Security Center

Get the latest patches, security updates, and best practices for your Magento sites

Authored by:

Magento Security Team

Sep 14, 2017

This patch contains several security updates. Risk: Major for Magento Commerce prior to 1.14.3.6 and Open Source prior to 1.9.3.6.

Sep 14, 2017

These versions contains multiple security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.0.16 and 2.1.9.

May 31, 2017

These versions contains multiple security updates. Risk: Critical for Magento Enterprise Edition and Community Edition prior to 2.0.14 and 2.1.7.

May 31, 2017

This patch contains multiple security updates. Risk: Critical for Magento Enterprise Edition prior to 1.14.3.3 and Community Edition prior to 1.9.3.3.

Apr 24, 2017

Hackers impersonating Magento Commerce have sent an email that contains malware to merchants and agencies using our products. 

Oct 29, 2016

This updated article shares how you can protect your store from brute force password guessing attacks.

Apr 26, 2016

An SQL injection vulnerability has been found in multiple third-party extensions and themes

Mar 30, 2016

Important information on how Magento 2.0 handles anonymous web APIs

Mar 16, 2016

A newly-identified malware appears to capture checkout information, including credit card data, from infected sites

Feb 18, 2016

Update to the Shoplift vulnerability - be sure to apply all official Magento security patches