Backwards incompatible changes for GraphQL placeOrder API in Adobe Commerce 2.4.6-p8

This article provides a patch for the known Adobe Commerce version 2.4.6-p8 Cloud and On-premises issue where the placeOrder GraphQL API doesn’t return an expected error response, as seen in previous 2.4.6 patch versions. This may lead to a broken checkout experience for merchants using PWA storefront or any other GraphQL API-based storefront for their stores.

NOTE
Please contact Support Services if you encounter any issues applying the patch.

Affected products and versions

  • Adobe Commerce on Cloud 2.4.6-p8
  • Adobe Commerce on-premises 2.4.6-p8

Issue

After the upgrade on Adobe Commerce 2.4.6-p8 security-only patch, the placeOrder GraphQL API doesn’t return an expected error response, as seen in any previous 2.4.6 patch versions. This may lead to a broken checkout experience for merchants using PWA storefront or any other GraphQL API-based storefront for their stores.

Step to reproduce:

Run the placeOrder GraphQL request where you expect an error response.

Expected result:

You receive an expected error response.

Actual result:

Instead of an expected error response, you receive a successful response, but with a new errors key that looks like this:

{
    "data": {
        "placeOrder": {
            "order": null,
            "__typename": "PlaceOrderOutput"
        }
    }
}

Solution for Adobe Commerce on Cloud and Adobe Commerce On-premises Software

To solve the issue, apply the patch.
To download it, click the following link:

ac-13283-composer-patch.zip

How to apply the patch

Unzip the file and see How to apply a composer patch provided by Adobe in our support knowledge base for instructions.

For Adobe Commerce on Cloud merchants only - How to tell whether patches have been applied

Considering that it isn’t possible to easily check if the issue was patched, you might want to check whether the patch has been successfully applied.

You can do this by taking the following steps, using the sample file VULN-27015-2.4.7_COMPOSER.patch as an example:

  1. Install the Quality Patches Tool.

  2. Run the command:

    ac-13283-tell-if-patch-applied-code

  3. You should see output similar to this, where VULN-27015 returns the  Applied  status:

    code language-bash
    ║ Id            │ Title                                                        │ Category        │ Origin                 │ Status      │ Details                                          ║ ║ N/A           │ ../m2-hotfixes/VULN-27015-2.4.7_COMPOSER_patch.patch      │ Other           │ Local                  │ Applied     │ Patch type: Custom
    
recommendation-more-help
8bd06ef0-b3d5-4137-b74e-d7b00485808a