The Home for Magento 2 Excellence

Mitigates the PolyShell unrestricted file upload vulnerability in the Magento REST API by enforcing an image-only extension allowlist on custom option file uploads. Blocks executable file uploads at both the validator and uploader level.

62 62,400 11 1.0.0 94d

Replaces Magento's Xml\Security class with a hardened version that correctly detects XML entities even when the input is not UTF-8 encoded under php-fpm, closing a potential XXE gap.

0 34 0 1.0.1 528d

This module implements the .well-known/change-password standard for Magento 2. This allows password managers to easily locate and redirect users to the correct URL when they wish to change their password.

6 7,878 0 0.0.6 619d

Disables Content Security Policy (CSP) enforcement during checkout. Bypasses CSP restrictions introduced in the 2024-06-11 security update without fully disabling the CSP module.

8 32,862 0 1.0.0 737d