Security has been the primary focus for Magento engineers throughout 2019 due to the increasing rates of fraud and security breaches among eCommerce sites. In Q2 alone, engineers shipped 139 security fixes across all active versions of Magento Commerce and Magento open-source sites, and Q3 is set to release a record-breaking total of 157 fixes.
However, with the holiday season quickly approaching, Magento is providing security-only patches that will give retailers the protection they need while delaying any time-consuming updates or changes until the holidays have passed. This flexible patch release will be called “2.3.2-p1”.
Security Upgrade Options
The framework for this release allows eCommerce merchants the freedom to choose when they would like to upgrade to the full release, or if they’re prefer to go from one security-only update to another. Here are just a few examples to showcase the flexibility of this improved scheme:
- Full upgrade. In this scenario, you would upgrade from 2.3.2 to 2.3.3 in Q3 of this year. In Q1 of 2020, you could upgrade from 2.3.3 to 2.3.4.
- Security-only patch now, full update later. In the upcoming Q3 of 2019, you would simply go from 2.3.2 to the 2.3.2-p1 instance. Once we enter Q1 of 2020, you can then upgrade to the full 2.3.4 instance.
- Security-only patch now, security-only patch later. This Q3, you would upgrade to the 2.3.2-p1 patch, and then update that instance to 2.3.3-p1 in Q1 of 2020.
- Security-only patch now, functional changes/updates later. Like the other examples, you would upgrade your 2.3.2 instance to the 2.3.2-p1 patch. Then, sometime between Q3 of this year and Q1 of 2020, you would upgrade to the 2.3.3 instance to receive the functions or quality updates you require. Once Q1 of 2020 begins, you can choose whether to upgrade to 2.3.4 or 2.3.3-p1.
Other Recommended Security Tips
One study found that over 83% of Magento Commerce and Magento open-source that reported security issues were running on outdated versions. This proves the fact that keeping your Magento store upgraded is the best way to protect your site from hacks.
To see what else you can do to protect your website, you can view our Security Best Practices guide, or you can check out this DevBlog post to learn more about the upcoming security-only patches!
If you want to not sorry about security patches you should sign up for No Hassle Updates.
