Merchants must replace Magento version 2.1.x summer 2019. The Magento 2.1.18 software release marks the final supported software release for Magento version 2.1.x. As of June 30 2019, Magento 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired.
PCI compliance requires the installation of critical software security patches within 30 days. When a software or related service provider no longer offers security patches, then merchants must replace or upgrade within 30 days. This is the same reason merchants using Microsoft Windows XP would not be PCI compliant.
I previously reported the Magento vulnerabilities and patch requirements in April 2019. Merchants should not rely on their business partners to automatically perform updates. Here’s a handy web site to check your Magento version now.
Now is a great time to also do a payment gateway checkup.
Call Christine Speedy, PCI Council QIR certified, to reduce merchant fees with new or existing merchant account at 954-942-0483, 9-5 ET.