Cookies help us enhance your experience on our site by storing
information about your preferences and interactions. You can customize your
cookie settings by choosing which cookies to allow. Please note that disabling
certain cookies might impact the functionality and features of our services,
such as personalized content and suggestions.
Cookie Policy
These cookies are strictly necessary for the site to work and may not be disabled.
Cookie name
Description
Lifetime
Provider
_ce.clock_data
Store the difference in time from the server's time and the current browser.
1 day
Crazy Egg
_ce.clock_event
Prevent repeated requests to the Clock API.
1 day
Crazy Egg
_ce.irv
Store isReturning value during the session
Session
Crazy Egg
_ce.s
Track a recording visitor session unique ID, tracking host and start time
1 year
Crazy Egg
_hjSessionUser_2909345
Store a unique user identifier to track user sessions and interactions for analytics purposes.
1 year
HotJar
_hjSession_2909345
Store session data to identify and analyze individual user sessions.
1 day
HotJar
apt.uid
Store a unique user identifier for tracking and personalization.
1 year
Mageplaza
cebs
Store user preferences and settings.
Session
Mageplaza
cf_clearance
Store a token that indicates a user has passed a Cloudflare security challenge.
1 year
Cloudflare
crisp-client
The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.
Session
Crisp
_ga
Store a unique client identifier (Client ID) for tracking user interactions on the
2 years
Google
_ga_7B0PZZW26Z
Store session state information for Google Analytics 4.
2 years
Google
_ga_JTRV42NV3L
Store session state information for Google Analytics 4.
2 years
Google
_ga_R3HWQ50MM4
Store a unique client identifier (Client ID) for tracking user interactions on the website.
2 years
Google
_gid
Store a unique client identifier (Client ID) for tracking user interactions on the website.
1 day
Google
_gat_UA-76130628-1
Throttle the request rate to Google Analytics servers.
1 day
Google
Advertising cookies
Advertising cookies deliver ads relevant to your interests, limit ad frequency, and measure ad effectiveness.
Advertising cookies deliver ads relevant to your interests, limit ad frequency, and measure ad effectiveness.
Cookie name
Description
Lifetime
Provider
_gcl_au
The cookie is used by Google to track and store conversions.
1 day
Google
__Secure-3PAPISID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
HSID
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
2 years
Google
__Secure-1PSID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
SID
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
2 years
Google
APISID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
__Secure-1PAPISID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
__Secure-3PSID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
SSID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
SAPISID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
__Secure-3PSIDTS
This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.
2 years
Google
__Secure-1PSIDTS
This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.
2 years
Google
SIDCC
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.
3 months
Google
__Secure-1PSIDCC
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
1 year
Google
__Secure-3PSIDCC
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
1 year
Google
1P_JAR
This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.
1 month
Google
NID
Show Google ads in Google services for signed-out users.
6 months
Google
Analytics cookies
Analytics cookies collect information and report website usage statistics without personally identifying individual visitors to Google.
Analytics cookies collect information and report website usage statistics without personally identifying individual visitors to Google.
Cookie name
Description
Lifetime
Provider
_dc_gtm
Manage and deploy marketing tags through Google Tag Manager.
1 year
Google
1P_JAR
Gather website statistics and track conversion rates for Google AdWords campaigns.
1 month
Google
AEC
1 month
Google
ar_debug
Debugging purposes related to augmented reality (AR) functionalities.
1 month
Doubleclick
IDE
The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.
1 year
Doubleclick
ad_storage
Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.
1 year
Google
ad_user_data
Sets consent for sending user data to Google for online advertising purposes.
1 year
Google
ad_personalization
Sets consent for personalized advertising.
1 year
Google
analytics_storage
Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.
Magento’s latest release on 13 February 2024 is more than just an update; it’s a strategic arsenal for eCommerce merchants aiming to thrive in a market projected to reach $3.6 billion in sales by 2024. This update is a testament to Magento’s commitment to driving forward the capabilities of online stores, ensuring they remain at the forefront of the eCommerce evolution.
Join us as we delve into the nitty-gritty of Magento’s latest release, dissecting the key features and their potential to revolutionize your eCommerce strategy. This article will help you explore how you can use these enhancements to secure a competitive edge in the bustling digital marketplace.
Let’s find out right away!
What Version Need to Update This Release?
To ensure your eCommerce platform remains secure and operates at peak efficiency, it’s crucial to stay current with the latest updates. Below is a detailed overview to help you identify if your Adobe Commerce or Magento Open Source installation requires an update and, if so, which version you need to upgrade to.
