With the release of Magento 2.3.4, we’ve changed how we describe security issues. Individual issues are no longer described here in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento | APSB20-02.
Get the latest patches, security updates, and best practices for your Magento sites
Magento is committed to delivering security updates to our customers. Because most exploits tend to target software installations that are not up-to-date with the latest security updates, we always strongly recommend that users install security updates as soon as they are available.
Magento Commerce and Open Source 2.3.3, 2.3.2-p1 and 2.2.10 contain tens of security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.
Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.3.
These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.18, 2.2.9 and 2.3.2.
This patch contains several security updates. Risk: Critical for Magento Commerce prior to 22.214.171.124 and Open Source prior to 126.96.36.199.
These versions contains multiple functional and security updates. Risk: Critical for Magento Commerce and Magento Open Source prior to 2.1.17, 2.2.8 and 2.3.1.