Magento 2

Magento 2.4.7 was released on November 1, 2024 and now supports PHP 8.3 and will receive free software updates until April 9, 2027. The Core Composer dependencies and third-party libraries have been updated to the latest available versions. This Magento release increases GraphQL coverage for custom attributes and GraphQL resolver caches. It also introduces support for recently updated FedEx and UPS services.

As a special highlight, the new inventory management in version 1.2.7 has made it into Magento 2.4.7.

The latest Magento version contains hundreds of quality improvements and enhancements. Below we list the main changes and new functions, primarily from the perspective of a store operator.

For further information and tips for developers, we recommend the English release notes for Magento Open Source, which can be downloaded here.

By closing critical security vulnerabilities and implementing additional safeguards, the risk of data leaks and attacks is minimized. Magento 2.4.7 includes the same security fixes and platform security improvements that are included in Adobe Commerce 2.4.6-p5, 2.4.5-p7 and 2.4.4-p8.

The following additional security enhancements have also been introduced:

• Changes to the behavior of non-generated cache keys. Non-generated cache keys for blocks now contain prefixes that differ from prefixes for automatically generated keys. Non-generated cache keys for blocks may now only contain letters, digits, hyphens (-) and underscores (_).
• Limitation of the number of automatically generated coupon codes. Magento Open Source now limits the number of automatically generated voucher codes. The default maximum is 250,000. Merchants can use the new configuration option Code Quantity Limit (Stores > Settings:Configuration > Customers > Promotions) to prevent the system from being overwhelmed with many coupons.
• Optimization of the default admin URL generation process. The generation of the default admin URL has been optimized to increase randomness, making the generated URLs less predictable.
• A new full page cache configuration setting can help mitigate the risks associated with the HTTP {BASE-URL}/page_cache/block/esi endpoint.
• Added support for Subresource Integrity (SRI) to meet PCI 4.0 requirements for verifying script integrity on payment pages.
• Content Security Policy (CSP)changes - configuration updates and enhancements to Magento's Content Security Policies (CSPs) to meet PCI 4.0 requirements.

• Rate limits for payment information transmitted via REST and GraphQL APIs. Merchants can now configure a limit for payment information transmitted via REST and GraphQL. This additional layer of protection minimizes the potential for carding attacks where many credit card numbers are tested simultaneously.

Magento Open Source 2.4.7 includes the following platform upgrades:

• PHP 8.3 compatibility. This version introduces support for PHP 8.3. Magento Open Source now supports both PHP 8.3 and 8.2. PHP 8.2 will be supported until its End of Service (EOS) date in December 2025. After December 2025, all merchants running 2.4.7 should migrate to PHP 8.3. PHP 8.3 will receive security updates until December 31, 2027.
  Magento Open Source 2.4.7 is still compatible with PHP 8.1, but only for upgrade purposes. PHP 8.1 is not supported and not recommended.
• Support for RabbitMQ 3.13. This version is compatible with the latest version of RabbitMQ 3.13. Compatibility with RabbitMQ 3.11 and 3.12, which are supported until August 2024 and December 2024 respectively, remains. However, Adobe recommends using Magento Open Source 2.4.7 only with RabbitMQ 3.13.
• Composer 2.7.x. Compatibility with Composer 2.2.x remains unchanged.
• Support for Varnish Cache 7.4. Magento 2.4.7 is compatible with the latest version of Varnish Cache 7.4. Compatibility with versions 6.0.x and 7.2.x remains, but we recommend using Magento Open Source 2.4.7 only with Varnish Cache version 7.4 or version 6.0 LTS.
• Compatibility with Elasticsearch 8.11. Due tothe license change of Elasticsearch we recommend to use Magento 2.4.7 with OpenSearch.
• Support of OpenSearch 2.12 and OpenSearch 1.3
• Redis 7.2

All JavaScript libraries and NPM dependencies in the Magento Open Source core code have been updated to the latest available versions. All dependencies of Laminas libraries have been updated to the latest version compatible with PHP 8.3.

Magento Open Source 2.4.7 includes the following improvements to the performance and scalability of Magento Open Source:

• Improved indexer management. The new indexer:set-status command supports dynamic indexer status management. Admin users can use this command to change the indexer status to suspended, invalid or valid. This feature is particularly useful for managing system performance during large-scale bulk operations, such as product imports or updates, as it allows control over when indexers are automatically triggered by the system's cron jobs.
• Product list page for complex products with many options. Loading time for product list pages containing complex products with over 100 options has been improved. The performance of GraphQL queries to list products by category has also been improved.
• Improvements to the performance of sales rules. The performance of enterprise deployments with many (approx. 100,000) active sales rules has been improved. Companies that run large scale promotions often have many active shopping cart rules. For this type of organization using Magento Open Source 2.4.7, no performance degradation is observed in terms of the number of configured cart price rules during checkout operations.
• Faster saving of store-level configurations for deployments with many stores. Saving configuration settings in deployments with more than 500 store virews can be time consuming. The new AsyncConfig module enables asynchronous saving of configurations.
• Faster generation of the configuration cache for large configurations. The command bin/magento cache:clean config now generates a preheat for the configuration cache if the configuration cache is activated. This reduces the downtime required to generate the configuration cache for large configurations.

