest FREE tool from Magento Commerce.

Go to Security Scan

< Security Center

Filter by topic

News
Content Security Policy Support
Apr 28, 2020

Magento is making Content Security Policy available for Magento Open Source and Commerce  v2.3.5-p1. The release of Magento  2.3.5-p1 marks the first phase of our implementation and makes CSP available in report-only mode by default. 

Patches
Magento 2.3.5-p1 and 2.3.4-p2 Security Updates
Apr 28, 2020

Magento has released updates for Magento Commerce and Open Source editions. For more information on security updates available for Magento, please see APSB20-22 for details.

Patches
Hot fix available for CVE-2019-8118
Mar 24, 2020

Magento advises customers of potentially affected deployments to take immediate action by updating Magento installations with the latest patch.

Best Practices
Security Best Practices
Jan 14, 2016

This guide outlines a multifaceted approach to improve the security of your Magento installation. 

Patches
Magento 2.3.4, 2.3.3-p1 and 2.2.11 Security Update
Jan 28, 2020

With the release of Magento 2.3.4, we’ve changed how we describe security issues. Individual issues are no longer described here in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento | APSB20-02.

Patches
SUPEE-11295
Jan 28, 2020

With the release of Magento 2.3.4, we’ve changed how we describe security issues. Individual issues are no longer described here in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento | APSB20-02.

Patches
Latest Magento Security Update Helps Protect from Recently Reported RCE Vulnerability
Nov 11, 2019

Magento is committed to delivering security updates to our customers. Because most exploits tend to target software installations that are not up-to-date with the latest security updates, we always strongly recommend that users install security updates as soon as they are available.

Patches
SUPEE-11219
Oct 8, 2019

SUPEE-11219, Magento Commerce 1.14.4.3 and Open Source 1.9.4.3 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

Patches
Magento 2.3.3 and 2.2.10 Security Update
Oct 8, 2019

Magento Commerce and Open Source 2.3.3, 2.3.2-p1 and 2.2.10 contain tens of security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.

Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.3.

News
Magento Recommendations for PHP Vulnerabilities
Sep 13, 2019

On September 3, Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP. Read on for impacts and steps for Magento Commerce sites.