On August 11, Magento released new updates to enhance performance and security for Magento 2.3 and 2.4.
Magento 2.3.7-p1
Magento 2.3.7 Patch 1 contains 17 security enhancements and fixes for known vulnerabilities, therefore it is recommended to update as soon as possible to prevent hackers from exploiting those vulnerabilities.
- Rate limiting is now built into Magento APIs to prevent denial-of-service (DoS) attacks.
- 17 vulnerabilities (Code execution, XSS, DoS, Privilege escalation, bypass) with CVSS scores up to 9.1 are now closed (see Adobe Security Bulletin).
A detailed list of all the security fixes can be found on devdocs.magento.com.
Magento 2.4.3
This update contains over 370 fixes and 33 security enhancements. Magento 2.4.3 is not yet compatible with PHP 8.x, but the following platform upgrades will make it compatible with PHP 8.x.
Magento 2.4.3 is also available as a security patch only as Magento 2.4.2-p2 update.
Security Enhancements
The found vulnerabilities could lead to remote code execution and cross-site scripting, therefore it is important, to update as soon as possible. No confirmed attacks occurred till now and most of the vulnerabilities require Admin access.
Besides security fixes, there are additional updates.
- A new Composer plugin helps prevent dependency confusion.
- Rate limiting is now built into Magento APIs to prevent denial-of-service (DoS) attacks.
- ReCAPTCHA coverage has been extended to include Web APIs and the Place Order storefront page.
Infrastructure improvements
This release contains enhancements in the following functional areas:
- Customer Account
- Catalog
- CMS
- OMS
- Import/Export
- Promotions and Targeting
- Cart and Checkout
- B2B
- Staging and Preview
Highlights of this update are:
- PayPal Pay Later is now supported.
- New use_application_lock indexing mode.
- Core Composer dependencies and third-party libraries have been upgraded to the latest versions that are compatible with PHP 8.x.
- Enhancements that decrease indexation time for Product Price and Catalog Rule indexers.
- Page Builder replaces the TinyMCE editor in the following Admin areas: CMS Page, CMS Block, Category Description, Product Description
- Vendor Developed Extensions updates
- Fixes
A full list of all the new features and fixes can be found on devdocs.magento.com.
Remember to create a backup before updating.
Picture courtesy of Jay Gajjar.
Schreibe einen Kommentar