Stay secure: latest security fixes for Adobe Commerce and Magento Open Source

Stay secure: latest security fixes for Adobe Commerce and Magento Open Source - Zest Logic

On June 13th, Adobe released several security updates for Adobe Commerce and Magento Open Source platforms. These updates include new versions: 2.4.4-p4, 2.4.5-p3, and 2.4.6-p1, which address vulnerabilities identified in previous releases.

In terms of security enhancements, these updates improve compliance with the latest security best practices and consist of 13 security fixes and platform upgrades. The security fixes address various vulnerabilities, such as security feature bypass, arbitrary code execution, arbitrary file system reading, and information exposure.

The affected versions for Adobe Commerce include 2.4.6 and earlier, 2.4.5-p2 and earlier, 2.4.4-p3 and earlier, 2.4.3-ext-2 and earlier, 2.4.2-ext-2 and earlier, 2.4.1-ext-2 and earlier, 2.4.0-ext-2 and earlier, and 2.3.7-p4-ext-2 and earlier. For Magento Open Source, the affected versions are 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier.

To address these vulnerabilities, Adobe recommends users update their installations to the latest available versions. The priority ratings for these updates are categorized as 3, indicating the importance of applying the updates promptly. Installation instructions are provided for each affected version to guide users through the update process.

It's worth noting that no confirmed attacks related to these vulnerabilities have been reported thus far. However, it is essential to take precautionary measures to protect the administration of your website, such as IP allowlisting, enabling two-factor authentication, using a VPN, and employing good password hygiene.

Additionally, the release introduces certain security highlights and platform upgrades. The default behavior of the isEmailAvailable GraphQL query and REST endpoint has changed, and platform upgrades include support for Varnish Cache 7.3 and RabbitMQ 3.11 and updates to JavaScript libraries.

In addition to the above updates, Adobe also released Adobe Commerce 2.4.7-beta1, which includes the same security fixes as the previous versions (2.4.4-p4, 2.4.5-p3, and 2.4.6-p1). It also introduces security improvements and platform enhancements, including native rate limiting for payment information and compatibility with updated components such as Composer 2.5, Varnish Cache 7.3, and RabbitMQ 3.11.

By keeping your Adobe Commerce or Magento Open Source platforms up to date and following the recommended security practices, you can enhance the security of your e-commerce website and protect against potential vulnerabilities.

In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.

Reading next

Shopify or Etsy.What to choose in 2024
TOP 12 eCommerce Integrations for Your Online Business

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.