Magento 2.4.0 and 2.3.5-p2 Security Updates Released
Critical security updates address 30+ vulnerabilities including RCE and XSS issues, emphasising the importance of immediate updates for merchants.
Magento 2.4.0 and 2.3.5-p2 Security Updates Released
Adobe has released critical security updates for Magento today, addressing a significant number of vulnerabilities across multiple versions. The latest updates target both the current release cycle and earlier versions, with patches available for Magento 2.4.0 and Magento 2.3.5-p2.
What's Being Addressed
This latest security release addresses over 30 vulnerabilities, including several critical issues that merchants must prioritise:
- Remote Code Execution (RCE) vulnerabilities that could allow attackers to execute arbitrary code
- Cross-Site Scripting (XSS) vulnerabilities affecting both stored and reflected attack vectors
- SQL Injection risks that could compromise sensitive customer data
- Additional vulnerabilities affecting order processing and customer account management
The severity and scope of these vulnerabilities underscore why timely updates are essential for any e-commerce operation.
Why This Matters for Your Business
For merchants running Magento, security is not optional—it's fundamental. These vulnerabilities directly impact:
- Customer Data Protection: XSS and SQL injection risks could expose customer personal information and payment data
- Operational Integrity: RCE vulnerabilities pose a direct threat to your entire platform infrastructure
- Compliance Requirements: PCI DSS compliance demands that you maintain current security patches
- Business Continuity: A compromised store directly impacts revenue and customer trust
Recommended Action
We strongly recommend all Magento merchants:
- Review the advisory: Check Adobe's official security advisory for your specific version
- Test patches in staging: Deploy updates to a test environment before production to ensure compatibility with custom extensions
- Plan for deployment: Schedule patching as soon as possible—these are critical-level vulnerabilities
- Monitor your logs: Review access logs for any suspicious activity that may indicate exploitation attempts
As a forward-thinking Adobe Commerce agency, we emphasise that staying current with security patches is a cornerstone of responsible e-commerce management. If you're unsure about your current version status or need assistance with patching, we're here to help.
Want to read more insights?
View All ArticlesRelated Articles
Continue reading with these related insights and updates from our team.
Magento 2.4.1 Released: New Media Gallery and Enhanced GraphQL
Major release introduces new Media Gallery, PWA Studio innovations, and GraphQL support for reviews and gift options.
FedEx Acquires ShopRunner: Future Adobe Commerce Integration Planned
FedEx acquisition of ShopRunner sets stage for future integration opportunities with Adobe Commerce and e-commerce platforms.
Magento 2.4.1 Security Enhancements: CAPTCHA and Payment Protections
Release adds CAPTCHA safeguards for payment-related REST and GraphQL endpoints, strengthening merchant security.
Explore More Solutions
Adobe Commerce (Magento) Development
Expert Adobe Commerce (Magento) and Magento development in London
E-commerce Strategy
Strategic e-commerce consulting for digital growth
SEO Optimisation
Technical SEO for e-commerce websites
Design & UX
User experience design for e-commerce conversion