Writing

Adobe Commerce Articles

Articles and guides on Adobe Commerce (Magento), covering development, performance, integrations, and operating scalable ecommerce platforms.

Magento 2 Polyshell RCE: Technical Breakdown, PoC & Patch Guide

Deep dive into the Magento 2 Polyshell remote code execution vulnerability — how it works, how to test if you're affected, and how to apply the patch.

Adobe's Isolated Patch Strategy: A Community Response

Adobe's new monthly isolated patch approach for Magento creates maintenance burden. Here's how a community meta-package can help restore sanity to security patching.

Strengthening Magento 2 Security in CI/CD Pipelines with Sansec Ecomscan

Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.

Check if your Magento site is safe from Session Reaper (CVE-2025-54236)

How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.

Debouncing Magento 2 FPC Purge Requests

Delaying Magento 2 full page cache purges to a set schedule, to improve frontend performance and reduce system load during busy periods such as sales events like black friday.

Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback

Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback

CosmicSting (CVE-2024-34102): Check and Patch Your Magento Store

Free validator tool to check if your Magento 2 store is vulnerable to CosmicSting (CVE-2024-34102) — 6,500+ stores tested, 2,300+ found vulnerable. Step-by-step patching guide included.

Adobe Commerce - Improved Magento Vars Store Code Configuration

A simplified version of the magento-vars.php store code configuration. That catches both CNAME alias' and dynamic integration urls