Pimcore 4 EOL, security risks

Hi all,

I have a Pimcore 4.x (latest) running and I think we’ll need at least 1 more year before we can upgrade to the 5 branch. Given that I was looking into ‘hardening’ the current install with these simple measures:

  • /admin/ only available with certain IP address (configured trough Apache), or valid user (basic auth)
  • Disable API

Would that already protect me from Pimcore ‘bugs’ & security risks (I trust my users so elevated right bugs inside Pimcore are not a thread).

What else?

Nobody? I thought there’ll be pro’s in this forum, maybe you also responsible for security?

nothing makes you 100% safe :wink: unless you disconnect the cable from the server.

No, your 2 ideas are already good measures. You should be fine for at least more than one year. You are not the only one still running Pimcore 4 or Zend applications, so all good :slight_smile:

1 Like