On June 13th, Adobe released several security updates for Adobe Commerce and Magento Open Source platforms. These updates include new versions: 2.4.4-p4, 2.4.5-p3, and 2.4.6-p1, which address vulnerabilities identified in previous releases.
In terms of security enhancements, these updates improve compliance with the latest security best practices and consist of 13 security fixes and platform upgrades. The security fixes address various vulnerabilities, such as security feature bypass, arbitrary code execution, arbitrary file system reading, and information exposure.
The affected versions for Adobe Commerce include 2.4.6 and earlier, 2.4.5-p2 and earlier, 2.4.4-p3 and earlier, 2.4.3-ext-2 and earlier, 2.4.2-ext-2 and earlier, 2.4.1-ext-2 and earlier, 2.4.0-ext-2 and earlier, and 2.3.7-p4-ext-2 and earlier. For Magento Open Source, the affected versions are 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier.
To address these vulnerabilities, Adobe recommends users update their installations to the latest available versions. The priority ratings for these updates are categorized as 3, indicating the importance of applying the updates promptly. Installation instructions are provided for each affected version to guide users through the update process.
It's worth noting that no confirmed attacks related to these vulnerabilities have been reported thus far. However, it is essential to take precautionary measures to protect the administration of your website, such as IP allowlisting, enabling two-factor authentication, using a VPN, and employing good password hygiene.
Additionally, the release introduces certain security highlights and platform upgrades. The default behavior of the isEmailAvailable GraphQL query and REST endpoint has changed, and platform upgrades include support for Varnish Cache 7.3 and RabbitMQ 3.11 and updates to JavaScript libraries.
In addition to the above updates, Adobe also released Adobe Commerce 2.4.7-beta1, which includes the same security fixes as the previous versions (2.4.4-p4, 2.4.5-p3, and 2.4.6-p1). It also introduces security improvements and platform enhancements, including native rate limiting for payment information and compatibility with updated components such as Composer 2.5, Varnish Cache 7.3, and RabbitMQ 3.11.
By keeping your Adobe Commerce or Magento Open Source platforms up to date and following the recommended security practices, you can enhance the security of your e-commerce website and protect against potential vulnerabilities.