Security Center

Get the latest patches, security updates, and best practices for your Magento sites

New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

Authored by:

Magento Security Team

Mar 8, 2019

A critical vulnerability exists in the Magestore Store Locator extension version 1.0.2 (and earlier versions) that could result in unauthorized access to sensitive information. Magento urges customers running this extension to immediately disable this extension or block requests. Read more. 

Feb 4, 2019

To better align and help enhance the program, Magento consolidated their Bug Bounty Program with the Adobe program under one umbrella. New changes and opportunities are coming for bug reporters.

Jan 24, 2019

Maintainers of the PHP Extension and Application Repository (PEAR) have disclosed a breach that resulted in the compromise of the go-pear.phar executable used to install the PEAR installer package manager v1.10.9.

Jan 7, 2019

Phishing Alert: Do not open email with fake security update. Customers who receive one of these emails should delete it immediately without downloading attachments or following hyperlinks that may be included in the message. Read More.

Nov 28, 2018

This patch contains several security updates. Risk: Major for Magento Commerce prior to 1.14.4.0 and Open Source prior to 1.9.4.0.

Nov 28, 2018

These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.16 and 2.2.7.

Sep 10, 2018

This patch contains several security updates. Risk: Major for Magento Commerce prior to 1.14.3.10 and Open Source prior to 1.9.3.10.

Sep 10, 2018

These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.15 and 2.2.6.

Jul 18, 2018

Magento is making Google reCAPTCHA and Two-Factor Authentication (2FA) functionality available for Magento Open Source, Commerce, and Commerce (Cloud) v2.1 and v2.2. These features provide enhanced access security.