Magento Security Updates: 2.4.7-p2, 2.4.6-p7, and 2.4.5-p9 – Issues and Fixes

IRecently, I updated several websites with the latest Magento security patches (versions 2.4.7-p2, 2.4.6-p7, and 2.4.5-p9). During this process, I encountered a few issues that I’d like to share with you, along with their solutions.

Magento CSP Related Issue

One of the problems I faced was related to the Content Security Policy (CSP):

report.CRITICAL: Error: Cannot instantiate interface Magento\Csp\Model\Collector\MergerInterface in /vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php:50

Solution: If you encounter this issue, make sure that the Magento_Csp module is enabled in your Magento installation.

If you already have the module enabled you might struck upon CSP errors log in your console. In order to fix them I highly suggest you to install the chrome extension created by Mark Shust “Magento CSP Whitelist Generator” available here https://chromewebstore.google.com/detail/magento-csp-whitelist-gen/jkaepigndllbkeedihpnhchadplfnafi

Collection Duplicate Entry

Another annoying bug I came across, specifically on Magento Enterprise (Adobe Commerce), was:

Item (Magento\Catalog\Model\Product\Interceptor) with the same ID "21" already exists

While I’ve implemented a temporary fix using a plugin to prevent the bug from crashing the entire site, I’m still investigating the root cause. If you have any insights into this issue, please share them in the comments below.

Temporary Fix

To mitigate this problem, you can add the following plugin:

  1. Add this to your di.xml:
<type name="Magento\Eav\Model\Entity\Collection\AbstractCollection">
    <plugin name="fceprika_eavcollection_duplicate_entry" type="Fceprika\EavCollection\Plugin\Collection" sortOrder="20"/>
</type>

2. Create a file named Collection.php in your Plugin folder with the following content:

<?php
/**
 * Copyright © Magento, Inc. All rights reserved.
 */
namespace Fceprika\EavCollection\Plugin;

use Magento\Framework\Data\Collection\EntityFactoryInterface;
use Magento\Framework\Option\ArrayInterface;

class Collection
{
    /**
     * @param \Magento\Eav\Model\Entity\Collection\AbstractCollection $subject
     * @param \Closure $process
     * @param \Magento\Framework\DataObject $dataObject
     * @return $this
     */
    public function aroundAddItem(\Magento\Eav\Model\Entity\Collection\AbstractCollection $subject, \Closure $process, \Magento\Framework\DataObject $dataObject)
    {
        try {
            return $process($dataObject);
        } catch (\Exception $e) {
            return $this;
        }
    }
}

This plugin will catch the exception and prevent it from crashing your site, but it’s important to note that this is not a permanent solution. We still need to identify and address the underlying cause of the duplicate entry issue.

Have you encountered any other issues while updating to these latest Magento security patches? Let’s discuss in the comments and share our experiences to help the Magento community overcome these challenges.

Leave a Reply

Your email address will not be published. Required fields are marked *