Adobe Commerce (Magento) 2.4.6-P1 is a security release that provides three security fixes that enhance your Adobe Commerce (Magento) 2.4.6 or Magento Open Source 2.4.6 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.
What’s in Adobe Commerce 2.4.6-P1 Release?
Security enhancements for this release improve compliance with the latest security best practices. These improvements include 13 security fixes and platform upgrades.
This security patch includes:
This patch includes 13 security fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.
The default behavior of the isEmailAvailable GraphQL query and (V1/customers/isEmailAvailable) REST endpoint has changed. By default, the API now always returns true. Merchants can enable the original behavior, which is to return true if the email does not exist in the database and false if it exists.
Platform upgrades for this release improve compliance with the latest security best practices.
Varnish cache 7.3 Support: This release is compatible with the latest version of Varnish Cache 7.3. Compatibility remains with the 6.0.x and 7.2.x versions, but we recommended using Adobe Commerce (Magento) 2.4.6-p1 only with Varnish Cache version 7.3 or version 6.0 LTS.
RabbitMQ 3.11 Support: This release is compatible with the latest version of RabbitMQ 3.11. Compatibility remains with RabbitMQ 3.9, which is supported through August 2023, but we recommended using Adobe Commerce (Magento) 2.4.6-p1 only with RabbitMQ 3.11.
The nginx.sample file was inadvertently updated with a change that modifies the value of fastcgi_pass from fastcgi_backend to php-fpm:9000. This change can be safely reverted or ignored.