Mage One has extended its support for Magento 1 beyond the originally planned five-year period. While support was initially guaranteed through 2025, online merchants can now count on regular security and compatibility patches until at least 2027. Even better: unless Mage One announces an end to support at least 24 months in advance, the support period will automatically extend by another two years—giving merchants plenty of time to plan a smooth transition.
In other words:
If no end-of-support is announced in 2026, support will be extended through at least 2028.
If there’s still no announcement in 2027, support will continue through at least 2029.
Security Patches for Magento 1
Since official security updates from Magento ended, Mage One has stepped in to keep Magento 1 safe. They regularly release patches for newly discovered vulnerabilities, helping online shops stay secure and run smoothly. Merchants also benefit from a bug bounty program that rewards developers for finding and reporting security issues.
Compatibility with the Latest Technology
To ensure Magento 1 can still be used with the latest technology—like newer versions of PHP, MySQL, and Apache—Mage One regularly releases compatibility patches. These updates help keep your shop running smoothly on modern server environments.
Even though Magento 1 is considered a legacy system, Mage One’s continued support through at least 2027 ensures it stays secure and compatible.
Exactly one year ago, in October 2022, there were significant changes to PayPal PLUS that affected online shop owners. These changes had a substantial impact on the way payments were processed in online stores. In this recap, we’d like to remind you of these changes and also highlight our solution for Magento 1, which continues to support you in transitioning to PayPal Checkout.
The Past: PayPal PLUS Changes in October 2022
In October of last year, PayPal discontinued support for PayPal PLUS. This meant that online merchants had to find a new solution to continue offering trusted payment options to their customers. The transition was a challenge for many, as PayPal PLUS was widely used and popular in many German online shops.
The Present: PayPal Checkout as an Alternative
In response to the discontinuation of PayPal PLUS, PayPal introduced PayPal Checkout. This new solution continues to provide a wide range of payment options for your customers, including the popular option of paying by invoice. With PayPal Checkout, you can ensure that your customers can shop conveniently and confidently with you.
Our Solution: Mage-One with PayPal Checkout for Magento 1 Users
For Magento 1 users who are still using the platform and wish to utilize PayPal Checkout, our Mage-One module offers an effective solution. This module enables a seamless integration of PayPal Checkout into Magento 1 stores, allowing you to continue offering payment options like invoicing while benefiting from the advantages of PayPal Checkout.
Your Alternative: All-in-One Payment Solutions
If you want to offer additional payment methods alongside PayPal Checkout, you also have the option to turn to all-in-one payment solutions such as Mollie or PAYONE. These platforms enable you to offer a variety of payment methods in your online store while benefiting from user-friendly integration and processing.
Summary
The changes to PayPal PLUS one year ago have shifted the focus to PayPal Checkout, allowing you to continue offering familiar payment options to your customers while benefiting from modern payment solutions. For Magento 1 users, our Mage-One module is ready to facilitate the transition. Alternatively, you can opt for all-in-one payment solutions to offer a variety of payment methods.
Oracle announced some time ago that it would end support for MySQL 5.7 on October 31, 2023. This version was released in 2015 and thus received support for eight years – a considerable period of time in the software world.
The upcoming end-of-life date does mean that Oracle will no longer provide updates or security patches for MySQL 5.7. This may impact many popular web applications, including Magento 1, Shopware and WordPress, which are currently still running on MySQL 5.7.
The well-known software vendors have, of course, responded early to keep their platforms compatible with the latest MySQL version. Both Shopware and WordPress have released updates to ensure compatibility with MySQL 8.0 – the follow-up version to MySQL 5.7.
MageOne has also taken appropriate action to ensure the stability and reliability of Magento 1 even after MySQL 5.7 support ends and has released patches to it.
Given the limited time remaining until the end of support, some hosting providers have already started to discontinue support for MySQL 5.7. Therefore, it is advisable to check your current hosting package and make sure that all necessary patches are installed to ensure a smooth migration.
MySQL 8.0, released five years ago, has now established itself as a mature version and offers numerous improvements and new features over its predecessor. With better performance, increased scalability and enhanced security mechanisms to protect your data, MySQL 8.0 offers many reasons to upgrade.
It is therefore advisable to act now and prepare for the end of MySQL 5.7 support. Review your current database version, plan to upgrade to MySQL 8.x and contact your hosting provider to ensure that your web application will be optimally supported in the future.
Switching to MySQL 8.0 may be challenging at first, but the benefits this upgraded version offers are worth it. A modern, high-performance database is a crucial factor for a reliable and future-proof web application.
As you have probably already learned from the relevant media, a critical security vulnerability (ZERO-Day) has become known for Magento 2. Under the designation APSB22-12, the vulnerability CVE-2022-24086 is listed, which is already actively exploited.
You have probably already heard that a standard library for Java, “log4j”, is currently exposed to attacks. With this vulnerability, attackers may be able to execute malicious code on your system. Magento is based on PHP and is therefore not affected by this vulnerability.
However, it is possible that other software you use is vulnerable. Typically, this involves the search function of Magento 1. Here, the standard might have been replaced by ElasticSearch or Solr, for example – a specialized and much faster search. Likewise, logging services that archive error messages may be affected. You should urgently ensure that the versions you may be using are no longer affected by this vulnerability.
As soon as we have new information about this vulnerability and affected software, we will inform you again in a newsletter.
Here it becomes clear: PHP 7.2. is end of life. Everything that comes in the clear red is no longer supported and should not be used in live systems. This is primarily a security aspect, as no more security holes will be closed.
