Coinciding with the release of Magento 2.3.3 and in response to PHP vulnerabilities, Magento will begin releasing lightweight, security-only patches in addition to the regular cadence of feature and platform updates.
While the platform updates will still contain fixes for newly discovered vulnerabilities, the patches provide an upgrade path between vital fixes and full feature updates.
Regulation around the world is increasingly concerned with data security. In the UK, GDPR imposes a responsibility to report data breaches to the relevant regulatory authority and directly to potentially exposed customers. According to media outlets, in the US at least 19 consumer companies have reported security breaches since January 2018.
ZDNet found that 83% of reported Magento hacks were on outdated versions of Magento Commerce and Magento Open-source sites. In order to stay up to date with security patches retailers running Magento Commerce would traditionally have to apply the feature update. This could prove a lengthy task and contributes to the proportion of retailers running on legacy versions of the platform.
As a result of the new security patches, retailers who aren’t ready to move to the latest version of Magento Commerce can enhance security without the full integration, development and regression testing activities usually involved in an upgrade.
Standalone security patches, along with Magento Commerce 2.3.3, have a planned release of late September or early October. Look out for patches in the format “<version number>-p1”, which indicate priority security fixes.
Retailers running versions of Magento behind the 2.3.2 update will need to work with their technology partners to understand how security fixes can be applied to their digital store. It is also worth noting that Magento’s 2.2.x branch will soon become deprecated and we recommend upgrading as soon as possible, as they will no longer be supported.
At Tryzens, our passionate team of Magento experts understand the importance of securing your store. Get in touch today to understand how to apply fixes and incorporate the schedule into your ongoing development.