We received an email from Magento today, March 4th, 2019, advising the following:
On March 14, 2019, Authorize.net will stop supporting MD5 based hash usage. Magento’s implementation of the Authorize.Net Direct Post payment method uses MD5 based hash and this change will result in Magento merchants not being able to process payments using Authorize.Net Direct Post. This issue affects all Magento versions, Magento 1 and Magento 2, Magento Commerce, Magento Commerce Cloud, and Open Source.
If you use Authorize.Net, take the following action to avoid disruption:
- Apply a patch provided by Magento
- Replace the existing MD5 hash with a Signature Key (SHA-512) in the Magento Admin configuration settings.
(This patch was released on March 1, and instructions can be found on the Magento Help Center.)
The new integration will also be implemented in Magento 2.3.1, expected at the end of March.
The Magento Team
Well this doesn’t leave much time to test the solution and could be a major disruption. We will post the alert to A51.
[aMiSTACX Customers] If you want to be the test mouse, please let use know, and we will attempt to patch it for you* at no charge, as long as you agree to allow us to do a write-up 😉 Fair is fair. Oh, and only Magento 2.2.x stacks apply. Thanks!
*Limited to one customer. First come first serve.