Adobe Commerce 2.4.6-p4 release notes
Adobe Commerce 2.4.6-p4 is a security release that provides five security fixes that enhance your Adobe Commerce 2.4.6 or Magento Open Source 2.4.6 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.
What’s in this release?
This patch includes five security fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.
Security highlights
This release introduces two significant security enhancements:
-
Changes to the behavior of non-generated cache keys:
- Non-generated cache keys for blocks now include prefixes that differ from prefixes for keys that are generated automatically. (Non-generated cache keys are keys that are set through template directive syntax or the
setCacheKeyorsetDatamethods.) - Non-generated cache keys for blocks now must contain only letters, digits, hyphens (-), and underscore characters (_).
- Non-generated cache keys for blocks now include prefixes that differ from prefixes for keys that are generated automatically. (Non-generated cache keys are keys that are set through template directive syntax or the
-
Limitations on the number of auto-generated coupon codes. Commerce now limits the number of coupon codes that are automatically generated. The default maximum is 250,000. Merchants can use the new Code Quantity Limit configuration option (Stores > Settings:Configuration > Customers > Promotions) to control this new limit.
Installation and upgrade instructions
For instructions on downloading and upgrading to security patch releases, see Quick start install.
More information?
For general information about security patches, see Adobe Commerce release policy.