All news

All security patches for Adobe Commerce & Magento Open Source 2.4.5

Adobe Commerce 2.4.5 has introduced a number of necessary security patches that address vulnerabilities, protect data, and ensure the integrity of the system.

Adobe Magento security patches
Adobe Magento security patches
Adobe Magento security patches

In today's digital world, it is important to secure your eCommerce platform well. Here we discuss all the details of these updates so you can effectively secure your platform.

Version 2.4.5-p10
  • TinyMCE upgrade: The WYSIWYG editor in the admin now uses the latest version of TinyMCE 7.3. A security issue (CVE-2024-38357) in TinyMCE 5.10 has been resolved.

  • Require.js upgrade: Require.js has been updated to version 2.3.7. A security issue (CVE-2024-38999) in Require.js 2.3.6 has been fixed.

  • Braintree Payment Gateway: A hotfix has been added to resolve an issue with the Braintree payment solution. The required fields for the 3DS VISA obligation are now included.

Version 2.4.5-p9
  • Rate limiting for one-time passwords (OTP): New configuration options added: a limit on the number of attempts and a blocking time in seconds for Two-Factor Authentication (2FA).

  • Encryption key rotation: A new CLI command has been added to change the encryption key.

  • Prototype.js: A security issue (CVE-2020-27511) in Prototype.js has been resolved.

  • Remote code execution: A vulnerability for remote code execution (CVE-2024-39397) has been resolved.

  • Google Maps in PageBuilder: A JavaScript error that prevented Google Maps from displaying correctly has been fixed.

  • JWT validation: An issue with JSON Web Token (JWT) validation (CVE-2024-34102) has been resolved.

Version 2.4.5-p8
  • MariaDB 10.5 support: Support has been added for MariaDB 10.5.

  • Subresource Integrity (SRI): SRI support has been added to comply with PCI 4.0 requirements.

  • Adjustments to Content Security Policy (CSP): Configuration updates have been made for better compliance with PCI 4.0.

Version 2.4.5-p7
  • Vulnerabilities in earlier versions of 2.4.5 have been resolved.

Version 2.4.5-p6
  • Cache keys: Non-generated cache keys now contain unique prefixes that differ from automatically generated keys.

  • Automatically generated discount codes: A limit option has been added for the number of automatically generated discount codes.

Version 2.4.5-p5
  • A configuration option for full page cache has been added to limit risks at the {BASE-URL}/page_cache/block/esi HTTP endpoint.

Version 2.4.5-p4
  • Security vulnerability in jQuery-UI version 1.13.1 (CVE-2022-31160) resolved.

Version 2.4.5-p3
  • Changes to the default functionality of the isEmailAvailable GraphQL query and the V1/customers/isEmailAvailable REST endpoint.

  • Support has been added for Varnish Cache 7.3 and compatibility with RabbitMQ 3.11.

Version 2.4.5-p2 to 2.4.5-p1
  • Vulnerabilities from earlier versions of 2.4.5 have been resolved.

Benefits of updating to the latest security patch

  1. PCI compliance: Ensure that you comply with Payment Card Industry standards.

  2. Customer trust: Show that you take data security seriously and gain the trust of customers.

  3. Less risk: Protect your business from financial and reputational damage due to security breaches.

Closing thought

The security patches of Adobe Commerce 2.4.5 are essential for any webshop running on this platform. By implementing these updates, you prevent threats and provide a secure shopping experience for your customers.

For more details and instructions on the Adobe Commerce 2.4.5 Security Patches, visit the official documentation of Adobe Commerce.

Written by

Maarten
Maarten

Maarten

on

Nov 15, 2024

We have done this before

More news.

Mike

/

Apr 23, 2025

Magento Hyvä, also for your B2B portal or webshop.

A Hyvä B2B commerce front-end is even faster in loading times, smoother in development, but above all, ready for the future. Do you want to know if Hyvä is something for you? Read on quickly and discover.

Good

Magento B2B

Mike

/

Apr 23, 2025

Magento Hyvä, also for your B2B portal or webshop.

A Hyvä B2B commerce front-end is even faster in loading times, smoother in development, but above all, ready for the future. Do you want to know if Hyvä is something for you? Read on quickly and discover.

Good

Magento B2B

Mike

/

Apr 23, 2025

Magento Hyvä, also for your B2B portal or webshop.

A Hyvä B2B commerce front-end is even faster in loading times, smoother in development, but above all, ready for the future. Do you want to know if Hyvä is something for you? Read on quickly and discover.

Good

Magento B2B

Mike

/

Apr 23, 2025

Magento Hyvä, also for your B2B portal or webshop.

A Hyvä B2B commerce front-end is even faster in loading times, smoother in development, but above all, ready for the future. Do you want to know if Hyvä is something for you? Read on quickly and discover.

Good

Magento B2B

Maarten

/

Feb 14, 2025

Department at the Webwinkel Vakdagen 2025

On April 2 & 3, we will be at the WWVD fair in Utrecht! Visit us at booth 903 and discover why Epartment is the Magento specialist for wholesalers looking to optimize their B2B e-commerce platform.

Events

Maarten

/

Feb 14, 2025

Department at the Webwinkel Vakdagen 2025

On April 2 & 3, we will be at the WWVD fair in Utrecht! Visit us at booth 903 and discover why Epartment is the Magento specialist for wholesalers looking to optimize their B2B e-commerce platform.

Events

Maarten

/

Feb 14, 2025

Department at the Webwinkel Vakdagen 2025

On April 2 & 3, we will be at the WWVD fair in Utrecht! Visit us at booth 903 and discover why Epartment is the Magento specialist for wholesalers looking to optimize their B2B e-commerce platform.

Events

Maarten

/

Feb 14, 2025

Department at the Webwinkel Vakdagen 2025

On April 2 & 3, we will be at the WWVD fair in Utrecht! Visit us at booth 903 and discover why Epartment is the Magento specialist for wholesalers looking to optimize their B2B e-commerce platform.

Events