We use cookies to improve your experience, offer personalized recommendations, and make our services better. For more details, please see our
Cookie Policy.
Magento’s latest release on 13 February 2024 is more than just an update; it’s a strategic arsenal for eCommerce merchants aiming to thrive in a market projected to reach $3.6 billion in sales by 2024. This update is a testament to Magento’s commitment to driving forward the capabilities of online stores, ensuring they remain at the forefront of the eCommerce evolution.
Join us as we delve into the nitty-gritty of Magento’s latest release, dissecting the key features and their potential to revolutionize your eCommerce strategy. This article will help you explore how you can use these enhancements to secure a competitive edge in the bustling digital marketplace.
Let’s find out right away!
What Version Need to Update This Release?
To ensure your eCommerce platform remains secure and operates at peak efficiency, it’s crucial to stay current with the latest updates. Below is a detailed overview to help you identify if your Adobe Commerce or Magento Open Source installation requires an update and, if so, which version you need to upgrade to.
The following versions of Adobe Commerce and Magento Open Source are affected and require updating:
Product
Version
Platform
Adobe Commerce
2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier2.4.3-ext-5 and earlier*2.4.2-ext-5 and earlier*2.4.1-ext-5 and earlier*2.4.0-ext-5 and earlier*2.3.7-p4-ext-5 and earlier*
All
Magento Open Source
2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier
All
Note: The list now includes each supported release line to offer clarity. Versions marked with an asterisk (*) are applicable only to customers participating in the Extended Support Program.
Adobe has recommended users to upgrade their installation to the newest version available for their platform. Updated Version:
Adobe Commerce:
Update to 2.4.6-p4 if you’re on version 2.4.6-p3 or earlier
Update to 2.4.5-p6 if you’re on version 2.4.5-p5 or earlier
Update to 2.4.4-p7 if you’re on version 2.4.4-p6 or earlier
For Extended Support Program participants: Update to the respective “-ext-6” version if you’re on any “-ext-5” version or earlier
Magento Open Source:
Update to 2.4.6-p4 if you’re on version 2.4.6-p3 or earlier
Update to 2.4.5-p6 if you’re on version 2.4.5-p5 or earlier
Update to 2.4.4-p7 if you’re on version 2.4.4-p6 or earlier
What’s in This Magento Latest Release?
The recent security releases for Adobe Commerce and Magento Open Source—versions 2.4.6-p4, 2.4.5-p6, and 2.4.4-p7—provide critical enhancements designed to fortify the security of eCommerce platforms. Each version targets its respective deployment, addressing vulnerabilities identified in prior releases and offering uniform security enhancements across the board.
Detail Issues Fixed
Addressing vulnerabilities identified in previous iterations, these patches are essential upgrades for users seeking to maintain the highest security standards for their eCommerce platforms. This update is focused on enhancing security, with a suite of five significant fixes, aimed at making the technical details more accessible:
1. Cross-site Scripting (Stored XSS)
Impact: This vulnerability allows for the execution of arbitrary code on the web application.
Severity: Critical
Authentication Required to Exploit? Yes, an attacker needs to be authenticated.
Admin Privileges Required? Yes, the attacker must have administrative privileges.
CVSS Score: 9.1 (High severity)
CVE Number: CVE-2024-20719
2. OS Command Injection
Impact: This issue could lead to arbitrary code execution by injecting commands that the operating system executes.
Severity: Critical
Authentication Required to Exploit? Yes, attacker authentication is necessary.
Admin Privileges Required? Yes, administrative rights are needed for exploitation.
CVSS Score: 9.1 (High severity)
CVE Number: CVE-2024-20720
3. Uncontrolled Resource Consumption
Impact: Exploiting this vulnerability can lead to an application denial-of-service, effectively making the application unavailable to legitimate users.
Severity: Important
Authentication Required to Exploit? Yes, the attacker needs to be authenticated.
Admin Privileges Required? Yes, it requires administrative access.
CVSS Score: 5.7 (Medium severity)
CVE Number: CVE-2024-20716
4. Cross-site Scripting (Stored XSS)
Impact: Similar to the first vulnerability but with potentially less impact, allowing for arbitrary code execution in a less severe context.
Severity: Important
Authentication Required to Exploit? Yes, requires attacker authentication.
Admin Privileges Required? Lower-level privileges needed for exploitation.
