ÃÛ¶¹ÊÓƵ

Backwards incompatible changes for GraphQL placeOrder API in ÃÛ¶¹ÊÓƵ Commerce 2.4.6-p8

This article provides a patch for the known ÃÛ¶¹ÊÓƵ Commerce version 2.4.6-p8 Cloud and On-premises issue where the placeOrder GraphQL API doesn’t return an expected error response, as seen in previous 2.4.6 patch versions. This may lead to a broken checkout experience for merchants using PWA storefront or any other GraphQL API-based storefront for their stores.

Description description

Affected Environment

Issue/Symptoms

After the upgrade on ÃÛ¶¹ÊÓƵ Commerce 2.4.6-p8 security-only patch, the doesn’t return an expected error response, as seen in any previous 2.4.6 patch versions. This may lead to a broken checkout experience for merchants using PWA storefront or any other GraphQL API-based storefront for their stores.

Step to reproduce:

Run the placeOrder GraphQL request where you expect an error response.

Expected result:

You receive the expected error response.

Actual result:

Instead of the expected error response, you receive a successful response, but with a new error key that looks like this:

{
    "data": {
        "placeOrder": {
            "order": null,
            "__typename": "PlaceOrderOutput"
        }
    }
}

Resolution resolution

For ÃÛ¶¹ÊÓƵ Commerce on Cloud and ÃÛ¶¹ÊÓƵ Commerce On-premises Software

To solve the issue, apply the patch. To download it, click the following link:

How to apply the patch

Unzip the file and see How to apply a composer patch provided by ÃÛ¶¹ÊÓƵ in our support knowledge base for instructions.

For ÃÛ¶¹ÊÓƵ Commerce on Cloud merchants only - How to tell whether patches have been applied

Considering that it isn’t possible to easily check if the issue was patched, you might want to check whether the patch has been successfully applied.

You can do this by taking the following steps, using the sample file VULN-27015-2.4.7_COMPOSER.patch as an example: