Adobe Commerce 2.4.4-p1 release notes

Adobe Commerce 2.4.4-p1 is a security release that provides 17 security fixes that enhance your Adobe Commerce 2.4.4 or Magento Open Source 2.4.4 deployment. It provides fixes for vulnerabilities that have been identified in the previous release (Adobe Commerce 2.4.4 and Magento Open Source 2.4.4).

Adobe Commerce releases may contain backward-incompatible changes (BICs). To review backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.

Apply AC-3022.patch to continue offering DHL as a shipping carrier

DHL has introduced schema version 6.2 and will deprecate schema version 6.0 in the near future. Adobe Commerce 2.4.4 and earlier versions that support the DHL integration support only version 6.0. Merchants deploying these releases should apply AC-3022.patch at their earliest convenience to continue offering DHL as a shipping carrier. See the Apply a patch to continue offering DHL as shipping carrier Knowledge Base article for information about downloading and installing the patch.

What’s in this release?

This security patch includes:

  • Security enhancements
  • Security bug fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.

Security highlights

Security improvements for this release improve compliance with the latest security best practices, including:

  • ACL resources have been added to Inventory.
  • Inventory template security has been enhanced.

Installation and upgrade instructions

For instructions on downloading and applying security patches (including patch 2.4.4-p1), see Quick start install.

Known issues

Issue: Web API and integration tests display this error when run on the 2.4.4-p1 package: [2022-06-14T16:58:23.694Z] PHP Fatal error: Declaration of Magento\TestFramework\ErrorLog\Logger::addRecord(int $level, string $message, array $context = []): bool must be compatible with Monolog\Logger::addRecord(int $level, string $message, array $context = [], ?Monolog\DateTimeImmutable $datetime = null): bool in /var/www/html/dev/tests/integration/framework/Magento/TestFramework/ErrorLog/Logger.php on line 69. Workaround: Install the previous version of Monolog by running the require monolog/monolog:2.6.0 command.

Issue: Merchants may notice package version downgrade notices during upgrade from Adobe Commerce 2.4.4 to Adobe Commerce 2.4.4-p1. These messages can be ignored. The discrepancy in package versions results from anomalies during package generation. No product functionality has been affected. See the Packages downgraded after upgrading from 2.4.4 to 2.4.4-p1 Knowledge Base article for a discussion of affected scenarios and workarounds.

More information?

For general information about security patches, see Introducing the New Security Patch Release.