I read an interesting update about eBay today (http://www.theregister.co.uk/2015/06/22/ebay_magento_vulnerabilties/) about how they have released yet another security patch for Magento in the last month to deal with several different security problems that including XSS, CSRF and input vulnerabilities, three in total. Three is a huge number for a framework/platform that is being used by seriously significant companies around the globe!
I have developed rather an issue with Magento over the last few years. I’ve seen platforms/frameworks really grow up in terms of capabilities and maturity of language and I’ve seen some awesome new concepts come out. Magento wanted to jump on that bandwagon and announced at the developers paradise in 2012 that Magento 2 would be released in December 2012. It was using Zend 2 with more contained modules and a bunch of other stuff that would mean it’s up to date. It’s currently June 2015, where the hell is it? A developer’s RC1 version has been released recently but frankly, Magento 2 lost all of it’s traction in early 2013 apart from with it’s core following. That’s great, but most of those guys are not making the business decisions with technology choice.
Now we have the problem of an enormous all encompassing platform that is a monolith of history that is dominating the eCommerce scene. It requires a patch to work with PHP 5.4 (we’re on 5.6.9 or 5.5.25 depending on your preference) which is a real issue when it comes to building Magento into a collaborative system that is more up to date and it has more holes than my colander when it comes to getting the job done in the environment it is living in.
I’m curious to see how Magento lasts in a world where platforms like Hybris are really taking off and lighter platforms for collaboration like sylius which uses an up to date framework are becoming more desirable…