The following versions of Adobe Commerce and Magento Open Source are affected and require updating:
Product
Version
Platform
Adobe Commerce
2.4.6-p3 and earlier
2.4.5-p5 and earlier
2.4.4-p6 and earlier
2.4.3-ext-5 and earlier*
2.4.2-ext-5 and earlier*
2.4.1-ext-5 and earlier*
2.4.0-ext-5 and earlier*
2.3.7-p4-ext-5 and earlier*
All
Magento Open Source
2.4.6-p3 and earlier
2.4.5-p5 and earlier
2.4.4-p6 and earlier
All
Note: The list now includes each supported release line to offer clarity. Versions marked with an asterisk (*) are applicable only to customers participating in the Extended Support Program.
Adobe has recommended users to upgrade their installation to the newest version available for their platform. Updated Version:
Adobe Commerce:
Update to 2.4.6-p4 if you’re on version 2.4.6-p3 or earlier
Update to 2.4.5-p6 if you’re on version 2.4.5-p5 or earlier
Update to 2.4.4-p7 if you’re on version 2.4.4-p6 or earlier
For Extended Support Program participants: Update to the respective “-ext-6” version if you’re on any “-ext-5” version or earlier
Magento Open Source:
Update to 2.4.6-p4 if you’re on version 2.4.6-p3 or earlier
Update to 2.4.5-p6 if you’re on version 2.4.5-p5 or earlier
Update to 2.4.4-p7 if you’re on version 2.4.4-p6 or earlier
What’s in This Magento Latest Release?
The recent security releases for Adobe Commerce and Magento Open Source—versions 2.4.6-p4, 2.4.5-p6, and 2.4.4-p7—provide critical enhancements designed to fortify the security of eCommerce platforms. Each version targets its respective deployment, addressing vulnerabilities identified in prior releases and offering uniform security enhancements across the board.
Detail Issues Fixed
Addressing vulnerabilities identified in previous iterations, these patches are essential upgrades for users seeking to maintain the highest security standards for their eCommerce platforms. This update is focused on enhancing security, with a suite of five significant fixes, aimed at making the technical details more accessible:
1. Cross-site Scripting (Stored XSS)
Impact: This vulnerability allows for the execution of arbitrary code on the web application.
Severity: Critical
Authentication Required to Exploit? Yes, an attacker needs to be authenticated.
Admin Privileges Required? Yes, the attacker must have administrative privileges.
CVSS Score: 9.1 (High severity)
CVE Number: CVE-2024-20719
2. OS Command Injection
Impact: This issue could lead to arbitrary code execution by injecting commands that the operating system executes.
Severity: Critical
Authentication Required to Exploit? Yes, attacker authentication is necessary.
Admin Privileges Required? Yes, administrative rights are needed for exploitation.
CVSS Score: 9.1 (High severity)
CVE Number: CVE-2024-20720
3. Uncontrolled Resource Consumption
Impact: Exploiting this vulnerability can lead to an application denial-of-service, effectively making the application unavailable to legitimate users.
Severity: Important
Authentication Required to Exploit? Yes, the attacker needs to be authenticated.
Admin Privileges Required? Yes, it requires administrative access.
CVSS Score: 5.7 (Medium severity)
CVE Number: CVE-2024-20716
4. Cross-site Scripting (Stored XSS)
Impact: Similar to the first vulnerability but with potentially less impact, allowing for arbitrary code execution in a less severe context.
Severity: Important
Authentication Required to Exploit? Yes, requires attacker authentication.
Admin Privileges Required? Lower-level privileges needed for exploitation.
CVSS Score: 5.4 (Medium severity)
CVE Number: CVE-2024-20717
5. Cross-Site Request Forgery (CSRF)
Impact: This vulnerability can bypass security features, potentially leading to unauthorized actions being performed on behalf of authenticated users.
Severity: Moderate
Authentication Required to Exploit? Yes, but it does not require administrative privileges.
Admin Privileges Required? No, admin rights are not needed for this attack.
CVSS Score: 4.3 (Moderate severity)
CVE Number: CVE-2024-20718
Security Highlights
The release introduces pivotal security enhancements aimed at tightening the security posture of Adobe Commerce platforms:
Revamped Cache Key Behavior: This update brings changes to how non-generated cache keys for blocks are handled. These keys now feature distinct prefixes, setting them apart from automatically generated keys. Moreover, non-generated cache keys are now restricted to include only letters, digits, hyphens (-), and underscore (_) characters, enhancing their predictability and security.
