14 April 2022
Magento version 2.4.3-p2 is now available (major release).
Upgrading to Magento 2.4.3-p2
Magento 2.4.3-p2 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.4.3-p2 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.4.3-p2
Patch 2.4.3-p2 is a security release that provides two security fixes that enhance your Magento Open Source 2.4.3 deployment. It provides fixes for vulnerabilities that have been identified in the previous release.
- Resolution of the vulnerability addressed by MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip, MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip,MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch, and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch
- Email variable usage was deprecated back in 2.3.4 as part of a security risk mitigation in favor of a more strict variable syntax. This legacy behavior has been fully removed in this release as a continuation of that security risk mitigation. As a result, email or newsletter templates that worked in previous versions of Magento may not work correctly after upgrading to Adobe Commerce 2.4.3-p2. Affected templates include admin overrides, themes, child themes, and templates from custom modules or third-party extensions. Your deployment may still be affected even after using the Upgrade compatibility tool to fix deprecated usages. See Migrating custom email templates for information about potential effects and guidelines for migrating affected templates.
- OAuth access tokens and password reset tokens are now encrypted when stored in the database.
- Validation has been strengthened to prevent the upload of non alpha-numeric file extensions.
- Swagger is now disabled by default when Adobe Commerce is in production mode.
- Developers can now configure the limit on the size of arrays accepted by Adobe Commerce RESTful endpoints on a per-endpoint basis. See API security.
- Added mechanisms for limiting the size and number of resources that a user can request through a web API on a system-wide basis, and for overriding the defaults on individual modules. This resolves the issue addressed by MC-43048__set_rate_limits__2.4.3.patch. See API security.