In the digital landscape of today, it becomes vital to secure your eCommerce platform. Adobe Commerce 2.4.5 has rolled in some needed security patches that deal with vulnerabilities, preserve data, and protect the overall integrity of the system. Let’s discuss all the details of these updates to help you secure your platform effectively.
2.4.5-p10
- TinyMCE upgrade: WYSIWYG editor in admin uses the latest version of TinyMCE 7.3. Fixed security vulnerability (CVE-2024-38357) reported in TinyMCE 5.10.
- Require.js upgrade: Require.js has been upgraded to the latest version 2.3.7. Fixed security vulnerability (CVE-2024-38999) reported in Require.js 2.3.6.
- Braintree payment gateway: This release includes a hotfix to resolve an issue with the Braintree payment gateway. When using Braintree as a payment gateway, the system includes the necessary fields to fulfill the 3DS VISA mandate requirements.
2.4.5-p9
- Rate limiting for one-time passwords: Added new system configuration options – Retry attempt limit for Two-Factor Authentication and Two-Factor Authentication lockout time (seconds) to enable rate limiting on two-factor authentication (2FA) one-time password (OTP) validation.
- Encryption key rotation: Added a new CLI command to change the encryption key.
- Prototype.js: Resolved Prototype.js security vulnerability (CVE-2020-27511).
- Remote code execution: Resolved remote code execution security vulnerability (CVE-2024-39397).
- Google Maps in PageBuilder: A JavaScript error was resolved that prevented Google Maps from rendering properly in the PageBuilder editor.
- JWT validation: Resolved a JSON web token (JWT) validation issue (CVE-2024-34102).
2.4.5-p8
- MariaDB 10.5 support: This patch release supports MariaDB 10.5.
- Subresource Integrity (SRI) support: Added Subresource Integrity (SRI) support to adhere to PCI 4.0 requirements.
- Changes to Content Security Policy (CSP): Configuration updates and enhancements to Adobe Commerce Content Security Policies (CSPs) to adhere to PCI 4.0 requirements.
2.4.5-p7
- Vulnerabilities identified in the previous versions of 2.4.5 have been fixed with the release of Adobe Commerce 2.4.5-p7.
2.4.5-p6
- Non-generated cache keys: Non-generated cache keys for blocks now include prefixes that differ from prefixes for keys that are generated automatically.
- Limit the number of auto-generated coupon codes: Added Code Quantity Limit configuration option to limit the number of coupon codes that are automatically generated.
2.4.5-p5
- Added full page cache configuration setting that helps to mitigate the risks associated with the {BASE-URL}/page_cache/block/esi HTTP endpoint.
2.4.5-p4
- Applied fixes for jQuery-UI library version 1.13.1 security vulnerability (CVE-2022-31160).
2.4.5-p3
- Changes in the default behavior of the isEmailAvailable GraphQL query and (V1/customers/isEmailAvailable) REST endpoint.
- Added support for Varnish cache 7.3.
- Compatible with RabbitMQ 3.11.
- Upgraded outdated libraries.
2.4.5-p2
- Vulnerabilities identified in the previous versions of 2.4.5 have been fixed with the release of Adobe Commerce 2.4.5-p2.
2.4.5-p1
- Vulnerabilities identified in the previous versions of 2.4.5 have been fixed with the release of Adobe Commerce 2.4.5-p1.
Benefits of Updating to the Latest Security Patch
- PCI Compliance: Stay compliant with Payment Card Industry standards by implementing these critical updates.
- Customer Trust: Prove to your shoppers that you care about data security to gain their loyalty.
- Reduced Risks: Keep your business safe from potential financial and reputational losses due to breaches.
Upgrade to the latest Security Patch now!
Final Thoughts
Adobe Commerce 2.4.5 security patches are a must-have for any eCommerce store running this platform. By implementing these updates, you will jump ahead of threats and ensure a safe shopping experience for your buyers.
For detailed information and instructions on Adobe Commerce 2.4.5 Security Patches, visit the official Adobe Commerce documentaiton.
