Magento 1 EOL Support - FAQ

Frequently Asked Questions about Webscale’s Magento 1 (M1) EOL Support

What is M1 Support?

Webscale M1 Support is a comprehensive, security-focused SaaS solution for digital commerce merchants planning to remain on Magento 1.x beyond its end-of-life (EOL) in June 2020.

There are two options to Webscale M1 Support:

  • Webscale Cloud M1 Support for customers whose hosting environment is in the cloud and managed by Webscale (and typically hosted by Webscale as well).
  • Webscale On-Prem M1 Support for customers whose hosting environment is not managed by Webscale (maybe hosted in the cloud or in a private data center).

Does Webscale support M1 Commerce (formerly known as Enterprise) and M1 Open-source (formerly known as Community)?

Yes! Webscale’s M1 On-Prem and Cloud Support protects M1 commerce and Open-source customers.

What versions within 1.x does Webscale support?

It is required that customers are on the latest 1.x versions and all the patches have been applied for any security patches that Webscale makes available to work.

Webscale’s M1 On-Prem and Cloud Support protect M1 Commerce on 1.14.x, and M1 Open-source on 1.9.x versions. The latest release of M1 Commerce is and M1 Open-Source is

What is the SLA for Webscale M1 Support?

M1 Open-Source customers have a 30 day SLA on availability of patches and M1 Commerce customers have 60-day SLA on availability of patches.

Who are our partners for developing security patches?

For M1 Open-Source and M1 Commerce, Webscale partners with specific vendors who are focused on developing patches for Magento 1 versions, as well as our developer partner network who we have contracted with to write Magento 1 security patches.

Patches will be delivered by Webscale support to customers on the M1 EOL Patches page.

What does “On Premise M1 Support” mean? Does this refer to technical/support professional services?

Webscale On Premise (or On Prem) M1 Support refers to the Webscale SaaS platform subscription and developer support services that support M1 applications after the EOL date. The applications are not hosted by Webscale in the public cloud. The SaaS platform automatically protects from known Magento attacks with custom built-in rulesets, from zero-day vulnerabilities with virtual patching to browser-based attacks with real-time Content Security Policy (CSP) protection. Webscale developer support services for M1 provide regular patches to customer’s development resources to apply and protect against newly discovered vulnerabilities on Magento Open Source and Magento Commerce.

How do we identify vulnerabilities?

We will track the Magento community but rely on our partner to help us identify vulnerabilities. For the most part, Open-Source vulnerabilities are likely also to manifest as Commerce vulnerabilities.

What do we need to protect applications to start with?

Webscale will have an M1 base ruleset ready and enabled to protect M1 applications. These will be mandatorily enabled for all Webscale M1 customers. Webscale onboarding/support will write the list of all appropriate rules, and ensure all M1 Support customers are enabled with these rules.

How do we track & test exposure to a new vulnerability?

We will use customer staging environments to reproduce the vulnerability and/or understand its risk and exposure to the application. No explicit customer agreement is needed at this point.

Are the patches applied by Webscale Support?

No. Webscale provides the patches to customers. Customers or their developer team will download and verify the patch in a staging or testing environment before applying the patch to their production system.

What is Virtual Patching? How will the process work internally?

A virtual patch is the configuration of a capability in the Webscale platform that limits application exposure to the vulnerability, without making any changes to the application code. The virtual patch is applied outside the application infrastructure, typically in the Webscale data plane. This may be through web controls, ModSecurity rules, access control (allow/block), CSP, or other available configurations.

When a new vulnerability is discovered, Webscale Support will:

  • Determine exposure, if any, to the application due to a new vulnerability.
  • Determine mechanisms to prevent the exposure.
  • Write any rules (web controls, ModSecurity, etc) required to prevent any potential exploits.

This is called virtual patching. Once a virtual patch has been applied customers will be notified about the virtual patching.

Where can I find the released patches and patch installation instructions?

Further information and instructions for patching can be found on Magento 1 EOL Patches.

Is there a list of the services in Webscale M1 Support and what is included?

Features M1 Cloud Support M1 On-Prem Support
Auto-scaling Webscale data plane
OWASP top 10 protection
Self-healing HA Webscale Integration layer
L7 Load Balancing
WAF: Blacklisting, Whitelisting, Geolocation
TLS Offload
Webscale Control Portal / Real-time Traffic Viewer
DDoS Shield Mode
Mobile Optimization
CDN Caching Optional
Cache Control
3rd party optimization
Content Optimization
Dynamic Site Cache
Performance Monitoring & Alerting
Virtual Patching
Real-time CSP protection
Magento Security patches (with SLA)
Application Shielding
Malware Scanners
Intrusion Detection
Daily backup
Email and Phone support (24 x 7 x 365)
15 Min Critical Ticket Response time (Max 10 per month)

Further Reading

Have questions not answered here? Please Contact Support to get more help.

Last modified October 12, 2020