-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request magento-commerce/devdocs#2576
GA: 2.4.3-p1, 2.3.7-p2
- Loading branch information
Showing
10 changed files
with
324 additions
and
90 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
--- | ||
group: release-notes | ||
title: Adobe Commerce 2.3.7-p2 Release Notes | ||
--- | ||
|
||
{{ site.data.var.ee }} 2.3.7-p2 is a security-only release that provides security fixes that enhance your {{ site.data.var.ee }} 2.3.7 or {{ site.data.var.ce }} 2.3.7 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.3.7-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, {{ site.data.var.ee }} 2.3.7-p1. | ||
|
||
{:.bs-callout-info} | ||
PHP 7.3 reaches end of support in December 2021, and {{ site.data.var.ee }} 2.3.x and {{ site.data.var.ce }} 2.3.x reaches end of support in April 2022. **We strongly recommend planning your upgrade now to {{ site.data.var.ee }} 2.4.x or {{ site.data.var.ce }} 2.4.x deployment to help maintain PCI compliance**. | ||
|
||
{:.bs-callout-info} | ||
Quarterly releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see [BIC reference]({{page.baseurl}}/release-notes/backward-incompatible-changes/reference.html). (Major backward-incompatible issues are described in [BIC highlights]({{page.baseurl}}/release-notes/backward-incompatible-changes/index.html). Not all releases introduce major BICs.) | ||
|
||
## What's in this release? | ||
|
||
Six security fixes and several security enhancements are included in this security patch. Security fixes are documented in the [Adobe Security Bulletin](https://helpx.adobe.com/security/products/magento/apsb21-86.html). | ||
|
||
Security-only patches typically include all hotfixes that have been released for the preceding complete release. This release incorporates the two hotfixes that have been released for {{ site.data.var.ee }} 2.3.7-p1 and {{ site.data.var.ce }} 2.3.7-p1. See [Adobe Commerce 2.3.7-p1 Release Notes]({{page.baseurl}}/release-notes/2-3-7-p1.html) for information about these hotfixes. | ||
|
||
This release also includes bug fixes for the [Klarna](https://docs.magento.com/user-guide/v2.3/payment/klarna.html) and [Vertex](https://docs.magento.com/user-guide/v2.3/tax/vertex.html) vendor-developed extensions. | ||
|
||
### Resolution of known issues in Adobe Commerce 2.3.7-p1 | ||
|
||
This release includes fixes for the following known issues, which were first identified in {{ site.data.var.ee }} 2.3.7-p1: | ||
|
||
* *PHP fatal error on upgrade*. This issue was previously addressed by patch `AC-384__Fix_Incompatible_PHP_Method__2.3.7-p1_ce.patch to address PHP fatal error on upgrade`. | ||
|
||
* *Previously placed order price is displayed when a shopper tries to place an order with a different product using the PayPal payment method*. This issue was previously addressed by patch `Adobe Commerce 2.3.7-p1 known issue outdated order total for PayPal`. | ||
|
||
### Security highlights | ||
|
||
**Session IDs have been removed from the database**. This code change may result in breaking changes if merchants have customizations or installed extensions that use the raw session IDs stored in the database. <!--- MC-40976--> | ||
|
||
**Restricted admin access to Media Gallery folders**. Default Media Gallery permissions now allow only directory operations (view, upload, delete, and create) that are explicitly allowed by configuration. Admin users can no longer access media assets through the Media Gallery that were uploaded outside of the `catalog/category` or `wysiwyg` directories. Administrators who want to access media assets must move them to an explicitly allowed folder or adjust their configuration settings. See [Modify Media Library folder permissions]({{page.baseurl}}/ext-best-practices/tutorials/modify-image-library-permissions/). <!--- B2B-1897--> | ||
|
||
**Lowered limits to GraphQL query complexity**. The GraphQL maximum allowed query complexity has been lowered to prevent Denial-of-Service (DOS) attacks. See [GraphQL security configuration]({{page.baseurl}}/graphql/security-configuration.html). <!--- PWA-1700--> | ||
|
||
**Recent penetration test vulnerabilities** have been fixed in this release. <!--- MC-42431--> | ||
|
||
The Content Security Policy directive `frame-ancestors` now supports the source expression `unsafe-inline`. [GitHub-33101](https://github.com/magento/magento2/issues/33101) <!--- MC-42632--> | ||
|
||
## Known issue | ||
|
||
**Issue**: Adobe Stock images uploaded into the `<install_dir>/pub/media` and `<install_dir>/pub/media/catalog` directories are not visible in the Media Gallery. **Workaround**: To view and work with these images, delete them from the filesystem directories and re-upload them into an allowed Media Gallery directory. See the [Stock images not displayed, Adobe Commerce and Magento Open Source 2.3.7-p2](https://support.magento.com/hc/en-us/articles/4409491698189) Knowledge Base article. | ||
|
||
## Installation and upgrade instructions | ||
|
||
For instructions on downloading and applying security-only patches (including patch 2.3.7-p2), see [Quick start install]({{site.baseurl}}/guides/v2.4/install-gde/composer.html). | ||
|
||
## More information? | ||
|
||
For general information about security-only patches, see the Magento DevBlog post [Introducing the New Security-only Patch Release](https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/ba-p/141287). |
Oops, something went wrong.