Magento is releasing new versions of Magento Commerce and Open Source to increase product security and functionality

These updates contain almost 50 security changes that help close cross-site request counterfeit (CSRF), unresolved data leak, and authenticated Admin user remote code execution vulnerabilities.

  • Magento Open Source and Commerce 2.2.3
  • Magento Open Source and Commerce 2.1.12
  • Magento Open Source and Commerce 2.0.18
  • Magento Open Source
  • Magento Commerce
  • SUPEE-10570 to patch earlier Magento 1.x versions

Patch code and release notes published on February 27, 2018.


Releases also support API changes implemented recently by USPS. Also Magento Commerce and Open Source 2.2.3 offer finer permissions for common cache management tasks. This improvement allows competent users with administrators rights to set permissions for separate cache management tasks such as cleaning cache storage and refreshing cache types.

And thanks to Magento community members, Open Source 2.2.3 also includes support for Elasticsearch 5.0.x and enhancements to ACL control for cache management.

Elasticsearch is a search engine that offers a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Download updates

Please download releases, patches and tools for Magento open source 2.X and 1.X here: Tech resources