CVSS Score: 5.4 (Medium severity)
CVE Number: CVE-2024-20717
5. Cross-Site Request Forgery (CSRF)
Impact: This vulnerability can bypass security features, potentially leading to unauthorized actions being performed on behalf of authenticated users.
Severity: Moderate
Authentication Required to Exploit? Yes, but it does not require administrative privileges.
Admin Privileges Required? No, admin rights are not needed for this attack.
CVSS Score: 4.3 (Moderate severity)
CVE Number: CVE-2024-20718
Security Highlights
The release introduces pivotal security enhancements aimed at tightening the security posture of Adobe Commerce platforms:
Revamped Cache Key Behavior: This update brings changes to how non-generated cache keys for blocks are handled. These keys now feature distinct prefixes, setting them apart from automatically generated keys. Moreover, non-generated cache keys are now restricted to include only letters, digits, hyphens (-), and underscore (_) characters, enhancing their predictability and security.
Auto-generated Coupon Codes Limitation: With the new update, Adobe Commerce has introduced a cap on the number of coupon codes that can be auto-generated, setting the default maximum to 250,000. This measure aims to prevent potential abuse and system overload. Merchants looking to adjust this limit can do so through the “Code Quantity Limit” configuration option available under Stores > Settings: Configuration > Customers > Promotions.
How to Install Magento latest Releases
Installing the latest updates for Adobe Commerce or Magento Open Source on your self-hosted infrastructure is straightforward. Before starting, ensure you:
Complete all prerequisite tasks.
Install Composer, a tool for dependency management in PHP.
Obtain authentication keys for the Adobe Commerce and Magento Open Source Composer repository.
Step 1: Log In as File System Owner
Log into your application server as the user with permissions to write to the file system where Magento is installed. You might need to use commands like `su` or `sudo -u` to switch to the correct user.
Step 2: Get the Metapackage
Navigate to your web server’s document root directory. Use Composer to create a project with the required Magento metapackage:
Seamless Install Magento latest Release with Mageplaza’s Support
Mageplaza, a leading provider in the Magento ecosystem, has been offering top-notch Magento upgrade services and solutions since 2014. As Magento evolves, staying updated with the latest releases is crucial for the security, efficiency, and competitiveness of your eCommerce business. Mageplaza stands at the forefront of Magento development, providing seamless upgrade services to ensure your online store remains at the cutting edge.
Why Choose Mageplaza for Your Magento Upgrade Service?
Upgrade Specialists: We pride ourselves on being among the first to adapt to and implement the latest Magento updates, ensuring your store benefits from every new feature and improvement.
Guaranteed Security: Expect nothing less than a secure upgrade with the latest security patches, safeguarding your store against vulnerabilities.
Zero Downtime: Understanding the value of your time and business, we ensure that your store remains fully operational throughout the upgrade process.
Data Integrity: Our seasoned experts guarantee a smooth transition during the upgrade, ensuring no data loss and complete data integrity.
Cost-Effective Solutions: We offer competitively priced Magento upgrade services tailored for small to medium-sized businesses. Get in touch for a complimentary consultation and quote.
Comprehensive Post-Upgrade Support: Our commitment to your satisfaction extends beyond the upgrade, with two months of dedicated support to ensure a smooth transition and resolve any post-upgrade queries.
Mageplaza is your go-to partner for upgrading to the latest Magento releases. With our experienced team, proven methodology, and commitment to excellence, we ensure your Magento store remains a step ahead. Contact us today to seamlessly upgrade your store and unlock the full potential of Magento’s latest features.
In wrapping up, Magento’s latest release in February 2024 is a monumental step forward for eCommerce merchants, offering a suite of enhancements designed to solidify your online presence in a rapidly evolving market. With the detailed insights into the versions needing updates, the critical security fixes addressed, and the streamlined installation process, this blog has equipped you with the knowledge to navigate the updates with ease.
Furthermore, Mageplaza’s expert support for a seamless upgrade process underscores the importance of partnering with seasoned professionals to harness the full potential of Magento’s capabilities. Upgrading your Magento store is not just about keeping pace with technological advancements but seizing the opportunity to outperform in the digital marketplace. Leverage Mageplaza’s expertise for an effortless transition to the latest Magento version, ensuring your eCommerce site remains secure, efficient, and competitive.
Marketing Manager of Mageplaza. Summer is attracted by new things. She loves writing, travelling and photography. Perceives herself as a part-time gymmer and a full-time dream chaser.
Website Support & Maintenance Services
Make sure your store is not only in good shape but also thriving with a professional team yet at an affordable price.
