-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APSB24-73 open source patch for magento 2.4.7-p2 #39284
Comments
Hi @davidandersson1. Thank you for your report.
Join Magento Community Engineering Slack and ask your questions in #github channel. |
@davidandersson1, the patch only applies to Adobe Commerce B2B edition, not to Magento Open Source:
However, all the other (less critical) vulnerabilities mentioned on the ABSP24-73 security bulletin do apply to Magento Open Source, so it's best to also upgrade your Magento version to 2.4.7-p3 if you want to see those resolved. |
Thanks @hostep, for the detailed explanation. I think we can close this issue. |
Do we know of there is a patch or Magento has intentions of releasing an Open Source patch for stores that cannot upgrade to 2.4.7-p3? |
It's unclear what you're talking about, are you talking about any specific vulnerability in particular? |
Summary
Hello,
We have noticed that magento released secuiry patch at last 8th Oct 2024, https://helpx.adobe.com/security/products/magento/apsb24-73.html
so we have download patch(vuln-25610-composer-patch.zip) from this page: https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb24-73
after downloaded patch and checked, it is for "module-company" but in our magento 2.4.7-p2 does not have this module in entire source code ( including vendor dir).
Does it really required to apply for open source version 2.4.7-p2? If yes then could you plese provide us patch for same which should works for 2.4.7-p2.
Thanks,
David Andersson
Examples
new file mode 100644
--- /dev/null
+++ b/vendor/magento/module-company/Model/Customer/AccountManagement/CompanyRequestHydrator.php
@@ -0,0 +1,66 @@
+<?php
+/**
+declare(strict_types=1);
+namespace Magento\Company\Model\Customer\AccountManagement;
+
+use Magento\Company\Api\Data\CompanyInterface;
+
+/**
+class CompanyRequestHydrator
+{
+}
--- a/vendor/magento/module-company/Plugin/Customer/Api/AccountManagement.php
+++ b/vendor/magento/module-company/Plugin/Customer/Api/AccountManagement.php
@@ -11,17 +11,13 @@
use Magento\Customer\Api\CustomerRepositoryInterface;
use Magento\Company\Api\CompanyManagementInterface;
use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Company\Model\Customer\AccountManagement\CompanyRequestHydrator;
/**
*/
class AccountManagement
{
* @var \Magento\Company\Model\Email\Sender
*/
@@ -47,30 +43,35 @@
*/
private $customerRepository;
* AccountManagement constructor
*
}
/**
@@ -127,11 +128,7 @@
\Magento\Customer\Api\AccountManagementInterface $subject,
\Magento\Customer\Api\Data\CustomerInterface $result
) {
Proposed solution
No response
Release note
No response
Triage and priority
The text was updated successfully, but these errors were encountered: