Adobe Commerce new patch release of February 2024
Being ahead of the curve is essential for organizations providing their customers seamless experiences. With its most recent patch release for February 2024, Adobe Commerce has again risen to the challenge of recognizing this necessity. This much-awaited version includes numerous improvements, corrections, and optimizations to improve the functionality and performance of online retailers using Adobe Commerce. Adobe is always trying to strike the proper balance between giving early adopters greater access to improvements and new features and keeping product upgrades straightforward and predictable. For every supported release line of the core Adobe Commerce PHP application, Adobe publishes patches. Patch releases are chances to maintain your platform's security, dependability, and performance by updating the core codebase.
New path Release: Bulletin ID - APSB24-03
|
Availability |
Features |
Core PHP |
|
February 13, 2024 |
|
Security patches: 2.4.6-p4, 2.4.5-p6, 2.4.4-p7 |
Extensibility: Delivered separately from patch releases, new developer tools and services enable out-of-process extensibility. As an illustration, consider API Mesh, Adobe I/O Events for Commerce, and Admin UI SDK.
Infrastructure: The Cloud Tools Suite for Commerce packages, which are intended to deploy and manage Adobe Commerce installations and upgrades on the Cloud platform, has been updated with new capabilities and improvements for Adobe Commerce on cloud infrastructure.
Services: New SaaS functionalities that are supplied apart from patch updates. Take Product Recommendations, Live Search, and Catalog Service as examples.
What is new in these security patches?
The security update Adobe Commerce improves your Magento Open Source 2.4.4, 2.4.5, 2.4.6 or Adobe Commerce 2.4.4, 2.4.5, 2.4.6 deployment with five security fixes.
There are two significant security improvements with this release.
- Changes to the way non-generated cache keys behave.
Prefixes different from prefixes for automatically produced keys are now included in non-generated block cache keys. (Keys set using template directive syntax, the setCacheKey or setData methods, are examples of non-generated cache keys.)
Blocks with non-generated cache keys are now limited to characters, numbers, hyphens (-), and underscores (_).
- The quantity of promo codes that are created automatically is limited. Commerce now restricts the quantity of automatically generated promotional codes. The 250,000 maximum is the default. To manage this new limit, merchants can utilize the Code Quantity Limit configuration option (Stores > Settings: Configuration > Customers > Promotions).
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
Authentication required to exploit? |
Exploit requires admin privileges? |
CVSS base score |
|
Cross-site Scripting (Stored XSS) (CWE-79) |
Arbitrary code execution |
Critical |
Yes |
Yes |
9.1 |
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
Arbitrary code execution |
Critical |
Yes |
Yes |
9.1 |
|
Uncontrolled Resource Consumption (CWE-400) |
Application denial-of-service |
Important |
Yes |
Yes |
5.7 |
|
Cross-site Scripting (Stored XSS) (CWE-79) |
Arbitrary code execution |
Important |
Yes |
Yes |
5.4 |
|
Cross-Site Request Forgery (CSRF) (CWE-352) |
Security feature bypass |
Moderate |
Yes |
No |
4.3 |
Conclusion
Another critical turning point in Adobe Commerce's development was the patch released in February 2024, which solidified the company's standing as a top e-commerce platform. This upgrade enables businesses to succeed in the digital marketplace through improved security, optimized performance, bug fixes, and a steadfast emphasis on user experience. Adobe Commerce is an invaluable resource for companies navigating the constantly shifting world of online commerce, offering the resources and assistance required to prosper in a fierce setting.
CONTACT US; We are always prepared to provide prompt assistance and support.