Magento Hosting Emergency? Learn About Our Magento Hosting Rescue Service! ❯

    We can help you. Right now.
    Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
    Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]









    Call us at:1 (888) 997-2457

    Magento 2.4.4 General Release and Security Patches for 2.3.7 and 2.4.3

    Magento 2.4.4 has arrived, and so have security patches for other recent versions of Magento and Adobe Commerce.

    Magento 2.3.7-p3 and Magento 2.4.3-p2

    These patches were released on April 12th, 2022, and address PRODSECBUG-3137, a Priority 3 security vulnerability which is also labeled as CVE-2022-24093.

    Adobe Security Severity Ratings

    You can learn more about Adobe’s security vulnerability rating system at https://helpx.adobe.com/security/severity-ratings.html.

    If you’re not quite ready to upgrade to 2.4.4, here’s what you need to know:

    While this is a critical vulnerability, as a priority 3, this vulnerability is not known to have been exploited in the wild. According to Adobe security bulletin APSB22-13, hackers would require authentication and admin privileges in order to take advantage of this arbitrary code execution vulnerability.

    APSB22-13 Priority 3

    APSB22-13 Details

    You can learn more about this security vulnerability at https://helpx.adobe.com/security/products/magento/apsb22-13.html

    To summarize, you should not neglect to install this patch (it is important!), but this is not like the recent security patches which addressed vulnerabilities that did not require authentication or admin privileges and left a comparatively open door for hackers to exploit.  

    Magento 2.4.4

    Magento and Adobe Commerce 2.4.4 have arrived, and include a wide variety of noteworthy updates. Here’s are the highlights:

    The full release notes are accessible at: https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-4.html

    Overall, Adobe has been working to slim down the core Magento installation with the goal of making maintenance easier and allowing merchants to focus on extensions and themes for more advanced features. 

    It’s worth mentioning that there are backward-incompatible changes in this new version of Magento. For a list of backward-incompatible changes, please visit: https://devdocs.magento.com/guides/v2.4/release-notes/backward-incompatible-changes/index.html

    You should also be aware of some changes which can impact your site, such as “…token-based authentication where the access token could be used on its own for bearer authentication of API requests when integrating with a third-party system that supports this kind of authentication.”. In simpler terms, they are deprecating never-expiring access tokens, as it’s much better to use OAuth for security reasons, and not these never-expiring tokens.

    Another example is the removal of Email variable usage, which was deprecated back in Magento 2.3.4, and is completely removed in Magento 2.4.4. This could impact your existing Email templates in Magento.

    Upgrading to Magento 2.4.4

    Since Magento 2.4.4 is built to work with newer versions of PHP and other software, it’s best to make a copy of your website and work on upgrading your store within a separate development hosting environment. That will allow you to work with Magento 2.4.4 with its recommended supporting software and dependencies without impacting your live website.

    For help setting up a development and/or staging environment, please contact your JetRails account manager, or simply open JetRails support ticket.

    New Integrations

    Adobe has been engaging in a variety of new relationships to enhance opportunities for Magento store owners to access best-in-class services and innovative technologies. 

    For instance, they’ve partnered up with Bolt, making Bolt’s Quick Checkout available to merchants of all sizes – from startups to enterprises. Merchants are currently being granted 90-day free trials of this service, so it’s a great time to test it out.

    The Adobe team has also been working on their Channel Manager integration with Walmart. Their team has been putting a lot of focus on these partnerships, as 3rd party services and integrations have always been cornerstones in successful eCommerce businesses. If you are interested in learning more about Bolt, please reach out to your JetRails account manager.

    What does the future look like?

    Magento 2.4.5 is not scheduled for release until August 2022. There is not yet a release date for 2.4.6, or a 2.5 branch of Adobe Commerce and Magento Open Source. This is consistent with Adobe’s goal of publishing fewer versions, to keep the maintenance work and costs for operating a Magento store less of a hassle for merchants.

    It’s likely that 2.4.4 and the upcoming 2.4.5 will be the only new versions of Magento Open Source and Adobe Commerce this year. It’s more likely that we’ll see smaller patches being released supplemental.

    With that in mind, you’ll want to familiarize yourself with the Magento Quality Patches Tool. This resource is independent of security patches and can help you get the latest bug fixes and improvements for Magento Open Source and Adobe Commerce.

    For a list of upcoming releases in 2022, please visit: https://devdocs.magento.com/release/

    About The Author
    Robert Rand
    Director of Partnerships & Alliances

    Robert is a Magento 1 and 2 Solution Specialist with over a decade of experience in helping merchants benefit from sound ecommerce and digital marketing strategies. He’s highly experienced at harnessing the power of ecommerce technologies and solutions to help businesses of all types and sizes grow and succeed.

    Get A Free Consultation From The JetRails Team

    Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

      More Articles
      Why Improved Import & Export Is Such A Popular Magento 2 Extension
      View Article
      Magento Critical Security Patches 2.4.5-p1 and 2.4.4-p2
      View Article
      Magento 2.4.5 and August 2022 Magento Ecosystem News
      View Article