Magento 2.4.4 Security – New Security Patches Now Available

admin-panelmagento2notificationsecurity-patch

Upon logging into Magento admin, the following popup shows up. When the link is clicked, it is going to some informational document instead of anything that speaks about security patches to be installed. Please let me know whether I can ignore it or not. We're using Magento CE 2.4.4

enter image description here

Best Answer

There is a security update available for Adobe Commerce - Magento | APSB22-48

Affected products and versions Adobe Commerce on cloud infrastructure and on-premises, and Magento Open Source:

2.4.5
2.4.4, 2.4.4-p1
2.4.3-p2, 2.4.3-p3
2.3.7-p3, 2.3.7-p4
2.4.3-p1 and below 2.4.3-p1 are not affected if all applicable 2.4.x security hotfixes are applied (Please find the list of all security hotfixes applicable for your version [here][1].).
2.3.7-p2 and below 2.3.7-p2 are not affected if all applicable 2.3.x security hotfixes are applied (Please find the list of all security hotfixes applicable for your version [here][1].).

There are 2 solutions to apply this update:

  • Upgrade Magento version to 2.4.5-p1 or 2.4.4-p2
  • Apply security hotfix for CVE-2022-35698 to your current Magento version

In case someone looking for a hotfix for Magento 2.3.7-p3 or 2.3.7-p4, you can use the hotfix for 2.4.3-p2, 2.4.3-p3 due to it being compatible and working as expected.

If you are not sure which version was affected by this vulnerability (CVE-2022-35698), take a look at this post to read more details about it https://magetu.com/adobe-commerce-and-magento-open-source-security-hotfix-for-cve-2022-35698-and-hotfix-patches-for-2-3-7-p3-2-3-7-p4/

Related Topic