1

Tried to patch magento open source 2.4.6-p6 with the file: vuln-25610-composer-patch.zip

But I do not have file: vendor/magento/module-company/Plugin/Customer/Api/AccountManagement.php

https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb24-73

What should I do... :)

Improve this question

3 Answers 3

Reset to default
1

The extension that is patched here (magento/module-company) is only available as part of the Commerce version, and even then only for the B2B module offered by it. Therefore you do not need to add this patch to your open-source project. If you check the vendor folder, you will not find that extension under the Magento subfolder.

Improve this answer
0

The Isolated Patch for CVE-2024-45115 applies only to Adobe Commerce B2B, specifically versions 1.3.3 to 1.4.2. Magento Open Source is not affected by CVE-2024-45115. Therefore, you do not need to apply this patch to your Magento Open Source site.

Improve this answer
0

When I run Magento Scanner, I receive notice:

APSB24-73 security updates available for Adobe Commerce and Magento Open Source Affected versions: 2.4.7-p2 and earlier.

It appears that patch:vuln-25610-composer-patch.zip is required for Magento Open Source as well:

https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb24-73

Can somebody please clarify?

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.