Tech News and Updates

Enhanced security measures: Adobe Commerce and Magento Open Source release critical updates

Enhanced security measures: Adobe Commerce and Magento Open Source release critical updates

Adobe has recently released security updates for Adobe Commerce and Magento Open Source, aimed at enhancing the security features of these platforms. The latest release, Adobe Commerce 2.4.6-p4, along with versions 2.4.5-p6 and 2.4.4-p7, introduces five crucial security fixes addressing vulnerabilities identified in previous releases.

Among the key security highlights in this release are modifications to the behavior of non-generated cache keys. Non-generated cache keys for blocks now incorporate distinct prefixes and are restricted to containing only letters, digits, hyphens, and underscore characters. Additionally, this update imposes limitations on the number of auto-generated coupon codes, with the default maximum set at 250,000. Merchants can adjust this limit using the new Code Quantity Limit configuration option found in the Stores > Settings: Configuration > Customers > Promotions section.

Adobe's security update, identified as APSB24-03, addresses critical, important, and moderate vulnerabilities in Adobe Commerce and Magento Open Source. These vulnerabilities, if exploited successfully, could result in arbitrary code execution, security feature bypass, and application denial-of-service.

The affected versions include Adobe Commerce 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, 2.4.4-p6 and earlier, as well as Magento Open Source 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, and 2.4.4-p6 and earlier.

To mitigate these security risks, Adobe recommends users to update their installations to the latest versions:

  • Adobe Commerce 2.4.6-p4 for 2.4.6-p3 and earlier
  • Adobe Commerce 2.4.5-p6 for 2.4.5-p5 and earlier
  • Adobe Commerce 2.4.4-p7 for 2.4.4-p6 and earlier

These updates are applicable to all platforms and are classified with a priority rating of 3.

Detailed vulnerability information is provided in the Security Bulletin , categorizing the impact, severity, authentication requirements, exploit privileges, CVSS base scores, and CVE numbers associated with each vulnerability.

In conclusion, staying updated with the latest security patches is crucial for maintaining the integrity and security of Adobe Commerce and Magento Open Source deployments. Users are urged to apply these security updates promptly to safeguard their systems against potential exploits and vulnerabilities.

In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.

Reading next

ReCAPTCHA service adjustments: a shift in spam protection
Hyvä Theme: empowering Magento merchants with speed, simplicity, and performance

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.