Backport of mage-os/mageos-magento2#210 for Magento 2.
File-type custom options cannot be submitted through the REST/SOAP API when adding products to cart. The CustomOptionProcessor does not handle file_info data from API requests, and there is no validation to prevent file uploads on non-file option types.
| #!/bin/bash | |
| # Order Monitor Script | |
| # Checks if orders have been received within the last 2 hours | |
| # Runs only between 9am and 9pm (7am + 2 hour check period) | |
| # Sends email alerts to specified addresses if no orders found | |
| # | |
| # Usage: | |
| # ./order-monitor.sh [OPTIONS] | |
| # |
This patch addresses two critical issues in Magento's Content Security Policy (CSP) module:
Race Condition: Fixes corrupted sri-hashes.json files caused by concurrent write operations during normal storefront operation, which results in malformed JSON and 500 checkout errors.
Minification Support: Ensures that static.min.js and mixins.min.js are correctly loaded and their SRI hashes properly recorded when CSP and SRI are enabled along with JS bundling and minification enabled simultaneously.
CVE-2025-54236 (SessionReaper) is a critical unauthenticated Remote Code Execution vulnerability (CVSS 9.1) affecting Magento 2 / Adobe Commerce.
/customer/address_file/upload endpoint