Adobe Commerce 2.4.5-p6 release notes

Adobe Commerce 2.4.5-p6 is a security release that provides five security fixes that enhance your Adobe Commerce 2.4.5 or Magento Open Source 2.4.5 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.

Adobe Commerce and Magento Open Source releases may contain backward-incompatible changes (BICs). To review backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.

What’s in this release?

This patch includes five security fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.

Security highlights

This release introduces two significant security enhancements:

  • Changes to the behavior of non-generated cache keys:

    • Non-generated cache keys for blocks now include prefixes that differ from prefixes for keys that are generated automatically. (Non-generated cache keys are keys that are set through template directive syntax or the setCacheKey or setData methods.)
    • Non-generated cache keys for blocks now must contain only letters, digits, hyphens (-), and underscore characters (_).
  • Limitations on the number of auto-generated coupon codes. Commerce now limits the number of coupon codes that are automatically generated. The default maximum is 250,000. Merchants can use the new Code Quantity Limit configuration option (Stores > Settings:Configuration > Customers > Promotions) to control this new limit.

Installation and upgrade instructions

For instructions on downloading and upgrading to security patch releases, see Quick start install.

More information?

For general information about security patches, see Adobe Commerce release policy.