The latest in Magento land

Do you know that feeling? You worked long and hard on that blog post? Or that super wicked Magento extension? And then you hit publish and... nothing. No one reads it. No one sees it. It just sits there. Well, not anymore! Mage Dispatch is here to help you get your content out there.

Mage Dispatch is a newsletter for the community and by the community. Here you can share links that you think that the community should know about. We will include it in our next newsletter.

Prevent Customer Address File Upload

This is a Magento 2 extension that prevents file uploads to /customer/address_file/upload endpoint which is used in combination with an flaw in Magento's logic to upload code and then execute it for CVE-2025-54236.

https://github.com/DeployEcommerce/module-prevent-customer-address-file-upload

#security #Extension #Magento #SessionReaper

11 Nov 2025
Cloudflare Turnstile Integration

A module for Magento 2 that extends the built-in reCAPTCHA support to add Cloudflare Turnstile, an alternative privacy-friendly solution.

https://github.com/boxtwentytwo/m2-cloudflare-turnstile

1

5

#Cloudflare #reCAPTCHA #module

11 Nov 2025
Hreflang

This module manages alternate URLs for homepages, CMS pages, product pages, and category pages.

https://github.com/dadolun95/magento2-hreflang

#Extension #module #SEO

11 Nov 2025
OpenPOS

We created OpenPOS to solve some headaches experienced by a few of our wonderful customers. The profound set of circumstances around timing and speed of delivery caused us to quickly widen our horizons and produce a fully Open Source EPOS.

https://github.com/zero1limited/Zero1_OpenPos

4

11

#POS Solution #Extension

11 Nov 2025
TddWizard Fixture library

A goodie but oldie: An alternative to the procedural script based fixtures in Magento 2 integration tests. It aims to be: extensible, expressive, easy to use

https://github.com/tddwizard/magento2-fixtures

32

145

#fixtures #testing #development

28 Oct 2025
Admin Module List

This module provides a comprehensive overview of installed and active modules within your Magento instance.

https://github.com/rubenzantingh/RubenZantingh_AdminModuleList

#Magento #Admin Module #PHP

28 Oct 2025
Database Splitting

A Magento 2 module that implements automatic read/write database splitting. Read queries are distributed across multiple read replicas using round-robin selection, while write operations always go to the master database. CLI operations (indexing, cron, console commands) always use the master to avoid temporary table conflicts. We ensure a 'writer first' approach and include a writer fallback for defensive posturing. It is built to support multiple readers, but 1 will work just as well.

https://github.com/furan917/Magento2-ReadWriteSplit

#database #performance #modules

28 Oct 2025
Understanding the CVE-2025-54236 vulnerability

A recent vulnerability in Adobe's e-commerce platform, identified as CVE-2025-54236, poses risks of remote code execution, particularly through file-based session storage, which can be exploited by unauthenticated users. The article analyzes the patch related to this vulnerability, its deserialization mechanisms, and offers insights into potential exploitation methods and vulnerabilities remaining in the application. The narrative provides a deep dive into the exploit chain and necessary payloads while exploring the implications of session management and type handling in the context of security.

https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/

#security #vulnerability #deserialization #SessionReaper

28 Oct 2025

Not finding what you're looking for? Search »

Got a link to share?

The latest in Magento land

The latest about Magento in your mailbox?

Endorsements

Previous Editions