Security
Magento security best practices, vulnerability patches, and hardening techniques for Adobe Commerce and Magento Open Source.
-
https://magentians.wordpress.com/2024/08/26/how-to-csp-inline-script-for-checkout-required-since-june-2024/
Adobe released a security patch in June 2024 which introduced some major changes to how Magento handles Content Security Policy (CSP), and these changes directly impact functionality around the checkout.
Many developers were caught unprepared because Adobe didn’t announce this big change in the release notes.
-
https://github.com/DeployEcommerce/module-trojan-order-prevent
This is a Magento 2 extension that prevents billing/shipping addresses being saved via the API with known trojan order strings. This is not a fix for CVE-2022-24086 but an additional layer of protection for merchants.
53620 Aug 2024
-
https://www.yireo.com/blog/2024-08-02-magento-and-hyva-checkout-and-csp
For some time now, Magento has been shipping with a CSP module, in general for security reasons but more specifically for PCI compliance. Magento 2.4.7-p1 changed the game and Hyvä is as-of-yet not compatible with these new changes. But there are solutions.
02 Aug 2024
