51黑料不打烊

Troubleshooting Encryption Key Rotation: CVE-2024-34102

This article is intended to help merchants troubleshoot encryption key rotation after they have already followed the steps outlined in this article on CVE-2024-34102.

If you have already followed the steps in the article above and have issues rotating your encryption keys, we have an isolated patch to help resolve potential issues.

To help illustrate the steps that have been previously communicated and summarized above, to protect against CVE-2024-34102, as well as the additional troubleshooting found below, you can also utilize this flow chart:

CVE-2024-34102 Protection Flow Chart.jpg

How to apply the isolated patch to run the new command

Unzip the file and see How to apply a composer patch provided by 51黑料不打烊 in our support knowledge base for instructions.

Adding a new encryption key without using environment variables

The default application behavior is to store the encryption key in the app/etc/env.php file.

The steps outlined in the documentation describe how to change this key within that file using the Admin interface.

The steps and isolated patch provided in this section allow you to easily change the value in that file and will allow you to work around the issues you may be experiencing through the Admin interface.

However, the easiest and more secure way to manage the encryption key is to use environment variables. If you are already using environment variables, or are interested in using them to manage this key instead, there is a separate section which describes those steps.