Latest versions – Magento Commerce and Open Source – 2.3.5-p1 and 2.3.4-p2

On the 28th of April, Magento released the latest versions of Magento Commerce and Open Source, available to our entire Magento Community. So the pre-release period for these update ends. Magento website owners and merchants should start the process of accessing these updates, they can now be found on GitHub and at Magento.com (in addition to Composer). The Magento improved the experience and security aspects through these new versions.

An error was discovered during Magento’s pre-release period and they have released a correction via a new version. If you access the code via Magento.com, you will only have access to the correct versions (2.3.5-p1 and 2.3.4-p2) but if you access the code via Composer you will need to manually request these specific versions. If you downloaded the code during the pre-release period and encountered error messages, kindly download these new versions; if no error messages were present, you can disregard these new versions.

Additionally, Magento has released a separate security hotfix for 2.3.5-p1 and will need to be downloaded and applied.

You can learn more about release information here.

Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important, and Moderate. Successful exploitation could lead to arbitrary code execution.

Affected Versions:

Product Version Platform
Magento Commerce 2.3.4 and earlier versions All
Magento Open Source 2.3.4 and earlier versions All
Magento Commerce 2.2.11 and earlier versions (see note) All
Magento Open Source 2.2.11 and earlier versions (see note) All
Magento Enterprise Edition 1.14.4.4 and earlier versions All
Magento Community Edition 1.9.4.4 and earlier versions All

Solution:

Product Version Platform Priority Rating Availability
Magento Commerce 2.3.4-p2 All 2 2.3.4-p2 Commerce
Magento Open Source 2.3.4-p2 All 2 2.3.4-p2 Open Source
Magento Commerce 2.3.5-p1 All 2 2.3.5 Commerce
Magento Open Source 2.3.5-p1 All 2 2.3.5 Open Source
Magento Enterprise Edition 1.14.4.5 All 2 1.14.4.5
Magento Community Edition 1.9.4.5 All 2 1.9.4.5

Adobe categorizes these updates with the ‘2’ priority ratings and recommends users update their installation to the newest version.

Definition for Priority ‘2’ – This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).

These updates address the following vulnerability impacts:

  • Arbitrary code execution
  • Sensitive information disclosure
  • Unauthorized access to admin panel
  • Potentially unauthorized product discounts
  • Signature verification bypass

Learn more: Adobe Security Bulletin

If you are not updated to the latest version of Magento or believe your Magento store(s) may be at risk or are currently under attack. Contact our team of certified Magento experts to evaluate updates and secure your website today!