cancel
Showing results for 
Search instead for 
Did you mean: 

Vulnerability warning for 2.4.3 p3 but no patch available

Vulnerability warning for 2.4.3 p3 but no patch available

Hello,

We've currently using Magento 2.4.3 p3 for our website, we got the following two security warnings:

Magento core vulnerability (APSB23-17)
Magento core vulnerability (APSB23-35)
 
However, I can't find any information about a patch being available for this version. Is this a false positive? Is there a patch we're unable to find? Or will we be stuck with these vulnerabilities until we update to a later version with a patch available?
 
Any help would be much appreciated.
2 REPLIES 2

Re: Vulnerability warning for 2.4.3 p3 but no patch available

Hi. I'm struggling with the same issue. I can not find the patch for 2.4.3* - is there a release?

Re: Vulnerability warning for 2.4.3 p3 but no patch available

The security warnings you're seeing indicate real vulnerabilities in your Magento 2.4.3-p3 site. These have been fixed in newer versions - 2.4.4-p1 and 2.4.4-p2 - but no patches exist for 2.4.3-p3.

To fully resolve the vulnerabilities, you will need to upgrade to the latest 2.4.x release, which is currently 2.4.4-p2. Other options are to wait for 2.4.5 or implement temporary mitigation steps, but upgrading is highly recommended.

Magento does not patch old versions, so upgrading is the only way to fix these specific security issues. Please let me know if you need any other details!