Skip to content

Update subresourcee integrity docs for 2.4.9 release#445

Merged
meker12 merged 2 commits intoAdobeDocs:2.4.9-developfrom
admanesachin:AC-16884
Apr 16, 2026
Merged

Update subresourcee integrity docs for 2.4.9 release#445
meker12 merged 2 commits intoAdobeDocs:2.4.9-developfrom
admanesachin:AC-16884

Conversation

@admanesachin
Copy link
Copy Markdown
Contributor

@admanesachin admanesachin commented Apr 15, 2026
edited by meker12
Loading

Purpose of this pull request

Updated subresource-integrity.md to reflect SRI improvements introduced in 2.4.9 (AC-16041).

Hash Generation

  • Added a 2.4.9 version note indicating that SRI hash generation now covers JavaScript assets processed through minification, bundling, and merging.
  • Updated the body text to clarify that SHA-256 hashes are generated including minified file variants, and that coverage spans all SCD strategies
    (Standard, Quick, and Compact).
  • Updated the collector description to reflect that hashes are now saved to a scoped, per-package repository immediately after each package is deployed,
    rather than after all packages are deployed.
  • Clarified that bundled asset hashes are generated at deploy time, while merged asset hashes are captured at runtime and stored in
    pub/static/_cache/merged/sri-hashes.json.

Storage

  • Added a 2.4.9 version note indicating that SRI hash files are now scoped by area, theme, and locale.
  • Corrected the storage path example from pub/static/adminhtml/sri-hashes.json to pub/static/adminhtml/Magento/backend/en_US/sri-hashes.json.
  • Documented the separate merged assets hash file at pub/static/_cache/merged/sri-hashes.json.
  • Added an explanation of the performance motivation behind per-scope storage.
  • Added a note that partial static content deployments (--area, --theme, --language) only remove and regenerate SRI files matching the specified scope.

JIRA ticket: AC-16041

Affected pages

https://developer.adobe.com/commerce/php/development/security/subresource-integrity

@github-project-automation github-project-automation bot moved this to 📋 Needs Review in Commerce - Pull Requests Apr 15, 2026
@admanesachin admanesachin changed the base branch from main to 2.4.9-develop April 15, 2026 16:54
eug123
eug123 approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@eug123 eug123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

meker12
meker12 approved these changes Apr 16, 2026
View reviewed changes
Comment thread src/pages/development/security/subresource-integrity.md Outdated
@github-project-automation github-project-automation bot moved this from 📋 Needs Review to 👍 Approved in Commerce - Pull Requests Apr 16, 2026
@meker12 meker12 self-assigned this Apr 16, 2026
@meker12 meker12 added the technical Updates to the code or processes that alter the technical content of the doc label Apr 16, 2026
@meker12 meker12 changed the title Ac 16884 Update subresourcee integrity docs for 2.4.9 release Apr 16, 2026
@meker12 meker12 merged commit 7deea68 into AdobeDocs:2.4.9-develop Apr 16, 2026
6 of 7 checks passed
@github-project-automation github-project-automation bot moved this from 👍 Approved to 🏁 Done in Commerce - Pull Requests Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@meker12 meker12 meker12 approved these changes

+1 more reviewer

@eug123 eug123 eug123 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@meker12 meker12

Labels

technical Updates to the code or processes that alter the technical content of the doc

Projects

Commerce - Pull Requests
Status: 🏁 Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@admanesachin @meker12 @eug123 @dshevtsov