Update: Adobe has released an additional patch to better protect against the threat identified in CVE-2022-24086. This threat is still considered critical and the new patch, CVE-2022-24087, should be applied ASAP.
On February 13th, Adobe announced a critical security vulnerability that makes it possible for criminals to take control of Magento 2.3 and 2.4 sites without Admin controls. Adobe quickly supplied a security patch to prevent this vulnerability from being exploited. This is an excellent example of why it’s imperative for sites to make sure their version of Magento is still supported and capable of receiving essential updates. Read more about this vulnerability here.
As with all good things, Adobe Commerce support for Magento 2.3 is soon coming to an end. While sites using 2.3.x will continue to function past the September 8th end-of-life date, these stores will be excluded from key improvements to Magento and become increasingly susceptible to security risks. Another important end-of-life date to be aware of is the date set for PHP 7.3, which was scheduled for December 2021. If your site is operating on Magento 2.3.0 – 2.3.6, you’re already at increased security risk due to using an unsupported version of PHP. Whether you’re at risk now or are soon to be at risk, upgrading to Magento 2.4 is an important step towards ensuring the continued success of your eCommerce business.
Unsure if an update is actually necessary? Here are a few reasons to make the change:
End of Updates
Important upgrades like security patches and PCI (Payment Card Industry) compliance updates will stop being released by Adobe Commerce and Magento Open Source, leaving stores that use Magento 2.3.x at risk of security breaches and fines for failing to uphold credit card processing standards.
Marketplace extensions and support from Adobe will be greatly reduced or completely ended. Important developer documentation will also be removed from Adobe’s site. This means that when you need help or want to troubleshoot an issue, your odds of finding a simple solution will be greatly diminished.
Magento 2.4 Offers Excellent Features
By switching to Magento 2.4, you’ll have valuable features like extension of ReCAPTCHA coverage, expansion of GraphQL support, Page Builder included for Magento Open Source sites, updated security patches, and key bug fixes. An exciting new feature implemented in 2.4 provides seller-assisted shopping experiences, in which admin can login as customers so customers no longer have to hand over their usernames or passwords to seek help. And with the improvements to PWA Studios combined with the expansion of GraphQL, building a PWA (Progressive Web App) is easier than ever.
Magento 2.4.4 is just on the horizon
Adobe Commerce quietly updated their Magento lifecycle policy to include a tentative date for the arrival of Magento 2.4.4. Set to be available in March, Magento 2.4.4 is sure to have a list of exciting features and important patches.
The best time to update to Magento 2.4 is now. Not only will you have access to the latest security updates, full support from Adobe Commerce, and assurance that you’re PCI compliant, you’ll also have a wealth of improvements and new features that will help to propel you into greater growth.
Still using an older version of Magento?now for an upgrade consultation.