Release notes
- Overview
- Backward-incompatible changes
- Adobe Commerce
  - Overview
  - 2.4.7-beta1
  - 2.4.6
  - 2.4.5
  - 2.4.4
  - 2.4.3
  - 2.4.2
  - 2.4.1
  - 2.4.0
- Magento Open Source
  - Overview
  - 2.4.7-beta1
  - 2.4.6
  - 2.4.5
  - 2.4.4
  - 2.4.3
  - 2.4.2
  - 2.4.1
  - 2.4.0
- Security patch releases
  - Overview
  - 2.4.6-p2
  - 2.4.6-p1
  - 2.4.5-p4
  - 2.4.5-p3
  - 2.4.5-p2
  - 2.4.5-p1
  - 2.4.4-p5
  - 2.4.4-p4
  - 2.4.4-p3
  - 2.4.4-p2
  - 2.4.4-p1
  - 2.4.3-p3
  - 2.4.3-p2
  - 2.4.3-p1
  - 2.4.2-p2
Released versions
Features by version
Product availability
Beta releases
Planning and policies
Packages
Return to Operational Guides

Adobe Commerce 2.4.6-p2 release notes

Adobe Commerce 2.4.6-p2 is a security release that provides three security fixes that enhance your Adobe Commerce 2.4.6 or Magento Open Source 2.4.6 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.

NOTE

Adobe Commerce and Magento Open Source releases may contain backward-incompatible changes (BICs). To review backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.

Apply patch to resolve security vulnerability CVE-2022-31160 in jQuery-UI library

jQuery-UI library version 1.13.1 has a known security vulnerability (CVE-2022-31160) that affects multiple versions of Adobe Commerce and Magento Open Source. This library is a dependency of Adobe Commerce and Magento Open Source 2.4.4, 2.4.5, and 2.4.6. Merchants running affected deployments should apply the patch specified in the jQuery UI security vulnerability CVE-2022-31160 fix for 2.4.4, 2.4.5, and 2.4.6 releases Knowledge Base article.

What’s in this release?

Security enhancements for this release improve compliance with the latest security best practices. These improvements include three security fixes.

This security patch includes:

security fixes
security highlight

Security fixes

This patch includes three security fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.

Security highlight

The value of fastcgi_pass in the nginx.sample file has been returned to its previous (pre-2.4.6-p1) value of fastcgi_backend. This value was inadvertently changed to php-fpm:9000 in Adobe Commerce 2.4.6-p1.

Hotfixes included in this release

Adobe Commerce 2.4.6-p2 includes resolution of the performance degradation that was addressed by patch ACSD-51892. Merchants are not affected by the issue addressed by this patch, which is described in the ACSD-51892: Performance issue where config files load multiple times Knowledge Base article.

Installation and upgrade instructions

For instructions on downloading and applying security patches (including patch 2.4.6-p2), see Quick start install.

More information?

For general information about security patches, see Introducing the New Security Patch Release.

Adobe Commerce 2.4.6-p2 release notes

Apply patch to resolve security vulnerability CVE-2022-31160 in jQuery-UI library

What’s in this release?

Security fixes

Security highlight

Hotfixes included in this release

Installation and upgrade instructions

More information?

Business.Adobe.com resources

On this page

View next:

Learn

Documentation

Community

Support

Resources

Adobe Account

Adobe