Author
Principal Engineer specialising in Magento 2, Adobe Commerce, DevOps, and e-commerce security
Sam James writes about a range of topics drawn from professional experience in Magento, DevOps, and e-commerce engineering.
AI is a force multiplier for Magento development — but it multiplies whatever processes you already have. Here's the operational stack your team needs before leaning heavily into AI-generated output.
Two new Linux kernel LPE exploits (DirtyFrag and Copy Fail 2: Electric Boogaloo) abuse the esp4 and esp6 IPsec modules. Same class of threat as CVE-2026-31431. Here's what Magento operators need to do right now.
CVE-2026-31431 is a straight-line logic flaw in the Linux kernel's AF_ALG crypto API that's been exploitable on every major distro since 2017. Magento hosts are high-priority targets. Here's what you need to do right now.
GitHub accidentally included webhook secrets in HTTP headers between September 2025 and January 2026. Here's what happened, who's affected, and what you need to do about it.
How to guide on checking if your Magento 2 store is safe from the Polyshell vulnerability. And guidance on how to patch and secure your site if it is not.
Adobe's new monthly isolated patch approach for Magento creates maintenance burden. Here's how a community meta-package can help restore sanity to security patching.
Production DevOps documentation: CI/CD pipelines, Ansible/Terraform automation, monitoring strategies, and infrastructure deployment workflows.
CI/CD pipeline guides for GitHub Actions and Bitbucket: workflow automation, artifact management, environment cleanup, and troubleshooting.
Bitbucket Pipelines CI/CD guides: Renovate dependency automation, pipeline configuration, and third-party integrations for DevOps workflows.
Configure Renovate Mend for automatic dependency updates in Bitbucket. Step-by-step setup guide with marketplace integration and config examples.
Production-tested GitHub Actions workflows: SSH config, artifact cleanup, environment management, Dependabot automation, bulk actions state management, and troubleshooting guides.
Automate GitHub Actions artifact cleanup with CLI commands. Bulk delete workflows, manage storage, and optimize repository artifacts efficiently.
Active contributor on Magento Stack Exchange — answers cover development, performance, security, and troubleshooting.
Explained that they are disabled in the first place for security reasons, and provided a few ways to re-enable them if needed. View on StackExchange →
PHPCS fixer is not supported above PHP7.2, explained options on how to install without dev dependencies, remove the package or downgrade PHP to a supported version. View on StackExchange →
Explained that the issue likely stemmed from not setting the max package weight correctly, which in turn would set the max package weight to zero. View on StackExchange →
Provided an example of a systemd timer and service file to run Magento cron jobs, along with instructions on how to enable and start the timer. View on StackExchange →
Provided an non exhaustive list of steps to help secure a Magento 2.3 site, including using WAFs, file/IP restrictions, Scanning Tools, Integrity monitoring and more. View on StackExchange →