The first hosters react accordingly and discontinue their support for PHP 7.2. or charge additional fees for it. These hosters already include:
Strato IONOS (formerly 1&1) HostEurope
So if you would like to upgrade your Magento 1 store to more current PHP versions: Our PHP 7.3 patch has already been released. The PHP 7.4 patch is in the testing phase and will be released by mid-February 2021. Our PHP 8 patch is ready and is currently being tested by our partners so that they can adapt their extensions to PHP 8 as well, if necessary.
Important for you to know: if you install our patches, they will run on all PHP versions active until then. So if you install the PHP 7.3 patch, you can run this patched Magento store in an environment that only supports PHP 7.2.
PHP 7.2 Support wird eingestellt – was ist mit Magento 1 unter PHP 7.3, 7.4 und PHP 8?
Sie haben es vielleicht schon von Ihrem Hoster gehört: PHP 7.2 wird eingestellt. Aber was bedeutet das für Ihren Magento 1 Shop?
Wer wissen will, wie lange die eingesetzte PHP-Version auf seinem Server noch von PHP supported wird, kann auf diese Seite einen Blick werfen:
Hier wird deutlich: PHP 7.2. ist end of life. Alles, was in dem deutlichen rot daher kommt, wird nicht mehr unterstützt und sollte in Livesystemen nicht mehr verwendet werden. Das ist in erster Linie ein Sicherheitsaspekt, da keine Sicherheitslücken mehr geschlossen werden.
Die ersten Hoster reagieren entsprechend und stellen ihren Support für PHP 7.2. ein oder verlangen dafür zusätzliche Gebühren. Zu diesen Hostern zählen bereits:
Strato IONOS (ehemals 1&1) HostEurope
Wer also seinen Magento 1 Shop gerne auf aktuellere PHP-Versionen umstellen möchte: Unser PHP 7.3 Patch ist bereits erschienen. Der PHP 7.4. Patch ist in der Testphase und wir bis Mitte Februar 2021 erscheinen. Unser PHP 8 Patch ist fertig und wird derzeit von unseren Partnern geprüft, damit diese ggf. ihre Erweiterungen ebenfalls auf PHP 8 anpassen könnnen.
Wichtig für Sie zu wissen: wenn Sie unsere Patches installieren, so laufen diese auf allen bis dahin aktiven PHP-Versionen. Wenn Sie also den PHP 7.3. Patch installieren, so können Sie diesen gepatchten Magento Shop auch in einer Umgebung laufen lassen, die nur PHP 7.2. unterstützt.
We also upgraded our platform. For more self service you can now check the status of your invoices, pay them directly via a [pay now] link and download the PDFs. Just click Invoices in the main menu.
Patch MO-26
This patch Improves cookie handling for cookies created by Mage.Cookies.
Patch MO-27
An administrator with permission to import/export data and to create widget instances was able to store an executable file on the server and load it via layout xml.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-28
An administrator with permission to create products was able to inject an executable file on the server via wishlist functionality.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-29
An administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml.
Thanks to Peter O’Callaghan for sharing his findings!
Patch MO-30
Improves our patch MO-20 — An administrator with permission to access System > Permissions > Variables was able to add config paths for encrypted config fields to the allow list. This made it possible to view the decrypted value of private information.
Patch MO-31
Improves MO-21 — Compatibility of 3rd party integrations by flagging cookies as SameSite=None.
Patch MO-32
Fixes MO-23 — It’s the end of a very special and busy year. This patch fixes the duplicate protocol handler in the news feed url.
You can download these patches in your customer account at https://my.mage-one.com/patches. Everything you need to know about the issue and how to install it is explained there.
With our patch MO-23 we introduce a new Mage One feature: Patch Notification via your Magento admin panel. As soon as we release new patches, your admin panel will give you a notification on login.
Custom Patch Notification Mail Address
If you would like to receive our newsletter with an email address other than your account email address on my.mage-one.com, you can change it now under “user settings” in our platform!
Patch MO-21
This patch Improves compatibility of 3rd party integrations by flagging cookies as SameSite=None.
Patch MO-22
This patch prevents access to the ./downloader directory which was used for the “CardBleed” attack.
We added a few lines to ./downloader/.htaccess. If you want access ./downloader you have to add # in front of the 2 lines at the beginning.
Patch MO-23
This patch adds patch notification to your admin panel. As soon as a patch is released you’ll be notified on you next login to your shop’s admin panel.
Patch MO-24
With MO-18 wie improved the formkey validation. Unfortunately this results in a lot of error log entries if you shop is subject of a brute force attack. We changed the way these errors are logged to prevent flooding of your error log files.
Patch MO-25
An administrator with permission to update product data was able to store an executable file on the server and load it via layout xml. We improved layout xml security with some additional sanitation checks for method executions.
Thanks to Edgar Boda-Majer for sharing his findings!
You can download these patches in your customer account at https://my.mage-one.com/patches. Everything you need to know about the issue and how to install it is explained there.
We improved the QPS module. You can now configure an email address to get a notification once new rules have been synchronized. You can find the configuration in System > Configuration > Quick Protection System > Notification.
Patch MO-18
This patch is based on a backport for CVE-2020-9690 of Magento 2. Magento’s hash compare functionality has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Patch MO-19
An admin user was able to use soap access with product attributes and a product to upload an executable file to the server and execute it.
Thanks to Luke Rodgers for sharing his findings!
Patch MO-20
An administrator with permission to access System > Permissions > Variables was able to add config paths for encrypted config fields. This made it possible to view the decrypted value of private information.
Thanks to Peter O’Callaghan for sharing his findings!
You can download these patches in your customer account at https://my.mage-one.com/patches. Everything you need to know about the issue and how to install it is explained there.
You must be logged in to post a comment.