Sam James writes about a range of topics drawn from his professional experience, helping readers explore key insights, strategies, and trends in Magento, DevOps, and E-commerce Engineering.
CVE-2026-31431 is a straight-line logic flaw in the Linux kernel's AF_ALG crypto API that's been exploitable on every major distro since 2017. Magento hosts are high-priority targets. Here's what you need to do right now.
GitHub accidentally included webhook secrets in HTTP headers between September 2025 and January 2026. Here's what happened, who's affected, and what you need to do about it.
How to guide on checking if your Magento 2 store is safe from the Polyshell vulnerability. And guidance on how to patch and secure your site if it is not.
Adobe's new monthly isolated patch approach for Magento creates maintenance burden. Here's how a community meta-package can help restore sanity to security patching.
Why I’m consolidating my blog and documentation into my main site: reducing infrastructure, improving clarity, and strengthening my personal brand and SEO.
Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.
Production DevOps documentation: CI/CD pipelines, Ansible/Terraform automation, monitoring strategies, and infrastructure deployment workflows.
CI/CD pipeline guides for GitHub Actions and Bitbucket: workflow automation, artifact management, environment cleanup, and troubleshooting.
Bitbucket Pipelines CI/CD guides: Renovate dependency automation, pipeline configuration, and third-party integrations for DevOps workflows.
Configure Renovate Mend for automatic dependency updates in Bitbucket. Step-by-step setup guide with marketplace integration and config examples.
Production-tested GitHub Actions workflows: SSH config, artifact cleanup, environment management, Dependabot automation, and troubleshooting guides.
Automate GitHub Actions artifact cleanup with CLI commands. Bulk delete workflows, manage storage, and optimize repository artifacts efficiently.
Sam is also an active contributor on Magento Stack Exchange, where he shares his expertise by answering questions and providing guidance to the community. His contributions cover a wide range of topics, including Magento development, performance optimization, security best practices, and troubleshooting complex issues.
Explained that they are disabled in the first place for security reasons, and provided a few ways to re-enable them if needed. View full Answer on StackExchange
PHPCS fixer is not supported above PHP7.2, explained options on how to install without dev dependencies, remove the package or downgrade PHP to a supported version. View full Answer on StackExchange
Explained that the issue likely stemmed from not setting the max package weight correctly, which in turn would set the max package weight to zero. View full Answer on StackExchange
Provided an example of a systemd timer and service file to run Magento cron jobs, along with instructions on how to enable and start the timer. View full Answer on StackExchange
Provided an non exhaustive list of steps to help secure a Magento 2.3 site, including using WAFs, file/IP restrictions, Scanning Tools, Integrity monitoring and more. View full Answer on StackExchange