Magento Critical Security Update
Incident Report for Server Status | Nexcess
Resolved
This incident has been resolved.
Posted Apr 30, 2024 - 14:54 EDT
Update
We are continuing to monitor for any further issues.
Posted Apr 11, 2024 - 09:07 EDT
Monitoring
Adobe has released a critical security update for Magento. Exploitation of the underlying vulnerability could lead to arbitrary code execution. Store owners are encouraged to apply the security update by upgrading their Magento version as soon as possible. The security update applies to the following Magento Open Source versions:
- 2.4.7-beta3 and earlier
- 2.4.6-p4 and earlier
- 2.4.5-p6 and earlier
- 2.4.4-p7 and earlier

To secure your Magento store, upgrade your Magento version as follows:
- Upgrade to Magento Open Source version 2.4.7 if currently running versions 2.4.7-beta3 and earlier
- Upgrade to Magento Open Source version 2.4.6-p5 if currently running versions 2.4.6-p4 and earlier
- Upgrade to Magento Open Source version 2.4.5-p7 if currently running versions 2.4.5-p6 and earlier
- Upgrade to Magento Open Source version 2.4.4-p8 if currently running versions 2.4.4-p7 and earlier

The vulnerability also affects Adobe Commerce customers. You may review the Adobe security bulletin in full here:
https://helpx.adobe.com/security/products/magento/apsb24-18.html

Our support team is on standby if you need any help or have questions or concerns. You can connect with us through the following channels:

- Live Chat via Customer Portal: https://my.nexcess.net/
- Email: support@nexcess.net
- Phone: 1-866-639-2377, 1-313-279-0722 (international).
Posted Apr 09, 2024 - 13:29 EDT
This incident affected: Platform Operations (Platform Updates / Other).
Current Status Powered by Atlassian Statuspage