The staging area is useless for us at the moment as our client gets quite a few orders so by the time we have finished work on the staging site (including updating products and pages) there have been sales, this means we cannot merge the staging site with live as it overwrites the orders in the database.

For Magento applications (and any other shopping cart) there should be an option to exclude ALL order, customer, invoice tables etc from the migration process. So just an 'exclude customer data' option.

This would then exclude all tables relating to customers including the marketing section (newsletter signups for example).

I would like to suggest that Cloudways publishes an article or other document that describes how Cloudways maintains, patches, updates servers and secures them.

The intent is not to disclose details that puts security at risk but instead demonstrates the value Cloudways is providing in the area of helping its customers maintain a secure server and application environment.

Information should include frequency of update / patch deployment, frequency of security scans for malware / unauthorized access, firewall ports and services that are open especially those for inbound traffic from the Internet, intrusion protection mechanisms, transparency reports for government information requests and legal processes, etc..

This kind of information will help Cloudways demonstrate value being provided. And, it would be helpful for devs, webmasters, and agencies too ... especially when evaluating Cloudways or building solutions / offerings on servers managed via the Cloudways service.

It will also be helpful to those who strive to document our own security practices.

I am a Cloudways customer, and right now what Cloudways provides and does in the realm of security is a big "black box" that offers no details or documentation of such to its customers or prospective customers.

Like I said, a suggestion ... which I believe is a good one.

Based on the email sent by magento (below), please update the according php versions ASAP if possible.

Kind regards,
Jakab András

Magento, An Adobe Company
A vulnerability has recently been discovered in PHP and we recommend Magento Commerce customers adopt changes to address the issue.
MS-ISAC has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should update to the latest PHP version ASAP ( full alert is available here).

Since Magento Commerce relies on PHP, we recommend that all Merchants using Magento Commerce review necessary updates for PHP with their hosting provider. We also recommend that Merchants complete this review and any updates by September 30 in order to mitigate the vulnerability and to avoid PCI compliance issues that may go into effect as a result of these vulnerabilities at the end of the month. For those using Magento Commerce on our cloud infastructure, please find specific information on these changes here.

Per the alert, recommended patches for this vulnerability include:

PHP 7.1: https://www.php.net/ChangeLog-7.php#7.1.32
PHP 7.2: https://www.php.net/ChangeLog-7.php#7.2.22
PHP 7.3: https://www.php.net/ChangeLog-7.php#7.3.9

If you would like more information on PHP and recent releases, you can visit PHP’s site. And if you have questions or would like more information on best practices for security, please check out our DevBlog article on Security.