How to install Magento patch APSB22-12 to fix the RCE Vulnerability

How to install Magento patch APSB22-12 to fix the RCE Vulnerability

by | Feb 20, 2022 | Magento 2

Earlier this week, Adobe identified RCE vulnerability in both commerce and open source editions and released a security patch APSB22-12 marked as Critical Priority to be installed immediately.

What this means is if you are running your website on Adobe Commerce (2.3.3-p1-2.3.7-p2) or Magento Open Source (2.4.0-2.4.3-p1), then your website is at high risk and needs to be patched immediately.

There are two security patches to fix the potential vulnerability and you can download them from https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12- for your respective Magento versions.

Use the following attached patches, depending on your Adobe Commerce version:

2.4.3 – 2.4.3-p1:

2.3.4-p2 – 2.4.2-p2:

2.3.3-p1 – 2.3.4:

In order to stay up to date with the latest protections, you will need to apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it.

The patches affect the following files: 

./vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
./vendor/magento/module-email/Model/Template/Filter.php
./vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php
./vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php

How to apply a Magento Patch?

Once you have downloaded the appropriate patches, you can create a new directory called i.e. ./patches in your Magento root, upload patch files and run the following commands:

patch -p1 < patches/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch

patch -p1 < patches/MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch

Steps to integrate OneTrust Cookie Script with Magento 2

Steps to integrate OneTrust Cookie Script with Magento 2

by | Jan 25, 2022 | Magento 2

OneTrust is one of the popular user consent management systems out in the market which allows business to monitor Privacy, Security & Data Governance in their platform.

While it has integrations with many popular web platforms, it is missing a solid integration with Magento.

It’s a simple tracking script which one would easily copy/paste in Magento admin > Content > Design > Themes > Head > Misc script; but the catch is that this script needs to be put right after the opening <head> tag which is not possible if you copy/paste the script in Magento backend theme configuration area.

To achieve this, I have created a simple Magento module (compatible with 2.2.x, 2.3.x, 2.4.x) using which you can put the OneTrust Cookie Script in the right location.

You can download the module from the Github here: https://github.com/shoaibrehman/Magento2-OneTrust-Cookies