Magento 1 EOL Support - FAQ
What is M1 Support?
Webscale M1 Support is a comprehensive, security-focused SaaS solution for digital commerce merchants planning to remain on Magento 1.x beyond its end-of-life (EOL) in June 2020.
There are two options to Webscale M1 Support:
- Webscale Cloud M1 Support for customers whose hosting environment is in the cloud and managed by Webscale (and typically hosted by Webscale as well).
- Webscale On-Prem M1 Support for customers whose hosting environment is not managed by Webscale (maybe hosted in the cloud or in a private data center).
Does Webscale support M1 Commerce (formerly known as Enterprise) and M1 Open-source (formerly known as Community)?
Yes! Webscale’s M1 On-Prem and Cloud Support protects M1 commerce and Open-source customers.
What versions within 1.x does Webscale support?
It is required that customers are on the latest 1.x versions and all the patches have been applied for any security patches that Webscale makes available to work.
Webscale’s M1 On-Prem and Cloud Support protect M1 Commerce on 1.14.x, and M1 Open-source on 1.9.x versions. The latest release of M1 Commerce is 1.14.4.5 and M1 Open-Source is 1.9.4.5.
What is the SLA for Webscale M1 Support?
M1 Open-Source customers have a 30 day SLA on availability of patches and M1 Commerce customers have 60-day SLA on availability of patches.
Who are our partners for developing security patches?
For M1 Open-Source and M1 Commerce, Webscale partners with specific vendors who are focused on developing patches for Magento 1 versions, as well as our developer partner network who we have contracted with to write Magento 1 security patches.
Patches will be delivered by Webscale support to customers on the M1 EOL Patches page.
What does “On Premise M1 Support” mean? Does this refer to technical/support professional services?
Webscale On Premise (or On Prem) M1 Support refers to the Webscale SaaS platform subscription and developer support services that support M1 applications after the EOL date. The applications are not hosted by Webscale in the public cloud. The SaaS platform automatically protects from known Magento attacks with custom built-in rulesets, from zero-day vulnerabilities with virtual patching to browser-based attacks with real-time Content Security Policy (CSP) protection. Webscale developer support services for M1 provide regular patches to customer’s development resources to apply and protect against newly discovered vulnerabilities on Magento Open Source and Magento Commerce.
How do we identify vulnerabilities?
We will track the Magento community but rely on our partner to help us identify vulnerabilities. For the most part, Open-Source vulnerabilities are likely also to manifest as Commerce vulnerabilities.
What do we need to protect applications to start with?
Webscale will have an M1 base ruleset ready and enabled to protect M1 applications. These will be mandatorily enabled for all Webscale M1 customers. Webscale onboarding/support will write the list of all appropriate rules, and ensure all M1 Support customers are enabled with these rules.
How do we track & test exposure to a new vulnerability?
We will use customer staging environments to reproduce the vulnerability and/or understand its risk and exposure to the application. No explicit customer agreement is needed at this point.
Are the patches applied by Webscale Support?
No. Webscale provides the patches to customers. Customers or their developer team will download and verify the patch in a staging or testing environment before applying the patch to their production system.
What is Virtual Patching? How will the process work internally?
A virtual patch is the configuration of a capability in the Webscale platform that limits application exposure to the vulnerability, without making any changes to the application code. The virtual patch is applied outside the application infrastructure, typically in the Webscale data plane. This may be through web controls, ModSecurity rules, access control (allow/block), CSP, or other available configurations.
When a new vulnerability is discovered, Webscale Support will:
- Determine exposure, if any, to the application due to a new vulnerability.
- Determine mechanisms to prevent the exposure.
- Write any rules (web controls, ModSecurity, etc) required to prevent any potential exploits.
This is called virtual patching. Once a virtual patch has been applied customers will be notified about the virtual patching.
Where can I find the released patches and patch installation instructions?
Further information and instructions for patching can be found on Magento 1 EOL Patches.
Is there a list of the services in Webscale M1 Support and what is included?
| Features | M1 Cloud Support | M1 On-Prem Support |
|---|---|---|
| Auto-scaling Webscale data plane | ||
| OWASP top 10 protection | ||
| Self-healing HA Webscale Integration layer | ||
| L7 Load Balancing | ||
| WAF: Blacklisting, Whitelisting, Geolocation | ||
| HTTP/2 | ||
| HTTPS , TLS 1.2 | ||
| TLS Offload | ||
| Webscale Control Portal / Real-time Traffic Viewer | ||
| DDoS Shield Mode | ||
| Mobile Optimization | ||
| CDN Caching | Optional | |
| Cache Control | ||
| 3rd party optimization | ||
| Content Optimization | ||
| Dynamic Site Cache | ||
| Performance Monitoring & Alerting | ||
| Virtual Patching | ||
| Real-time CSP protection | ||
| Magento Security patches (with SLA) | ||
| Application Shielding | ||
| Malware Scanners | ||
| Intrusion Detection | ||
| Daily backup | ||
| Email and Phone support (24 x 7 x 365) | ||
| 15 Min Critical Ticket Response time (Max 10 per month) |
Further Reading
- Magento 1 EOL Patches
- How to Contact Support
- Web Controls
- How to Block Countries from Accessing Your Site
- How to Edit the Whitelist
- How to Edit the Blacklist
Have questions not answered here? Please Contact Support to get more help.
Feedback
Was this page helpful?
Glad to hear it! Have any more feedback? Please share it here.
Sorry to hear that. Have any more feedback? Please share it here.