Affected products and versions

Adobe Commerce on cloud infrastructure and on-premises, and Magento Open Source:

  • 2.4.4
  • 2.4.4-pX
  • 2.4.5
  • 2.4.5-pX
  • 2.4.6
  • 2.4.6-pX

Causes

The UPS released a security update for their API.

If you have European Union (other origins may experience the same problem) as Origin of the Shipment this will cause an error in the UPS REST request:
A shipment cannot have a KGS/IN or LBS/CM or OZS/CM as its unit of measurements.

Solution

Use the following attached patches, depending on your Adobe Commerce/Magento Open Source version:

To resolve the issue in the 2.4.4+, 2.4.5+, and 2.4.6+ versions, you must apply the corresponding patch to your version of Adobe Commerce/Magento Open Source below.

Patch

Use the following attached patches, depending on your Adobe Commerce/Magento Open Source version:

For versions 2.4.4, 2.4.4-pX:

For versions 2.4.5, 2.4.5-pX:

For versions 2.4.6, 2.4.6-pX:

How to apply the patch

Unzip the file and see How to apply a composer patch provided by Adobe in our support knowledge base for instructions.

How to tell whether the patches have been applied

Considering that it is not possible to easily check if the issue was patched, you might want to check whether the patch has been successfully applied. This uses (Example: AC-9363) as the patch to check.

You can do this by taking the following steps:

  1. Install the Quality Patches Tool.

  2. Run the command:

    vendor/bin/magento-patches -n status |grep "9363|Status"
    
  3. You should see output similar to this, where AC-9363 returns the  Applied  status:

    ║ Id            │ Title                                                        │ Category        │ Origin                 │ Status      │ Details                                          ║ ║ N/A           │ ../m2-hotfixes/AC-9363_USPS_Ground_Advantage_shipping_method_COMPOSER_patch.patch      │ Other           │ Local                  │ Applied     │ Patch type: Custom
    
Previous pageSecurity update available for Adobe Commerce - APSB24-40 Revised to include isolated patch for CVE-2024-34102
Next pageUSPS Ground Advantage shipping method support hotfix for AC-9182

Commerce