Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vulnerability warning for 2.4.3 p3 but no patch available

‎06-19-2023 06:52 AM
‎06-19-2023 06:52 AM

Vulnerability warning for 2.4.3 p3 but no patch available

Hello,

We've currently using Magento 2.4.3 p3 for our website, we got the following two security warnings:

Magento core vulnerability (APSB23-17)
Magento core vulnerability (APSB23-35)
 
However, I can't find any information about a patch being available for this version. Is this a false positive? Is there a patch we're unable to find? Or will we be stuck with these vulnerabilities until we update to a later version with a patch available?
 
Any help would be much appreciated.
Reply
2 REPLIES 2
‎06-20-2023 05:15 PM
‎06-20-2023 05:15 PM

Re: Vulnerability warning for 2.4.3 p3 but no patch available

Hi. I'm struggling with the same issue. I can not find the patch for 2.4.3* - is there a release?

0 Kudos
Reply
‎08-27-2023 10:59 PM
‎08-27-2023 10:59 PM

Re: Vulnerability warning for 2.4.3 p3 but no patch available

The security warnings you're seeing indicate real vulnerabilities in your Magento 2.4.3-p3 site. These have been fixed in newer versions - 2.4.4-p1 and 2.4.4-p2 - but no patches exist for 2.4.3-p3.

To fully resolve the vulnerabilities, you will need to upgrade to the latest 2.4.x release, which is currently 2.4.4-p2. Other options are to wait for 2.4.5 or implement temporary mitigation steps, but upgrading is highly recommended.

Magento does not patch old versions, so upgrading is the only way to fix these specific security issues. Please let me know if you need any other details!

0 Kudos
Reply