Merge pull request #2558 from magento-devdocs/Q4-2021-release-notes-final

Adobe Commerce 2.4.3-p1 and Adobe Commerce 2.3.7-p2 release notes

Author: jfrontain

src/guides/v2.3/release-notes/2-3-7-p2.md

@@ -3,22 +3,30 @@ group: release-notes
 title: Adobe Commerce 2.3.7-p2 Release Notes
 ---
 
-{{ site.data.var.ee }} 2.3.7-p2 is a security-only release that provides security fixes that enhance your Magento 2.3.7 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.3.7-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, {{ site.data.var.ee }} 2.3.7 and {{ site.data.var.ce }} 2.3.7.
+{{ site.data.var.ee }} 2.3.7-p2 is a security-only release that provides security fixes that enhance your {{ site.data.var.ee }} 2.3.7 or {{ site.data.var.ce }} 2.3.7 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.3.7-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, {{ site.data.var.ee }} 2.3.7-p1.
 
 {:.bs-callout-info}
-PHP 7.3 reaches end of support in December 2021, and Adobe Commerce 2.3.x reaches end of support in April 2022. **We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x or Magento Open Source 2.4.x and PHP 7.4.x to help maintain PCI compliance**.
+PHP 7.3 reaches end of support in December 2021, and {{ site.data.var.ee }} 2.3.x and {{ site.data.var.ce }} 2.3.x reaches end of support in April 2022. **We strongly recommend planning your upgrade now to {{ site.data.var.ee }} 2.4.x or {{ site.data.var.ce }} 2.4.x deployment to help maintain PCI compliance**.
 
 {:.bs-callout-info}
-Quarterly releases may contain backward-incompatible changes (BIC). {{ site.data.var.ee }} 2.4.3 contains minor backward-incompatible changes. To review minor backward-incompatible changes, see [BIC reference]({{page.baseurl}}/release-notes/backward-incompatible-changes/reference.html). (Major backward-incompatible issues are described in [BIC highlights]({{page.baseurl}}/release-notes/backward-incompatible-changes/index.html). Not all releases introduce major BICs.)
+Quarterly releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see [BIC reference]({{page.baseurl}}/release-notes/backward-incompatible-changes/reference.html). (Major backward-incompatible issues are described in [BIC highlights]({{page.baseurl}}/release-notes/backward-incompatible-changes/index.html). Not all releases introduce major BICs.)
 
 ## What's in this release?
 
-Six security fixes and several security enhancements are included in this security patch.  Security fixes are documented in the Adobe Security Bulletin.
+Six security fixes and several security enhancements are included in this security patch. Security fixes are documented in the [Adobe Security Bulletin](https://helpx.adobe.com/security/products/magento/apsb21-86.html).
 
 Security-only patches typically include all hotfixes that have been released for the preceding complete release. This release incorporates the two hotfixes that have been released for {{ site.data.var.ee }} 2.3.7-p1 and {{ site.data.var.ce }} 2.3.7-p1. See [Adobe Commerce 2.3.7-p1 Release Notes]({{page.baseurl}}/release-notes/2-3-7-p1.html) for information about these hotfixes.
 
 This release also includes bug fixes for the [Klarna](https://docs.magento.com/user-guide/v2.3/payment/klarna.html) and [Vertex](https://docs.magento.com/user-guide/v2.3/tax/vertex.html) vendor-developed extensions.
 
+### Resolution of known issues in Adobe Commerce 2.3.7-p1
+
+This release includes fixes for the following known issues, which were first identified in {{ site.data.var.ee }} 2.3.7-p1:
+
+*  *PHP fatal error on upgrade*. This issue was previously addressed by patch `AC-384__Fix_Incompatible_PHP_Method__2.3.7-p1_ce.patch to address PHP fatal error on upgrade`.
+
+*  *Previously placed order price is displayed when a shopper tries to place an order with a different product using the PayPal payment method*. This issue was previously addressed by patch `Adobe Commerce 2.3.7-p1 known issue outdated order total for PayPal`.
+
 ### Security highlights
 
 **Session IDs have been removed from the database**. This code change may result in breaking changes if merchants have customizations or installed extensions that use the raw session IDs stored in the database. <!--- MC-40976-->
@@ -29,6 +37,8 @@ This release also includes bug fixes for the [Klarna](https://docs.magento.com/u
 
 **Recent penetration test vulnerabilities** have been fixed in this release. <!--- MC-42431-->
 
+The Content Security Policy directive `frame-ancestors` now supports the source expression `unsafe-inline`.  [GitHub-33101](https://github.com/magento/magento2/issues/33101) <!--- MC-42632-->
+
 ## Known issue
 
