Security improvements for this release improve compliance with the latest security best practices, including:Įmail variable usage was deprecated back in 2.3.4 as part of a security risk mitigation in favor of a more strict variable syntax. See Adobe Security Bulletin for the latest discussion of these fixed issues. use of a unique location rather than /admin.As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: Most of these issues require that an attacker first obtains access to the Admin. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. No confirmed attacks related to these issues have occurred to date. This security fix has been backported to Adobe Commerce 2.4.3-p2 and Adobe Commerce 2.3.7-p3. This release includes one security fix and platform security improvements. Look for the following highlights in this release. See the Adobe Commerce 2.4.4: Unable to create partial invoices Knowledge Base article. When a merchant tries to create a credit memo for a partial refund from the order invoice, the Qty to Refund field is not editable. Merchants cannot submit partial refunds for orders paid with Apple Pay through Braintree. braintree-disabled-partial-capture-for-applepay-googlepay.patch.We recommend that you apply the following patch after you install Adobe Commerce 2.4.4: See the Adobe Commerce upgrade 2.4.3, 2.3.7-p1 PHP Fatal error Hotfix Knowledge Base article.Īpply this hotfix after you install 2.4.4 This patch addresses a fatal PHP error that occurred during upgrade. The vulnerability addressed by MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch has been resolved in this release.ĪC-384_Fix_Incompatible_PHP_Method_2.4.3_ce.patch. Hotfixes included in this releaseĪdobe Commerce 2.4.4 includes resolution of all issues that were addressed by the following hotfixes, which were provided for Adobe Commerce and Magento Open Source 2.4.3, 2.4.3-p1, and 2.3.7-p2: See the Composer plugins issues when upgrading to Adobe Commerce 2.4.4 Knowledge Base article for instructions on how to modify the composer.json file to explicitly allow plugin loading. However, as of July 2022, Composer will not load plugins unless they have been explicitly allowed. Currently, plugins that are included in the composer.json file but not marked as trusted are automatically installed. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.Ĭomposer 2.2 introduced a security feature that requires merchants to identify trusted plugins in their composer.json file before the plugins will be executed. Other release informationĪlthough code for these features is bundled with quarterly releases of the Adobe Commerce core code, several of these projects (for example, B2B, Page Builder, and Progressive Web Applications (PWA) Studio) are also released independently. See the Apply a patch to continue offering DHL as shipping carrier Knowledge Base article for information about downloading and installing the patch. Merchants deploying these releases should apply AC-3022.patch at their earliest convenience to continue offering DHL as a shipping carrier. Adobe Commerce 2.4.4 and earlier versions that support the DHL integration support only version 6.0. Apply AC-3022.patch to continue offering DHL as a shipping carrierĭHL has introduced schema version 6.2 and will deprecate schema version 6.0 in the near future. Major backward-incompatible issues are described in BIC highlights. To review backward-incompatible changes, see BIC reference. Adobe Commerce and Magento Open Source releases may contain backward-incompatible changes (BICs).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |