Manufacturing and Distribution
Firearms
Automotive and OEMs
Healthcare & Life Sciences
Sports & Outdoor Hunting Gear
Regulated Industries eCommerce
Adobe Commerce
BigCommerce
Magento
myMagento
WooCommerce
Shopify Plus
Shopware
Magento 1 to Magento 2 Migration
Magento Upgrade Service
Magento Design
Magento B2B
Magento Hosting
Magento Consulting
Magento eCommerce Developers
Magento SEO
Magento Integration
Magento Speed & Performance Optimization
eCommerce Development
Headless Commerce
eCommerce GrowthX
B2B CRO Services
Enterprise SEO Services
Email Marketing
Website Localization Services
AEO, GEO and AI Search
AI Tools for Business
Data Analytics Services
GrowthX Strategy & Consultancy
eCommerce Integration
CRM Integrations
Accounting Software Integrations
ERP Integrations
PIM Integrations
Payment Gateways Integrations
Tax Platform Integrations
eCommerce Site Migrations
Project Rescue
Hire Developers
Free Audit Report
Extensions & Applications
Custom Applications for eCommerce
Magento Extensions
Security & Fraud Prevention
User Interface & Experience
Website Design Services
Support & Maintenance
About Us
Blog
Webinars
News & Updates
Downloads
FAQs
The Wagento Difference
Hyvä
iPaaS
Klaviyo
Sales Layer
Sift
Dot Digital
Nousmedis
Call
Message
Security has been the primary focus for Magento engineers throughout 2019 due to the increasing rates of fraud and security breaches among eCommerce sites. In Q2 alone, engineers shipped 139 security fixes across all active versions of Magento Commerce and Magento open-source sites, and Q3 is set to release a record-breaking total of 157 fixes.
However, with the holiday season quickly approaching, Magento is providing security-only patches that will give retailers the protection they need while delaying any time-consuming updates or changes until the holidays have passed. This flexible patch release will be called “2.3.2-p1”.
Security Upgrade Options
The framework for this release allows eCommerce merchants the freedom to choose when they would like to upgrade to the full release, or if they’re prefer to go from one security-only update to another. Here are just a few examples to showcase the flexibility of this improved scheme:
- Full upgrade. In this scenario, you would upgrade from 2.3.2 to 2.3.3 in Q3 of this year. In Q1 of 2020, you could upgrade from 2.3.3 to 2.3.4.
- Security-only patch now, full update later. In the upcoming Q3 of 2019, you would simply go from 2.3.2 to the 2.3.2-p1 instance. Once we enter Q1 of 2020, you can then upgrade to the full 2.3.4 instance.
- Security-only patch now, security-only patch later. This Q3, you would upgrade to the 2.3.2-p1 patch, and then update that instance to 2.3.3-p1 in Q1 of 2020.
- Security-only patch now, functional changes/updates later. Like the other examples, you would upgrade your 2.3.2 instance to the 2.3.2-p1 patch. Then, sometime between Q3 of this year and Q1 of 2020, you would upgrade to the 2.3.3 instance to receive the functions or quality updates you require. Once Q1 of 2020 begins, you can choose whether to upgrade to 2.3.4 or 2.3.3-p1.
Other Recommended Security Tips
One study found that over 83% of Magento Commerce and Magento open source that reported security issues were running on outdated versions. This proves the fact that keeping your Magento store upgraded is the best way to protect your site from hacks.
To see what else you can do to protect your website, you can view our Security Best Practices guide, or you can check out this DevBlog post to learn more about the upcoming security-only patches!
If you want to not sorry about security patches you should sign up for No Hassle Updates.
