Get the latest patches, security updates, and best practices for your Magento sites
Magento Commerce and Open Source 2.3.3, 2.3.2-p1 and 2.2.10 contain tens of security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.
Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.3.
These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.18, 2.2.9 and 2.3.2.
On September 3, Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP. Read on for impacts and steps for Magento Commerce sites.
This patch contains several security updates. Risk: Critical for Magento Commerce prior to 22.214.171.124 and Open Source prior to 126.96.36.199.
An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. To best protect your store, Magento has released patches and recommends additional security steps to protect your store
We are aware of reports that phishing attempts are impersonating Magento and are being used for targeted attacks. This misleading phishing email encourages users to click on a link that indicates all users are required to register for an alert platform. Please review this blog for more information.