Hello everyone,
I just got a message in the magento admin about applying a security patch about CVE-2024-34102.
As I have read in the documentation here, most of the text refers to the Commerce edition and not the Open Source.
So, my questions are:
1. Do I have to apply the patch to my open source installation too?
2. If yes, which patch do I apply? My Magento vesrion is 2.4.2 and I see patches only for 2.4.4 and above.
I'm a bit confused here that's why I'm asking for some guidance.
Thank you in advance.
You don't see a patch for 2.4.2 because you should have updated your Magento 2.4.2 to the latest version long time ago. They don't even release the security patches for a version that old. For your specific version, they stopped releasing security updates back in November 28, 2022.
So in your case, the process should be to update the version of Magento to the latest version first.