Important  CosmicSting: Magento  Security Update for Magento Users!

A critical security vulnerability (CVE-2024-34102), also known as CosmicSting, has been identified in Magento. My longtime peer, Peter Jaap Blaakmeer, CosmicSting: Magento Security Update recently shared some crucial information about this vulnerability and its potential impact on your Magento store.

What You Need to Know About CosmicSting Magento Security Update

Adobe has released a patch and advised rotating the encryption key to mitigate the risk associated with CosmicSting. However, there are additional steps that you need to take to ensure your Magento store is fully secure.

Key Points to Note:

• Simply generating a new encryption key isn’t enough. The old, potentially compromised key remains active.
• Deactivating the old key is complex and requires manual work.

Luke Rodgers has put together a comprehensive guide detailing the necessary steps and precautions to fully secure your store. If you’re running Magento, I strongly recommend following Peter’s advice:

• Install the helper extension in your store.
• Generate a new key using the extension’s command.
• Carefully follow the manual steps to re-encrypt values and invalidate the old key.

This is a serious issue that requires immediate attention, even if you’ve already upgraded to the latest version. Don’t wait around and leave your Magento site insecure.

For more information about CosmicSting, refer to Sansec’s detailed coverage.

Troubleshooting Product Collections in Magento 2

Ever feel like you’re on a wild goose chase trying to track down missing products in your Magento 2 collections? You’re not alone. It’s frustrating when you’re sure a product exists, but it’s nowhere to be found in your foreach loop.

This issue crops up more often than you might think. Many developers find themselves wondering if they’ve gone crazy or if Magento is playing tricks on them.

Identifying the Problem

Let’s say you’re working on a project where you need to pull a specific set of products based on their SKUs. You write what seems like perfectly good code, hit run, and… wait, where did half the products go?

Here’s a real-world example that I encountered recently (with sample data SKUs so you can follow along):

php
Copy code
use Magento\Catalog\Model\ResourceModel\Product\CollectionFactory as ProductCollectionFactory;
use Magento\Store\Model\Store;

public function __construct(
private ProductCollectionFactory $productCollection,
) {}

public function someFunction()
{
$skuArray = [’24-MB01′, ’24-MB02′, ’24-MB03′];
$productCollection = $this->productCollection->create()
->setStoreId(Store::DEFAULT_STORE_ID)
->addFieldToFilter(‘sku’, [‘in’ => $skuArray]);

foreach ($productCollection as $product) {
dump($product->getData(‘sku’));
}
}

Simple enough, right? You’d expect to see all three products pop up in your collection. But nope. For some reason, only two show up. Or maybe just one. Or worse, none at all.

Potential Causes

When products disappear from your collections, there are usually a few usual suspects. Let’s break them down:

• Product Status and Visibility: Ensure that the products are enabled and set to be visible in the store. If a product is disabled or set to be not visible individually, it won’t appear in the collection.
• Inventory and Stock Status: Check if the products are in stock and have sufficient quantity. Magento often excludes out-of-stock products from collections.
• Store View Configuration: Make sure the products are assigned to the correct store view. If your collection is set to a specific store view, products not assigned to that view will not appear.
• Catalog Price Rules and Indexing: Ensure that all indexing operations are up to date. Outdated indexes can cause products to disappear from collections.
• Category Associations: If your collection relies on category associations, verify that the products are correctly assigned to the expected categories.

By checking these common issues, you can usually track down the cause of missing products in your Magento 2 collections. Remember, debugging silent exclusions can be challenging, but a methodical approach will help you find the root cause.

Conclusion

Both the security update for the CosmicSting vulnerability and the troubleshooting tips for product collections are critical for maintaining a healthy and secure Magento store. Stay vigilant and proactive in managing your store’s security and functionality to ensure the best performance and protection for your business.