Nexcess Logo

Magento security patch: installing Magento 2.4.5-p1

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
December 19, 2022


To defend Magento stores from potential attacks, Magento security patches are provided. It's possible that 62% of all Magento stores in operation may contain one or more security flaws. Older versions of Magento and failure to apply Magento security patches are the leading causes of typical security-related problems.


When a vulnerability is discovered, the Magento team works promptly to create a Magento security patch to fix the version. For those that are already upgraded to Magento 2.4.5, Adobe has released Magento security patch 2.4.5-p1.

This patch was written to address both of the newly disclosed security vulnerabilities. This article outlines the easy steps to installing Magento security patch 2.4.5-p1 to protect your Magento store and users from potential attacks.

An overview of Magento 2.4.5 requirements


The improvements in Magento 2.4.5 are concentrated on the platform's functionality as well as the new patch release process. Specifically, the Magento 2 security patch update methods have been enhanced.

With regard to platform quality, GraphQL caching performance, accessibility, payment options, and Google-integrated modules enhancement, Magento 2.4.5 features approximately 290 quality fixes and improvements. With a few upgrades, Magento 2.4.5 system requirements are identical to those of Magento 2.4.4. These are what they are:

  • Composer 2.2
  • Elasticsearch 7.17
  • MariaDB 10.4
  • MySQL 8.0
  • PHP 8.1
  • Redis 6.2
  • Varnish 7.0
  • Apache 2.4
  • Nginx 1.18

About Magento security patch 2.4.5-p1


In order to improve your Magento Open Source 2.4.5 or Adobe Commerce 2.4.5 deployment, the security update Adobe Commerce 2.4.5-p1 offers five security changes. The patch addresses issues that were found in the previous release's vulnerabilities, impacting the Adobe Commerce 2.4.5 and Magento Open Source 2.4.5 platforms. Five security bugs have been fixed by this security patch. New configuration settings were included as part of one fix.

In addition, administrators can ask for an email confirmation when a Magento admin user changes their email address by using the configuration setting that is called Require email confirmation if an email has been changed. To learn more about the security bugs and changes on a patch-by-patch basis, you can refer to the Adobe Security Bulletin.

These are the system requirements for Magento security patch 2.4.5-p1:

  • Composer 2.2
  • Elasticsearch 7.17
  • MariaDB 10.4
  • MySQL 8.0
  • PHP 8.1
  • Redis 6.2
  • Varnish 7.0
  • Apache 2.4
  • Nginx 1.18

Prerequisites


Here are prerequisites that must be in place before you can begin with the patching process:

  • Comply with the requirement list above so that every system requirement has been met.
  • Purchase a Managed Magento hosting plan, then build the website using the plan.
  • Find the authentication keys for Magento Open Source Composer and Adobe Commerce.

How to get your authentication keys


To generate authentication keys, follow these steps:

  • Open the Commerce Marketplace and log in. Click Register if you don't have an account.
  • Select My Profile by clicking your account name in the top right corner of the screen.
  • On the Marketplace tab, select Access Keys:

On the Marketplace tab, select Access Keys.


  • Simply select Create a New Access Key. Then, click OK after giving the keys a specific name (such as the name of the developer receiving them).
  • You can click to copy the updated public and private keys that are now linked to your account. When working on your project, keep this information saved or leave the page open. Your username and password should be the public key and the private key, respectively.


Additionally, you can disable or remove authentication keys. For example, once someone leaves your organization, you can disable or erase keys for security reasons. The specific actions involved include the following:

  • Click Disable to turn off the keys. You can do this if you want to revoke access to your keys.
  • Click Enable to restore a key's previous disabled state.
  • Click Delete to remove a key.

How to install Magento 2.4.5-p1 using Composer


You can use Composer to manage Magento Open Source components and their dependencies — using Composer to get the Magento Open Source metapackage.

It has advantages like using external libraries without including their source code, adhering to PHP-Framework Interoperability Group (FIG) standards, using the Magento Open Source software in a production environment, and repackaging the Magento Open Source software with additional components. Implementing a component-based architecture with effective dependency management will minimize extension conflicts and compatibility problems.

The steps listed below can be used to obtain the Magento Open Source metapackage:

  1. Enter the server using SSH.
  2. Navigate to the domain's Document directory or a directory you created for the installation.
  3. Use the Magento Open Source metapackage to create a Composer project:

composer create-project --repository-url=https://repo.magento.com/
magento/project-community-edition=2.4.5-p1
<full-path-of-magento-installation-directory>



Only security fixes are included in Magento security patches. They are made to streamline and speed up the upgrade process. The naming scheme 2.4.5-px from Composer is used for Magento security patches. You can define a Magento security patch using Composer.

