Dear Visa, dear PayPal, ladies and gentlemen,
only six weeks left until Adobe discontinues it’s support for the Community Edition and the Enterprise Edition of Magento 1.
As soon as there is no more support, these shops are no longer secure, because new security vulnerabilities will no longer be fixed. (By the way, this does not only affect Magento 1 shops, but also Magento 2 shops in version 2.0 to 2.2.)
You have pointed this out to your customers. And that is the right and important thing to do for now.
First and foremost, it’s about the fact that if you have a system for which no vendor patches are available, you are no longer PCI-compliant and therefore can no longer offer credit card or PayPal payments.
We’ve been trying for so many months to get in touch with you, Visa and PayPal, to make you aware of our alternative.
As a vendor of security patches for Magento 1, we offer an alternative to migrating to a new system within the next six weeks. It’s not about keeping Magento 1 alive forever, but only to de-stress the migration process for a while. It is about gaining time AND security.
We believe that we cover the points 6.1. and 6.2 in the mentioned PCI DSS requirements.
Therefore we would like to ask you to have a conversation with us! We want you to know that our service offers the best possible security solution. We will run a bug bounty program like Magento did before, we will release security patches and also compatibility patches and we are in contact with so many people from the community who think our service is worthwhile, including the Magento Association.
We hope you will help us to help merchants – and contact us.
Your Mage-One Team.
Rico Neitzel, Carmen Bremen, Fabian Blechschmidt, Tobias Vogt, Tobias Klose