Earlier this month, Magento announced several security patches & updates for Magento 2. The patches include security enhancements that help close Remote Code Execution and Cross Site Scripting and other vulnerabilities.
You can read more about the patches here.
In addition to the release of the patches, Magento has announced two end of support dates for Magento versions 2.2.x:
- PCI Compliance for Merchants using Magento Commerce 2.2.x may be at risk as of November 30th, 2019 due to the end of support for PHP 7.1.
- End of scheduled support for all versions of Magento Commerce 2.2.x on December 31st, 2019.
Merchants are encouraged to update both their PHP and Magento versions to the latest iteration of each in order to help maintain a secure site. Modern Retail will be updating all our Magento clients to Magento 2.3.3 as well as the latest PHP version by the end of November.