Here is the corresponding output:


l]$ composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.4.5-p1
<full-path-of-magento-installation-directory>
Creating a "magento/project-community-edition=2.4.5-p1" project at "./"
Warning from repo.magento.com: You haven't provided your Magento authentication keys. For instructions, visit
https://devdocs.magento.com/guides/v2.3/install-gde/prereq/connect-auth.html

Authentication required (repo.magento.com):
Username:
Password:



Your username is a public key, and your password is a private key. Enter your authentication keys when requested. In your Commerce Marketplace, public and private keys are created and set up.

You can choose a specific Magento version during installation. For example, you can use the following command to install Magento 2.4.5 on your website:

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.4.5
<full-path-of-magento-installation-directory>


You must execute the following commands to grant the relevant user and group read-write permissions before you can install Magento Open Source. The command line cannot write files to the file system without this:


cd <full-path-of-magento-installation-directory>
find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} +
find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} +
chown -R username:groupname .
chmod u+x bin/magento


How to install the Magento Open Source application


Magento Open Source must be installed using the command line. To install the Magento Open Source application, you will need to run the following command under the Magento installation directory. Remember to replace the entries with your domain’s details:


php bin/magento setup:install \
--base-url=https://magento-testdomain.com \
--db-host=magento-test-server \
--db-name=magento-test-database \
--db-user=magento-test-database-user \
--db-password=magento-password \
--admin-firstname=admin \
--admin-lastname=admin \
--admin-email=admin@magento-testdomain.com \
--admin-user=admin \
--admin-password=magento-test \
--language=en_US \
--currency=USD \
--timezone=America/Chicago \
--use-rewrites=1 \
--search-engine=elasticsearch7 \
--elasticsearch-host=es-host.test.com \
--elasticsearch-port=9200 \
--elasticsearch-index-prefix=mag2 \
--elasticsearch-timeout=15



You will see a similar output after the installation is finished:


[SUCCESS]: Magento installation complete.
[SUCCESS]: Magento Admin URI: /admin_example


To check and confirm the installed Magento version, you can use the following command:


]$ php bin/magento --version
Magento CLI 2.4.5-p1


Magento 2 commands


To install the Magento 2 application, you can use the following command:


php bin/magento setup:install


To remove the Magento 2 application, you can use the following command:


php bin/magento setup:uninstall


To update the Magento 2 application, you can use the following command:


php bin/magento setup:upgrade


To manage the cache, you can use the following command:


php bin/magento cache:{enable/disable/clean/flush/status}


To manage the indexers, you can use the following command:


php bin/magento indexer:{status/show-mode/set-mode/reindex/info/reset/show-dimensions-mode/set-dimensions-mode}


To enable or disable maintenance mode, you can use the following command:


php bin/magento maintenance:{enable/disable}


To create or update the deployment configuration, you can use the following command:


php bin/magento setup:config:set


You can use the following command to enable or disable modules:


php bin/magento module:{enable/disable}


To run commerce cron jobs use the following command:


php bin/magento cron:run


To precompile class definitions, inheritance details, and plugin definitions for a single shop and website — and to compile all non-existent proxies and factories — you can use the following command:


php bin/magento setup:di:compile


To manage backend configurations, you can use the following command:


php bin/magento config:{set/sensitive:set/show/}


To create/edit/unlock admin users, you can use the following command:


php bin/magento admin:user:{create/unlock}


To list all available Magento 2 commands, you can use the following command:


php bin/magento list


To provide help for the specified command, you can use the following line:


php bin/magento help


Conclusion


If you are looking for a suitable Magento hosting plan for your Magento store, you are in the right place. Nexcess offers optimized ecommerce hosting that is built for speed, security, and scale.

Built for speed and scale

Powerful Magento hosting that accelerates your store's potential, without the ongoing maintenance.

You can find the available plan from our Fully Managed Magento Hosting plans. If you are facing an issue discussed in this article or uncomfortable performing any of the steps outlined above, Nexcess has what you need. Our Support Teams are filled with experienced Linux technicians and talented system administrators with intimate knowledge of multiple web hosting technologies, especially those discussed in this article. In addition, our skilled team provides 24/7/365 support and monitoring services so that you can focus on your websites. Contact our team today to learn more.


Recent articles

Related articles

Mohammed Noufal
Mohammed Noufal


Mohammed Noufal is a B.Tech graduate with a decade of experience in server administration and web hosting. He has a specialization in various cloud technologies and server management, including monitoring, configuring, troubleshooting, and maintenance.

He is a father to two daughters and finds fulfillment in their growth. In his free time, he enjoys blogging about technology, sharing experiences, traveling, making new friends, social networking, and listening to music.

With a strong technical background, family commitment, and creative outlets, he represents a well-rounded life journey.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.