Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are 2.4.3 Systems affected by the recently patched security issues

SOLVED
Go to solution
‎10-13-2022 07:25 AM
‎10-13-2022 07:25 AM

Are 2.4.3 Systems affected by the recently patched security issues

The recently released security patches 2.4.5-p1 and 2.4.4-p2 fixed a severe vulnerability concerning Cross-Site Scripting.

The patch notes do not mention 2.4.3 in any shape or form despite support for those versions still going on until November.

Does this mean that the security issues do not concern 2.4.3 or did the support stop prematurely?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
‎10-19-2022 01:32 AM
‎10-19-2022 01:32 AM

Re: Are 2.4.3 Systems affected by the recently patched security issues

Some news about this: Not all Versions are affected and the Patch-notes were updated. Also there are not hotfixes. Check out this Github-thread, it has all the information required to get a grip on the security issue: https://github.com/magento/magento2/issues/36294

View solution in original post

0 Kudos
Reply
4 REPLIES 4
‎10-13-2022 09:20 AM
‎10-13-2022 09:20 AM

Re: Are 2.4.3 Systems affected by the recently patched security issues

ALL Versions!!!!

 

https://helpx.adobe.com/security/products/magento/apsb22-48.html

--------------------------------------------------------------

Affected Versions Product Version Platform
Adobe Commerce 2.4.4-p1 and earlier versions  All
2.4.5 and earlier versions  All

 

We are 2 Weeks close to upgrading, but we cant speed that up much more.

 

What can we do untill then?

0 Kudos
Reply
‎10-13-2022 09:27 AM
‎10-13-2022 09:27 AM

Re: Are 2.4.3 Systems affected by the recently patched security issues

We where not ablet o upgrade the last month because of massive changes in PHP which needed alot Plug-in updates.

 

We are not alone there are at least 60% of the instances which are old.

 

Adobe need to bing out patches for older version ASAP.

0 Kudos
Reply
‎10-14-2022 05:01 AM
‎10-14-2022 05:01 AM

Re: Are 2.4.3 Systems affected by the recently patched security issues

Here is a first patch:

 

https://github.com/EmicoEcommerce/Magento-APSB22-48-Security-Patches

Reply
‎10-19-2022 01:32 AM
‎10-19-2022 01:32 AM

Re: Are 2.4.3 Systems affected by the recently patched security issues

Some news about this: Not all Versions are affected and the Patch-notes were updated. Also there are not hotfixes. Check out this Github-thread, it has all the information required to get a grip on the security issue: https://github.com/magento/magento2/issues/36294

0 Kudos
Reply