Security: Patched 1.7.0.2 versus 1.9.2.2
-
20-10-2020 - |
Вопрос
I have three sites running 1.7.0.2 all fully patched and updated. Modules all written the 'proper' way (with a couple of small exceptions). The sites are all pretty much clones of each other.
There is a new site coming - I'm wondering whether I should upgrade them all to the latest version of 1.x (1.9.2.2 at time of writing) and build the new site on that too. It will mean a lot of testing, the sites do brisk business.
I also wondering whether it's worth that effort or whether I should just use our existing codebase and launch the new site on patched 1.7.0.2. Then focus the development effort on the migration to v2 (I'm aware that will be a much more serious project of course). The real question then is -
Is a fully patched 1.7.0.2 less secure than 1.9.2.2?
I'm not interested in any new features of 1.9.2.2, just whether running on patched 1.7.0.2 buys me enough time to re-develop these sites on v2.
I'm interested to know any thoughts.
Решение
First of all: Nice question!
I'd say a fully patched 1.7.0.2 is as secure as a new 1.9.2.2. As long as there are still security patches released for 1.7.0.2 you're good to go with it.
So I think it makes sense to continue with 1.7.0.2 and use the time to plan and develop your new shop with Magento 2.