Security Updates for 3rd party modules

Appreciate most of you active in the Magento space are already aware that a large majority of module vendors are moving to a subscription based model soon.

I’ll leave my feelings on ‘lifetime free updates’ not exactly being lifetime for another thread!

However I’ve written to all of the vendors and most have agreed that regardless of a customers support status, if a security issue is identified in a module then this fix would be released to all customers.

Out of all the ones I wrote to, Amasty was the only company that didn’t agree that all customers should get security updates.

Mirasvit, MageWorx, Mageplaza, AheadWorks all agreed security fixes should not be tied to subscription status.

submitted by /u/iSpiKedfd
[link] [comments]