Adobe Commerce 2.3 reached end of support in September 2022.

Adobe Commerce 2.3.7-p4 Release Notes

Adobe Commerce 2.3.7-p4 provides 15 security fixes that enhance your Adobe Commerce 2.3.7 or Magento Open Source 2.3.7 deployment. It provides fixes for vulnerabilities that have been identified in the previous release (Adobe Commerce 2.3.7-p3).

PHP 7.3 reached end of support in December 2021, and Adobe Commerce 2.3.x and Magento Open Source 2.3.x will reach end of support in September 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x or Magento Open Source 2.4.x deployment to help maintain PCI compliance.

Releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)

Apply AC-3022.patch to continue offering DHL as a shipping carrier

DHL has introduced schema version 6.2 and will deprecate schema version 6.0 in the near future. Adobe Commerce 2.4.4 and earlier versions that support the DHL integration support only version 6.0. Merchants deploying these releases should apply AC-3022.patch at their earliest convenience to continue offering DHL as a shipping carrier. See the Apply a patch to continue offering DHL as shipping carrier Knowledge Base article for information about downloading and installing the patch.

What’s in this release?

This security patch includes:

  • Security enhancements
  • Security bug fixes. See Adobe Security Bulletin for the latest discussion of these fixed issues.

Security highlights

Security improvements for this release improve compliance with the latest security best practices, including:

  • ACL resources have been added to Inventory.
  • Inventory template security has been enhanced.

Known issue

Issue: Merchants may notice package version downgrade notices during upgrade from Adobe Commerce 2.3.7-p3 to Adobe Commerce 2.3.7-p4. These messages can be ignored. The discrepancy in package versions result from anomalies during package generation. No product functionality has been affected.

Installation and upgrade instructions

For instructions on downloading and applying security patches (including patch 2.3.7-p4), see Quick start install.

More information?

For general information about security patches, see Introducing the New Security Patch Release.