Adobe Commerce 2.4.4-p6 release notes
Adobe Commerce 2.4.4-p6 is a security release that provides ten security fixes that enhance your Adobe Commerce 2.4.4 or Magento Open Source 2.4.4 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.
What’s in this release?
Security enhancements for this release improve compliance with the latest security best practices. These improvements include ten security fixes.
This security patch includes:
- security highlight
- security fixes
Security highlight
This release introduces a new full page cache configuration setting that helps to mitigate the risks associated with the {BASE-URL}/page_cache/block/esi HTTP
endpoint. This endpoint supports unrestricted, dynamically loaded content fragments from Commerce layout handles and block structures. The new Handles Param configuration setting sets the value of this endpoint’s handles
parameter, which determines the maximum allowed number of handles per API. The default value of this property is 100. Merchants can change this value from the Admin ( Stores > Settings:Configuration > System > Full Page Cache > Handles Param.
Security fixes
This patch includes ten security fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.
Known issue
Issue: Adobe Commerce displays a wrong checksum error during download by Composer from repo.magento.com
, and package download is interrupted. This issue can occur during download of release packages that were made available during prerelease and is caused by a repackaging of the magento/module-page-cache
package.
Workaround: Merchants who see this error during download can take these steps:
- Delete the
/vendor
directory inside the project, if one exists. - Run the
bin/magento composer update magento/module-page-cache
command. This command updates only thepage cache
package.
If the checksum problem persists, remove the composer.lock
file before re-running the bin/magento composer update
command to update every package.
Installation and upgrade instructions
For instructions on downloading and upgrading to security patch releases, see Quick start install.
More information?
For general information about security patches, see Adobe Commerce release policy.