Basically, Adobe Commerce 2.4.6-p1 is release about security which offers three security fixes that improve your adobe Magento Open Source 2.4.6 or commerce 2.4.6 deployment. Probably it has fixes of vulnerabilities that have been identified in previous version.
The given releases may contain backward-incompatible changes (BICs). To explore about backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.
Execute patch to fix security vulnerabilities CVE-2022-31160 in jQuery-UI package.
jQuery-UI library version 1.13.1 contains known security vulnerability (CVE-2022-31160) that affects multiple versions of Adobe Commerce and Magento Open Source. This library is a dependency of Adobe Commerce and Magento Open Source 2.4.4, 2.4.5, and 2.4.6. Merchants running affected deployments should apply the patch specified in the Query UI security vulnerability CVE-2022-31160 fix for 2.4.4, 2.4.5, and 2.4.6 releases Knowledge Base article.
This Release Contains :
Security improvement in this release increase compliance with the letest security practices. These enhancements include 13 security fixes and platform upgrades.
Security highlight :
The inherent functioning of the isEmailAvailable GraphQL query and the (V1/customers/isEmailAvailable) REST endpoint has undergone a modification. By default, the API will consistently provide a true response. However, merchants have the option to reinstate the initial behavior, whereby a true response indicates the absence of the email in the database, and a false response signifies its existence.
Security fixes :
This update includes 13 security enhancements, addressing various issues. For a comprehensive discussion of these resolved concerns, please refer to the Adobe Security Bulletin.
This security patch includes:
- security fixes
- security highlights
- platform upgrades
Platform upgrades :
The upcoming release includes platform improvements that strengthen alignment with the most current security recommendations.
Updated versions of JavaScript libraries have been applied, which include the latest minor or patch releases of the moment.js library (v2.29.4), jQuery UI library (v1.13.2), and jQuery validation plugin library (v1.19.5).
RabbitMQ version 3.11 is now supported. This update works well with the most recent RabbitMQ 3.11 release. It still maintains compatibility with RabbitMQ 3.9, which will receive support until August 2023. However, we advise utilizing Adobe Commerce 2.4.6-p1 exclusively with RabbitMQ 3.11 for optimal performance.
Varnish Cache version 7.3 is now supported. This update works seamlessly with the most recent Varnish Cache 7.3 release. It also maintains compatibility with the 6.0.x and 7.2.x versions. However, we suggest using Adobe Commerce 2.4.6-p1 exclusively with either Varnish Cache version 7.3 or the 6.0 Long-Term Support version for the best results.
Known issues
The nginx.sample file was inadvertently updated with a change that modifies the value of fastcgi_pass from fastcgi_backend to php-fpm:9000. This change can be safely reverted or ignored. Missing dependencies for the B2B security package cause the following installation error when installing or upgrading the B2B extension to 1.4.0.
Your requirements could not be fixed to an installable set of packages.
Problem 1
- Root composer.json requires magento/extension-b2b 1.4.0 -> satisfiable by magento/extension-b2b[1.4.0].
- magento/extension-b2b 1.4.0 requires magento/security-package-b2b 1.0.4-beta1 -> found magento/security-package-b2b[1.0.4-beta1] but it does not match your minimum-stability.
Installation failed, reverting ./composer.json and ./composer.lock to their original content.This issue can be resolved by adding manual dependencies for the B2B security package with a stability tag.
Installation and upgrade instructions
For instructions on downloading and applying security patches (including patch 2.4.6-p1), see Quick start install.
Leave a Reply