Magento has released updates for Magento Commerce and Open Source editions. For more information on security updates available for Magento, please see APSB20-59 for details.
Security Center
Get the latest patches, security updates, and best practices for your Magento sites
Magento Commerce
Magento has released updates for Magento Commerce and Open Source editions. For more information on security updates available for Magento, please see APSB20-47 for details.
Magento has released updates for Magento Commerce 1 and Magento Open Source 1. For more information on security updates available for Magento 1. Please see Security updates available for Magento | APSB20-41.
Magento is making Content Security Policy available for Magento Open Source and Commerce v2.3.5-p1. The release of Magento 2.3.5-p1 marks the first phase of our implementation and makes CSP available in report-only mode
by default.
Magento has released updates for Magento Commerce and Open Source editions. For more information on security updates available for Magento, please see APSB20-22 for details.
Magento advises customers of potentially affected deployments to take immediate action by updating Magento installations with the latest patch.
With the release of Magento 2.3.4, we’ve changed how we describe security issues. Individual issues are no longer described here in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento | APSB20-02.
With the release of Magento 2.3.4, we’ve changed how we describe security issues. Individual issues are no longer described here in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento | APSB20-02.
SUPEE-11219, Magento Commerce 1.14.4.3 and Open Source 1.9.4.3 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.
Magento Commerce and Open Source 2.3.3, 2.3.2-p1 and 2.2.10 contain tens of security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities.
Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.3.