Adobe Commerce on cloud infrastructure has a protective blocking feature that, under certain circumstances, restricts access to websites with security vulnerabilities. This partial blocking method prevents exploitation of known security vulnerabilities. Outdated software often contains exploits, so it is important to protect against these exploits by partially blocking access to these sites.
Adobe Commerce maintains a database of signatures of known security vulnerabilities in open-source software that are commonly deployed on cloud infrastructure. The security check analyzes only known vulnerabilities in open-source projects; it cannot examine customizations you write.
Security scan runs:
If a critical vulnerability is detected in your application, it rejects the Git push.
There are two types of blocks that run:
Complete block—for development websites. The error message accompanying
git push provides detailed information about the vulnerability.
Partial block—for production websites, which allows the site to stay mostly online. Depending on the nature of the vulnerability, parts of a request, such as a query string, cookies, or any additional headers, might be removed from GET requests. All other requests may be blocked entirely, such as logging in, form submission, or product checkout.
Unblocking is automated upon resolution of the security risk. The block is removed soon after you apply a security upgrade that removes the vulnerability.
The protective block is there to protect you against known vulnerabilities in the software you deploy Adobe Commerce on cloud infrastructure.
However, you can opt out of the protective block by adding the following to
preflight: enabled: false
You can explicitly opt out of a specific check, for example:
preflight: enabled: true ignore_rules: [ "drupal:SA-CORE-2014-005" ]