Skip to content

Bundle aligent/magento2-pci-4-compatibility #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

Bundle aligent/magento2-pci-4-compatibility #239

merged 1 commit into from
Oct 7, 2025

Conversation

rhoerr
Copy link
Contributor

@rhoerr rhoerr commented Oct 2, 2025

I propose adding Aligent_Pci4Compatibility as a bundled module. https://github.com/aligent/magento2-pci-4-compatibility

  • It enforces policies required for PCI compliance
  • It is slim, unintrusive, well integrated, and works; have used it on many production sites
  • It is maintained, with negligible open issues

Implications

  • Admins with passwords that don't meet the new requirements will have to change them after login.
  • Admin accounts will auto disable after 90 days.
  • Admin session lifetime is reduced dramatically for most sites, to 15 minutes.

Risks

  • User frustration (but the frustration is with PCI 4 requirements, which are mandatory for most credit card processing).

Benefits

  • PCI 4 compatibility for session and password settings

PR

This PR results in the module being added as a pinned require of mage-os/product-community-edition like:

"aligent/magento2-pci-4-compatibility": "1.2.0",

which composer will then require via packagist, like any other third party package (Monolog, Laminas, Symphony, ...). The latest published version will be pinned at the time of each release.

@rhoerr rhoerr requested a review from a team as a code owner October 2, 2025 03:59
@rhoerr rhoerr added this to the Mage-OS 2.0 milestone Oct 2, 2025
@rhoerr rhoerr changed the base branch from main to release/mage-os-2.0 October 2, 2025 12:20
@rhoerr rhoerr added the enhancement New feature or request label Oct 2, 2025
@ProxiBlue
Copy link

I would say this is a no brainer for inclusion.
It is needed to comply to the PCI requirements. Can't really go without it. is now, or later. so just get it done :)

@fballiano fballiano merged commit a47af1f into mage-os:release/mage-os-2.0 Oct 7, 2025
1 check passed
@rhoerr rhoerr deleted the bundle/aligent-magento2-pci-4-compatibility branch October 8, 2025 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Vinai Vinai Vinai approved these changes

@fballiano fballiano fballiano approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

Mage-OS 2.0

Development

Successfully merging this pull request may close these issues.

4 participants

@rhoerr @ProxiBlue @Vinai @fballiano