In today's digital world, it is important to secure your eCommerce platform well. Here we discuss all the details of these updates so you can effectively secure your platform.
Version 2.4.5-p10
TinyMCE upgrade: The WYSIWYG editor in the admin now uses the latest version of TinyMCE 7.3. A security issue (CVE-2024-38357) in TinyMCE 5.10 has been resolved.
Require.js upgrade: Require.js has been updated to version 2.3.7. A security issue (CVE-2024-38999) in Require.js 2.3.6 has been fixed.
Braintree Payment Gateway: A hotfix has been added to resolve an issue with the Braintree payment solution. The required fields for the 3DS VISA obligation are now included.
Version 2.4.5-p9
Rate limiting for one-time passwords (OTP): New configuration options added: a limit on the number of attempts and a blocking time in seconds for Two-Factor Authentication (2FA).
Encryption key rotation: A new CLI command has been added to change the encryption key.
Prototype.js: A security issue (CVE-2020-27511) in Prototype.js has been resolved.
Remote code execution: A vulnerability for remote code execution (CVE-2024-39397) has been resolved.
Google Maps in PageBuilder: A JavaScript error that prevented Google Maps from displaying correctly has been fixed.
JWT validation: An issue with JSON Web Token (JWT) validation (CVE-2024-34102) has been resolved.
Version 2.4.5-p8
MariaDB 10.5 support: Support has been added for MariaDB 10.5.
Subresource Integrity (SRI): SRI support has been added to comply with PCI 4.0 requirements.
Adjustments to Content Security Policy (CSP): Configuration updates have been made for better compliance with PCI 4.0.
Version 2.4.5-p7
Vulnerabilities in earlier versions of 2.4.5 have been resolved.
Version 2.4.5-p6
Cache keys: Non-generated cache keys now contain unique prefixes that differ from automatically generated keys.
Automatically generated discount codes: A limit option has been added for the number of automatically generated discount codes.
Version 2.4.5-p5
A configuration option for full page cache has been added to limit risks at the {BASE-URL}/page_cache/block/esi HTTP endpoint.
Version 2.4.5-p4
Security vulnerability in jQuery-UI version 1.13.1 (CVE-2022-31160) resolved.
Version 2.4.5-p3
Changes to the default functionality of the isEmailAvailable GraphQL query and the V1/customers/isEmailAvailable REST endpoint.
Support has been added for Varnish Cache 7.3 and compatibility with RabbitMQ 3.11.
Version 2.4.5-p2 to 2.4.5-p1
Vulnerabilities from earlier versions of 2.4.5 have been resolved.
Benefits of updating to the latest security patch
PCI compliance: Ensure that you comply with Payment Card Industry standards.
Customer trust: Show that you take data security seriously and gain the trust of customers.
Less risk: Protect your business from financial and reputational damage due to security breaches.
Closing thought
The security patches of Adobe Commerce 2.4.5 are essential for any webshop running on this platform. By implementing these updates, you prevent threats and provide a secure shopping experience for your customers.
For more details and instructions on the Adobe Commerce 2.4.5 Security Patches, visit the official documentation of Adobe Commerce.