Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security patching for Magento 2.2.8

‎11-01-2020 05:27 PM
‎11-01-2020 05:27 PM

Security patching for Magento 2.2.8

Hi,

 

The company I worked for is using Magento 2.2.8 which is developed by an agency last year. We do not have any in-house developers so maintenance is also done by them. Their warranty include security patching but not Magento version patching. 

 

They claims that 2.2.8 is safe as there has been no security patch released for this version. 

 

I saw a hotfix for CVE-2019-8118 release this year which applies to 2.2 so wanted the developer to update it. However, they don't consider this a security patching but version patching.

 

Are they correct? It seems like they don't have to do any update to the system at all. 

 

Thanks in advance,

Shaun

0 Kudos