On October 11, 2022 Adobe released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical and medium vulnerability. Successful exploitation could lead to arbitrary code execution and security feature bypass.
Affected Versions
| Product | Version | Platform |
|---|---|---|
| Adobe Commerce | 2.4.4-p1 and earlier versions 2.4.5 and earlier versions | All |
| Magento Open Source | 2.4.4-p1 and earlier versions 2.4.5 and earlier versions | All |
Magento 2.4.4-p2
Adobe Commerce 2.4.4-p2 is a security release that provides five security fixes that enhance your Adobe Commerce 2.4.4 or Magento Open Source 2.4.4 deployment. It provides fixes for vulnerabilities that have been identified in the previous release (Adobe Commerce 2.4.4 and Magento Open Source 2.4.4).
Releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)
Apply AC-3022.patch to continue offering DHL as a shipping carrier
DHL has introduced schema version 6.2 and will deprecate schema version 6.0 in the near future. Adobe Commerce 2.4.4 and earlier versions that support the DHL integration support only version 6.0. Merchants deploying these releases should apply AC-3022.patch at their earliest convenience to continue offering DHL as a shipping carrier. See the Apply a patch to continue offering DHL as shipping carrier Knowledge Base article for information about downloading and installing the patch.
What’s in this release?
This security patch includes five security bug fixes. One fix included the creation of a new configuration setting. The Require email confirmation if email has been changed configuration setting lets administrators require email confirmation when an admin user changes their email address.
Magento 2.4.5-p1
Adobe Commerce 2.4.5-p1 is a security release that provides five security fixes that enhance your Adobe Commerce 2.4.5 or Magento Open Source 2.4.5 deployment. It provides fixes for vulnerabilities that have been identified in the previous release (Adobe Commerce 2.4.5 and Magento Open Source 2.4.5).
Releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)
This security patch includes five security bug fixes. One fix included the creation of a new configuration setting. The Require email confirmation if email has been changed configuration setting lets administrators require email confirmation when an admin user changes their email address.
Picture courtesy of Danilo Alvesd.
