Skip to main content
Mage-OS 2.2.1 is a patch release addressing a GraphQL API breaking change, a checkout reCAPTCHA regression, and a critical upload vulnerability.

Mage-OS 2.2.1 – Security & Stability Patch

· mage-os-team · Releases  · 2 min read

Mage-OS Distribution 2.2.1 is now available. This is a security and stability patch for the 2.2 release line — we strongly recommend updating as soon as possible.

What’s fixed

  • “PolyShell” upload vulnerability blocked (security) Cherry-picked upstream Magento patch (ACP2E-4138) that prevents an attacker from sending an RCE payload via REST API POST requests. This addresses the “PolyShell” vulnerability that can affect insecure server environments. (#210) by @marcelmtz

  • GraphQL API compatibility restored Pinned webonyx/graphql-php to <15.31.0 to work around a breaking change in that library that broke Magento’s GraphQL API. (#211) by @rhoerr

  • Checkout reCAPTCHA regression reverted Reverted the reCAPTCHA deferred-loading optimization introduced in 2.2.0, which caused reCAPTCHA failures on checkout pages using hosted/iframe payment forms (e.g. Braintree) and some other integrations. (mageos-security-package#8) by @rhoerr

Our foundation

Mage-OS 2.2.1 is built on Magento Open Source 2.4.8-p4, the same upstream base as 2.2.0. For details on upstream changes, see the Magento Open Source 2.4.8 release notes and 2.4.8 security patch notes.

Thanks to everyone who contributed!

Thank you to @rhoerr (Ryan Hoerr) and @marcelmtz (Marcel Martinez) for handling this release!

Thanks also to @ProxiBlue (Lucas van Staden), @damienwebdev (Damien Retzinger), and @Vinai (Vinai Kopp) for assistance with discovery and testing of the issues and solutions.

Want to participate?

Mage-OS is a community-driven project, and we welcome contributions of all kinds. Whether you’re fixing bugs, adding features, improving documentation, or helping with testing, your contributions make a difference.

Installation

New installations

composer create-project --repository-url=https://repo.mage-os.org/ mage-os/project-community-edition=2.2.1 <install-directory-name>

Upgrading from Mage-OS 2.2.0

composer require mage-os/product-community-edition=2.2.1 --no-update
composer update
bin/magento setup:upgrade

Upgrading from an older Mage-OS version

composer require mage-os/product-community-edition=^2.2 --no-update
composer update
bin/magento setup:upgrade

Migrating from Adobe Commerce or Magento Open Source

See our migration guide for detailed instructions on switching to Mage-OS.

We hope you enjoy Mage-OS 2.2.1. As always, please report any issues on GitHub and join the conversation on Discord.

    Share:
    Back to Blog

    Related Posts

    View All Posts »
    Mage-OS 2.2 is out now! Releases

    Mage-OS 2.2 is out now!

    Mage-OS 2.2.0 adds important security patches from Magento Open Source 2.4.8-p4, along with bug fixes and UI improvements.

    Mage-OS 2.1 is out now! Releases

    Mage-OS 2.1 is out now!

    We are excited to announce the release of Mage-OS Distribution 2.1.0, continuing our mission to provide a community-driven, open, and reliable e-commerce...

    Mage-OS 2.0: Innovation Takes Flight Releases

    Mage-OS 2.0: Innovation Takes Flight

    We are excited to announce the release of Mage-OS Distribution 2.0, a major milestone that shows the power of community-driven innovation. This release...

    Mage-OS 1.3.1: Important security update Releases

    Mage-OS 1.3.1: Important security update

    We are excited to announce the release of Mage-OS Distribution 1.3.1, another step in the building of the definitive open source e-commerce platform! Mage-OS...

    Our Partners

    MDOQMDOQParadoxLabsParadoxLabsVendicVendicHyväHyväJetRailsJetRailsDeveloDeveloFindCanaryFindCanaryinteger_netinteger_netJHJH
    Support Mage-OS