Security updates available for Adobe Commerce (APSB24-90)

On November 12, 2024, Adobe released a security update for Adobe Commerce (on Cloud and On-premises) and Magento Open Source features powered by Commerce Services and deployed as SaaS (Software as a Service). This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. More information can be found in the APSB24-90 security bulletin. Please apply the latest security updates as soon as possible. If you fail to do so, you will be vulnerable to these security issues, and Adobe will have limited means to help remediate.

Description description

Environments

Issue

On November 12, 2024, Adobe released a security update for Adobe Commerce (on Cloud and On-premises) and Magento Open Source features powered by Commerce Services and deployed as SaaS (Software as a Service). This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

More information can be found in the APSB24-90 security bulletin.

Please apply the latest security updates as soon as possible. If you fail to do so, you will be vulnerable to these security issues, and Adobe will have limited means to help remediate.

Resolution resolution

To resolve the vulnerability, upgrade the magento/services-id extension to version 3.2.6.

Steps to proceed with the upgrade:

composer update magento/services-id magento/module-services-id magento/module-services-id-graph-ql-server
bin/magento setup:upgrade --keep-generated
bin/magento setup:static-content:deploy
bin/magento cache:clean

Related Reading