Security
-
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation.
https://helpx.adobe.com/security/products/magento/apsb24-73.html -
This module provides a top-notch security for your customers' accounts by adopting a passwordless approach, effectively removing the vulnerability of weak passwords from your database. This instills a sense of confidence and reliability in your platform among your customers.
https://github.com/opengento/magento2-hoodoor -
Adobe released a security patch in June 2024 which introduced some major changes to how Magento handles Content Security Policy (CSP), and these changes directly impact functionality around the checkout.
https://magentians.wordpress.com/2024/08/26/how-to-csp-inline-script-for-checkout-required-since-june-2024/
Many developers were caught unprepared because Adobe didn’t announce this big change in the release notes. -
This is a Magento 2 extension that prevents billing/shipping addresses being saved via the API with known trojan order strings. This is not a fix for CVE-2022-24086 but an additional layer of protection for merchants.
https://github.com/DeployEcommerce/module-trojan-order-prevent20 Aug 2024
-
For some time now, Magento has been shipping with a CSP module, in general for security reasons but more specifically for PCI compliance. Magento 2.4.7-p1 changed the game and Hyvä is as-of-yet not compatible with these new changes. But there are solutions.
https://www.yireo.com/blog/2024-08-02-magento-and-hyva-checkout-and-csp
The latest about Magento in your mailbox?
Sign up for our bi-weekly newsletter.