Showing results for 
Search instead for 
Did you mean: 

Now Available: Important Security Updates, in the New Adobe Commerce Release

Adobe Team

We are excited to announce the release of Adobe Commerce and Magento Open Source – 2.3.7 and 2.4.2-p1. With important updates to security, we strongly recommend that you take advantage and upgrade as soon as possible to ensure your sites remain secure, compliant, and optimized for the highest level of performance.



Adobe Commerce 2.4.2-p1 and 2.3.7 resolve many general security vulnerabilities, including disabling the copy feature for credit card information. This helps protect against abuse by any malicious application that can read the data from the clipboard and send the data to a remote individual. More information will be provided in the Security Bulletin.



Continuing with the 2.3 release line, Adobe Commerce 2.3.7 adds support for PHP 7.4 and in-product guidance. Both features were previously released in the 2.4 release line.


Support for PHP 7.4

PHP 7.3 reaches end of support in December 2021, and Adobe Commerce 2.3.x reaches end of support in April 2022. With these dates in mind, we strongly recommend upgrading directly to Adobe Commerce 2.4 and PHP 7.4 to help maintain PCI compliance and to create the most cost-effective approach. Support for PHP 7.4 in the 2.3.7 version is intended only to give customers an option to stay PCI compliant beyond December 2021, if they cannot yet upgrade to version 2.4. Keep this guidance in mind as you discuss your upgrade strategy with your team.

For more information about PHP and Adobe Commerce 2.3 end of support, refer to the Magento DevBlog post.




PWA Studio (Adobe Commerce and Magento Open Source 2.4.2+ only)

PWA Studio 10 is now live with new features designed to reduce time spent on custom code. Merchants can now expand payment options to include check and money orders, create an optimal desktop experience with mega menu support, and easily shop multiple stores using our store switcher drop-down menu available now as a Venia component. For more information, see the PWA 10 release notes and experience the storefront updates for yourself on the Venia PWA Demo site.


Egress Filtering (Adobe Commerce only)

We have added Egress Filtering for our existing Adobe Commerce Starter merchants. This feature is a security mechanism to allow or deny network traffic from the store to other destinations. The primary goal is to stop any malware from sending private information to outside entities. For more information, see more in our Firewall documentation


Product Recommendations (Adobe Commerce 2.3.7+ only)

Coming next quarter, expanded product recommendations support for more complex B2B buying scenarios will allow merchants to achieve higher conversion rates and increased average order value (AOV) when selling to both B2C and B2B customers. Merchants will be able to configure product recommendations so that B2B buyers see only recommendations that reflect the products and pricing in their assigned catalog.

This adds to other recent improvements that allow merchants to preview their Product Recommendations while configuring them in the Adobe Commerce Admin and to deploy Product Recommendations to pages in a PWA Studio-based storefront. See more in our Release Notes for Product Recommendations.


Security Scan tool (Adobe Commerce and Magento Open Source)

In late May, we will also be adding PWA Studio support in the Security Scan tool.  For more information about Magento Scan Tool and its functionalities, see our User Documentation.



Customer Engineering is revising the process by which we collect consent to access Customer Data for support requests.  Under this new process, consent can only be provided by the Primary User within a Magento Customer profile and the data access consent will be centralized into in a new section called “Privacy Settings”. We understand that the Primary User may not always be the user submitting support tickets: to accommodate this, we have developed the ability to allow you to grant Customer Engineering access to Customer Data for an extended period of time (1 week / 1 month / 1 year / Unlimited). Consent should be granted prior to ticket creation to avoid delay in support services delivery. This consent to Customer Data may be withdrawn by the Primary User at any time. See more in Adobe support customer data access and privacy.


Review our blog post and release notes to read more about the latest enhancements and visit our Security Bulletins for more information about updates included in these new versions.


Best regards,

The team at Adobe