Magento 2.4.3-p1 – Unable to Apply Critical Security Patch

I'm trying to apply the following 2/17/2022 Critical Security patches for Magento 2.4.3-p1 from Adobe Security Bulletin APSB22-12.

MDVA-43395
MDVA-43443

In accordance with Magento Documentation, I have:

Added the Quality Patch Tool with composer require magento/quality-patches
Tried to install the patches with the tool, but they weren't listed as available in its "patch status interface": ./vendor/bin/magento-patches status
Download and extracted the patches to [Magento root]/m2-hotfixes
Tried to apply the patches from that directory with: ./vendor/bin/ece-patches apply

This is when I receive an error:

Applying patch .../magento/m2-hotfixes/MDVA-43395_EE_2.4.3-p1_v1.patch failed. 
error: app/code/Magento/Email/Model/Template/Filter.php: No such file or directory

It appears like the patch (diff) file is trying to locate the magento modules in my local app/code rather than in the vendor/magento files.

Do I need to create a symlink or hard replace all the file references in the patch?

Any guidance or feedback would be greatly appreciated!

Best Answer

There should be patch files for composer setups available here:

https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12

You can install it like this:

patch -p1 < MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch

See also https://support.magento.com/hc/en-us/articles/360028367731 (stating that you may have to use patch -p0 < ... instead)

Best Answer

Related Solutions

Magento 2 Upgrade – How to Solve ‘Unable to Apply Data Patch’ Error

Magento 2.3.6 – Problems Applying Security Patches

Related Topic