Release notes for Adobe Commerce 2.4.7 security patches

These security patch release notes capture updates to enhance the security of your Adobe Commerce deployment. Information includes, but is not limited to, the following:

  • Security bug fixes
  • Security highlights that provide more detail about enhancements and updates included in the security patch
  • Known issues
  • Instructions to apply additional patches if required
  • Information about any hot fixes included in the release

Learn more about security patch releases:

Adobe Commerce 2.4.7-p1

The Adobe Commerce 2.4.7-p1 security release provides security bug fixes for vulnerabilities that have been identified in previous releases of 2.4.7.

For the latest information about the security bug fixes, see Adobe Security Bulletin APSB24-40.

Security highlights

  • Update one-time password (OTP) settings for Google Authenticator–This update is required to resolve an error that was introduced by a backward-incompatible change in 2.4.7. The description of the OTP Window field now provides an accurate explanation of the setting and the default value has been changed from 1 to 29.

  • B2B version compatibility—For compatibility with Commerce version 2.4.7-p1, merchants that have the Adobe Commerce B2B extension must upgrade to B2B version 1.4.2-p1.

Hotfixes included in this release

Adobe Commerce 2.4.7-p1 resolves an issue introduced in the scope of the UPS integration migration from SOAP to REST API. This issue affected customers who ship outside of the US and prevented them from using the Metric System/SI measurements of kilograms and centimeters for packages to create shipments with UPS. See the UPS shipping method integration migration from SOAP to RESTful API knowledge base article for details.