 **Issue**: Adobe Stock images uploaded into the `<install_dir>/pub/media` and `<install_dir>/pub/media/catalog` directories are not visible in the Media Gallery. **Workaround**: To view and work with these images, delete them from the filesystem directories and re-upload them into an allowed Media Gallery directory. See the [Stock images not displayed, Adobe Commerce and Magento Open Source 2.3.7-p2](https://support.magento.com/hc/en-us/articles/4409491698189) Knowledge Base article.

src/guides/v2.4/release-notes/2-4-3-p1.md

@@ -3,19 +3,23 @@ group: release-notes
 title: Adobe Commerce 2.4.3-p1 Release Notes
 ---
 
-{{ site.data.var.ee }} 2.4.3-p1 is a security-only release that provides 18 security fixes that enhance your Magento 2.4.3 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.4.3-p1 provides fixes for vulnerabilities that have been identified in our previous quarterly release, {{ site.data.var.ee }} 2.4.3 and {{ site.data.var.ce }} 2.4.3.
+{{ site.data.var.ee }} 2.4.3-p1 is a security-only release that provides 18 security fixes that enhance your {{ site.data.var.ee }} 2.4.3 or {{ site.data.var.ce }} 2.4.3 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.4.3-p1 provides fixes for vulnerabilities that have been identified in our previous quarterly release, {{ site.data.var.ee }} 2.4.3 and {{ site.data.var.ce }} 2.4.3.
 
 {:.bs-callout-info}
-Quarterly releases may contain backward-incompatible changes (BIC). {{ site.data.var.ee }} 2.4.3 contains minor backward-incompatible changes. To review minor backward-incompatible changes, see [BIC reference]({{page.baseurl}}/release-notes/backward-incompatible-changes/reference.html). (Major backward-incompatible issues are described in [BIC highlights]({{page.baseurl}}/release-notes/backward-incompatible-changes/index.html). Not all releases introduce major BICs.)
+Quarterly releases may contain backward-incompatible changes (BIC). To review minor backward-incompatible changes, see [BIC reference]({{page.baseurl}}/release-notes/backward-incompatible-changes/reference.html). (Major backward-incompatible issues are described in [BIC highlights]({{page.baseurl}}/release-notes/backward-incompatible-changes/index.html). Not all releases introduce major BICs.)
 
 ## What's in this release?
 
-Seven security fixes and several security enhancements are included in this security patch. Security fixes are documented in the Adobe Security Bulletin.
+Seven security fixes and several security enhancements are included in this security patch. Security fixes are documented in the [Adobe Security Bulletin](https://helpx.adobe.com/security/products/magento/apsb21-86.html).
 
 Security-only patches typically include all hotfixes that have been released for the preceding complete release. This release incorporates the two hot fixes that have been released for {{ site.data.var.ee }} 2.4.3 and {{ site.data.var.ce }} 2.4.3. See [Adobe Commerce 2.4.3 Release Notes]({{page.baseurl}}/release-notes/commerce-2-4-3.html) for information about these hotfixes.
 
 This release also includes bug fixes for the [Braintree](https://docs.magento.com/user-guide/payment/braintree.html), [Klarna](https://docs.magento.com/user-guide/payment/klarna.html#changes-in-the-latest-release), and [Vertex](https://docs.magento.com/user-guide/tax/vertex.html#changes-in-the-latest-release) vendor-developed extensions.
 
+### Resolution of known issues in Adobe Commerce 2.4.3
+
+This release includes a fix for the PHP fatal error on upgrade known issue, which was first identified in {{ site.data.var.ee }} 2.4.3 or {{ site.data.var.ce }} 2.4.3. This issue was previously addressed by patch `AC-384__Fix_Incompatible_PHP_Method__2.3.7-p1_ce.patch to address PHP fatal error on upgrade`.
+
 ### Security highlights
 
 **Session IDs have been removed from the database**. This code change may result in breaking changes if merchants have customizations or installed extensions that use the raw session IDs stored in the database. <!--- MC-40976-->
@@ -24,6 +28,10 @@ This release also includes bug fixes for the [Braintree](https://docs.magento.co
 
 **Lowered limits to GraphQL query complexity**. The GraphQL maximum allowed query complexity has been lowered to prevent Denial-of-Service (DOS) attacks. See [GraphQL security configuration]({{page.baseurl}}/graphql/security-configuration.html). <!--- PWA-1700-->
 
+**Recent penetration test vulnerabilities** have been fixed in this release. <!--- MC-42431-->
+
+The Content Security Policy directive `frame-ancestors` now supports the source expression `unsafe-inline`.  [GitHub-33101](https://github.com/magento/magento2/issues/33101) <!--- MC-42632-->
+
 ## Installation and upgrade instructions
 
 For instructions on downloading and applying security-only patches (including patch 2.4.3-p1), see [Quick start install]({{site.baseurl}}/guides/v2.4/install-gde/composer.html).