Auto-generated Coupon Codes Limitation: With the new update, Adobe Commerce has introduced a cap on the number of coupon codes that can be auto-generated, setting the default maximum to 250,000. This measure aims to prevent potential abuse and system overload. Merchants looking to adjust this limit can do so through the “Code Quantity Limit” configuration option available under Stores > Settings: Configuration > Customers > Promotions.
How to Install Magento latest Releases
Installing the latest updates for Adobe Commerce or Magento Open Source on your self-hosted infrastructure is straightforward. Before starting, ensure you:
Complete all prerequisite tasks.
Install Composer, a tool for dependency management in PHP.
Obtain authentication keys for the Adobe Commerce and Magento Open Source Composer repository.
Step 1: Log In as File System Owner
Log into your application server as the user with permissions to write to the file system where Magento is installed. You might need to use commands like `su` or `sudo -u` to switch to the correct user.
Step 2: Get the Metapackage
Navigate to your web server’s document root directory. Use Composer to create a project with the required Magento metapackage:
Seamless Install Magento latest Release with Mageplaza’s Support
Mageplaza, a leading provider in the Magento ecosystem, has been offering top-notch Magento upgrade services and solutions since 2014. As Magento evolves, staying updated with the latest releases is crucial for the security, efficiency, and competitiveness of your eCommerce business. Mageplaza stands at the forefront of Magento development, providing seamless upgrade services to ensure your online store remains at the cutting edge.
Why Choose Mageplaza for Your Magento Upgrade Service?
Upgrade Specialists: We pride ourselves on being among the first to adapt to and implement the latest Magento updates, ensuring your store benefits from every new feature and improvement.
Guaranteed Security: Expect nothing less than a secure upgrade with the latest security patches, safeguarding your store against vulnerabilities.
Zero Downtime: Understanding the value of your time and business, we ensure that your store remains fully operational throughout the upgrade process.
Data Integrity: Our seasoned experts guarantee a smooth transition during the upgrade, ensuring no data loss and complete data integrity.
Cost-Effective Solutions: We offer competitively priced Magento upgrade services tailored for small to medium-sized businesses. Get in touch for a complimentary consultation and quote.
Comprehensive Post-Upgrade Support: Our commitment to your satisfaction extends beyond the upgrade, with two months of dedicated support to ensure a smooth transition and resolve any post-upgrade queries.
Mageplaza is your go-to partner for upgrading to the latest Magento releases. With our experienced team, proven methodology, and commitment to excellence, we ensure your Magento store remains a step ahead. Contact us today to seamlessly upgrade your store and unlock the full potential of Magento’s latest features.
In wrapping up, Magento’s latest release in February 2024 is a monumental step forward for eCommerce merchants, offering a suite of enhancements designed to solidify your online presence in a rapidly evolving market. With the detailed insights into the versions needing updates, the critical security fixes addressed, and the streamlined installation process, this blog has equipped you with the knowledge to navigate the updates with ease.
Furthermore, Mageplaza’s expert support for a seamless upgrade process underscores the importance of partnering with seasoned professionals to harness the full potential of Magento’s capabilities. Upgrading your Magento store is not just about keeping pace with technological advancements but seizing the opportunity to outperform in the digital marketplace. Leverage Mageplaza’s expertise for an effortless transition to the latest Magento version, ensuring your eCommerce site remains secure, efficient, and competitive.
A data-driven marketing leader with over 10 years of experience in the ecommerce industry. Summer leverages her deep understanding of customer behavior and market trends to develop strategic marketing campaigns that drive brand awareness, customer acquisition, and ultimately, sales growth for our company.
AngularJS vs ReactJS: Which framework is right for your project? In this article, we aim to discover strengths, weaknesses, and best use cases of them.
Simplify data handling for your Magento 2 online store! Learn how to import and export orders in Magento 2 quickly and efficiently with this comprehensive guide.
AngularJS vs ReactJS: Which framework is right for your project? In this article, we aim to discover strengths, weaknesses, and best use cases of them.
Simplify data handling for your Magento 2 online store! Learn how to import and export orders in Magento 2 quickly and efficiently with this comprehensive guide.
12 mins read
|12-18-2024
Website Support & Maintenance Services
Make sure your store is not only in good shape but also thriving with a professional team yet at an affordable price.