1 (888) 997-2457 Chat Status Login
We can help you. Right now.
Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]









Call us at:1 (888) 997-2457

Magento Ecosystem News February 2019

February 26, 2019
Magento News
Robert Rand
Director of Partnerships & Alliances

Robert is a Magento 1 & 2 Solution Specialist with over a decade of experience in helping merchants benefit from sound E-commerce and Digital Marketing strategies. He’s highly experienced at harnessing the power of E-commerce technologies and solutions to help businesses of all types and sizes grow and succeed and has earned numerous distinctions and accolades from his work with merchants and partner organizations.

 

There’s never a dull moment in eCommerce, and certainly not for Magento users. We recently shared information about the upcoming release of Magento 2.3.1, but as February 2019 comes to a close, we’re tracking several important topics in the Magento ecosystem. These include:

Authorize.net will stop supporting MD5 Hash on March 14th

On January 23rd, 2019, we reported on Authorize.net returning errors to Magento stores. In essence, Authorize.net rolled out a security update in their network that didn’t jive with the Authorize.net payment gateway that comes off-the-shelf with Magento. Authorize.net subsequently rolled back this update.

We’re continuing to track a similar issue that is on the horizon. On March 14th, Authorize.net will push another security update to their live servers. This will force Authorize.net users to support the new SHA-512 hash via signature key and will leave those still trying to use the old MD5 hash up a creek without a paddle. Those using 3rd party extensions that are being updated, such as from ParadoxLabs, or SaaS services like X-Payments and SubscribePro, should not be impacted by this issue as long as they’re using up-to-date extensions. Similarly, users that use SaaS checkout solutions like Bolt, or other payment gateways like PayPal won’t be impacted.

We’re expecting the new Magento 2.3.1 to include support for this Authorize.net security update. This version of Magento should become available in late March.

For folks on all other supported versions of Magento, there’s already a patch which you should install and test. 

 

The Deprecation of connect.magentocommerce.com

This dated resource is set to hit end of life on March 4th. According to Lori Krell, a member of the Magento team, this should only impact merchants using Magento 1.4 and earlier. This resource was used for extension support.

 

New Security Services Entering Beta

Willem de Groot, who has reported on Magento Zero-Day Vulnerabilities and lots of other Magento Security topics, has created an antivirus software for eCommerce sites that’s compatible with Magento 1 and Magento 2. The software is currently being offered in private beta. We’re looking forward to tracking the progress of this antivirus software, as we believe that there’s plenty of demand for good software to help keep an eye on custom instances of Magento with all of their extensions and other tweaks.

At the same time, Talesh Seeparsan announced Cerbero entering “semi-public” beta. This system is meant to help prevent what is known in digital security circles as a supply chain attack. In essence, these are attacks that come through entry points made possible by your use of 3rd party integrations and SaaS solutions. As you add JavaScript and other coding to your site to enable the use of these offsite resources, you inherently take on risks that should one of these services will be comprised, malicious code may be served up with your website.

 

We look forward to bringing you further information on these topics in the future. In the meantime, we’re here to help you with your Magento hosting needs through our mission-critical, fully-managed dedicated servers, enterprise clusters, and our AWS management services!

 

More Articles
Magento 2.0, 2.1, and 2.2 End of Life Dates
View Article
Insights Into Security & Breach Response Planning
View Article
Magento Releases SUPEE-11086, CE 1.9.4.1, EE 1.14.4.1, and M2 versions 2.1.17 and 2.2.8
View Article