Magento 2.4.3-p2

14 April 2022

Magento version 2.4.3-p2 is now available (major release).

Upgrading to Magento 2.4.3-p2

What's New in Magento 2.4.3-p2

• Resolution of the vulnerability addressed by MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip, MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip,MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch, and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch
  
• Email variable usage was deprecated back in 2.3.4 as part of a security risk mitigation in favor of a more strict variable syntax. This legacy behavior has been fully removed in this release as a continuation of that security risk mitigation. As a result, email or newsletter templates that worked in previous versions of Magento may not work correctly after upgrading to Adobe Commerce 2.4.3-p2. Affected templates include admin overrides, themes, child themes, and templates from custom modules or third-party extensions. Your deployment may still be affected even after using the Upgrade compatibility tool to fix deprecated usages. See Migrating custom email templates for information about potential effects and guidelines for migrating affected templates.
  
• OAuth access tokens and password reset tokens are now encrypted when stored in the database.
  
• Validation has been strengthened to prevent the upload of non alpha-numeric file extensions.
  
• Swagger is now disabled by default when Adobe Commerce is in production mode.
  
• Developers can now configure the limit on the size of arrays accepted by Adobe Commerce RESTful endpoints on a per-endpoint basis. See API security.
  
• Added mechanisms for limiting the size and number of resources that a user can request through a web API on a system-wide basis, and for overriding the defaults on individual modules. This resolves the issue addressed by MC-43048__set_rate_limits__2.4.3.patch. See API security.