Enhanced security measures: Adobe Commerce and Magento Open Source release critical updates

Adobe has recently released security updates for Adobe Commerce and Magento Open Source, aimed at enhancing the security features of these platforms. The latest release, Adobe Commerce 2.4.6-p4, along with versions 2.4.5-p6 and 2.4.4-p7, introduces five crucial security fixes addressing vulnerabilities identified in previous releases.

Among the key security highlights in this release are modifications to the behavior of non-generated cache keys. Non-generated cache keys for blocks now incorporate distinct prefixes and are restricted to containing only letters, digits, hyphens, and underscore characters. Additionally, this update imposes limitations on the number of auto-generated coupon codes, with the default maximum set at 250,000. Merchants can adjust this limit using the new Code Quantity Limit configuration option found in the Stores > Settings: Configuration > Customers > Promotions section.

Adobe's security update, identified as APSB24-03, addresses critical, important, and moderate vulnerabilities in Adobe Commerce and Magento Open Source. These vulnerabilities, if exploited successfully, could result in arbitrary code execution, security feature bypass, and application denial-of-service.

The affected versions include Adobe Commerce 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, 2.4.4-p6 and earlier, as well as Magento Open Source 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, and 2.4.4-p6 and earlier.

To mitigate these security risks, Adobe recommends users to update their installations to the latest versions:

• Adobe Commerce 2.4.6-p4 for 2.4.6-p3 and earlier
• Adobe Commerce 2.4.5-p6 for 2.4.5-p5 and earlier
• Adobe Commerce 2.4.4-p7 for 2.4.4-p6 and earlier

These updates are applicable to all platforms and are classified with a priority rating of 3.

Detailed vulnerability information is provided in the Security Bulletin , categorizing the impact, severity, authentication requirements, exploit privileges, CVSS base scores, and CVE numbers associated with each vulnerability.

In conclusion, staying updated with the latest security patches is crucial for maintaining the integrity and security of Adobe Commerce and Magento Open Source deployments. Users are urged to apply these security updates promptly to safeguard their systems against potential exploits and vulnerabilities.