The Inventory Management module in Magento 2.4.7 (version 1.2.7) offers store operators advanced tools for the efficient management of their warehouse and inventory. This feature, developed by the Magento community, is an integral part of Magento Open Source and Adobe Commerce and can be installed as required.

New features and improvements in version 1.2.7:

• Correct display of stock status for configurable products (variant items): The storefront now shows configurable products as "in stock" when previously sold out variants are available again.
• Optimized cache management for stock changes: Caches of category pages are no longer invalidated if the stock quantity changes and the product is still available. This leads to improved performance as pages can be loaded from the cache even if the stock quantity changes.
• Correct product count in categories with "Show out of stock products" enabled: The product count in categories is now displayed correctly when the "Show out of stock products" setting is enabled. Magento checks whether a product is actually available for sale, resulting in a more accurate display of available products.
• Improved application of cart price rules for in-store pickup: Cart price rules for in-store pickup now work as expected when inventory management is enabled. This ensures that discounts are applied correctly and customers benefit from the intended discounts.
• Stable cache management during inventory updates in scheduled mode: Updating product inventory in scheduled mode no longer clears all caches. This prevents unwanted cache deletions and contributes to a more stable system performance.
• Correct storage of the attribute "Allow multiple packages for shipping": The value for the "Allow multiple packages for shipping" attribute in the advanced inventory options is now saved as expected. This allows for more precise configuration of shipping options for products.
• More accurate inventory reservations after partial refunds for in-store pickup: Magento now creates accurate reservations after a partial refund for orders with in-store pickup. This prevents stock discrepancies and ensures that available stock is correctly reflected.
• Error-free display of configurable products (variant items) after manual restocking: Configurable products are no longer displayed as "out of stock" if one of their variants has been manually restocked. This ensures a consistent display of the product stock in the storefront.
• Stable column positions in the product grid with multiple stock sources: The position of columns in the product grid now remains stable and does not revert to the previous position after reloading the page, even if multiple stock sources are configured. This improves user-friendliness in the admin area.
• Correct stock quantities after credit notes for virtual products: The stock quantity now remains correct after a credit note has been created for a virtual product, even if the "Return to stock" option is not selected. This prevents unintended stock changes during refunds.
• Error-free saving of categories with automatic product sorting: Categories with automatic product sorting and an allocation to non-standard stock can now be saved without errors. This enables flexible categorization and sorting of products.
• Updating the stock status of configurable products with sold-out variants: The stock status of configurable products is now correctly updated when all variants are sold out. This ensures that customers always see the current availability status.
• Improved analysis of reservation inconsistencies for composite products: The reservation inconsistency analysis tool now works correctly for partially shipped orders containing configurable, bundle and group products. This helps to identify and correct stock discrepancies.
• Error-free assignment of stock sources to stocks or products: Magento no longer displays errors when an administrator attempts to assign 200 or more stock sources to an inventory or product. This enables scalable management of stock sources.
• Support for creating credit notes for deleted products: Magento now supports the creation of credit memos for orders where a product has been deleted. This ensures full processing of refunds, even if products are no longer in the catalog.

These improvements in the Inventory Management module of Magento 2.4.7 provide store owners with enhanced functionality and increased reliability in inventory management, resulting in more efficient operations and an improved customer experience. More information can be found in the release notes for the Inventory module here.

Magento Open Source 2.4.6 was released on 14.3.2023 and introduces support for PHP 8.2. PHP 8.1 is still fully supported, but support for PHP 7.4 has been removed, which has not received any security updates since 28.11.2022. Magento 2.4.6 contains significant performance and scalability improvements. The GraphQL operations for bulk cart operations and the rendering of the category tree have been optimized.

Magento 2.4.6 will receive free security updates until March 14, 2025. This version contains numerous quality improvements and fixes. The complete "Magento Open Source 2.4.6 release notes" are available in English.

The main focus of Magento 2.4.6 was to further improve web accessibility for store frontends developed on the basis of Venia (PWA = Progressive Web App). These improvements include:

The visual text label for the "Login" button now matches the accessible name. (Best practice recommends that the accessible name of a UI element starts with the visible label text).

• Descriptive, accessible names have been added to buttons throughout the store frontend.
• Added verbal labels to the "Has Video" checkboxes in the search filters.
• Keyboard-only users can now access all page functions in the store frontend. Previously, customers could not access the links in the sub-navigation using keyboard input only.

PWA Studio v.13.0.x is now compatible with Magento Open Source 2.4.6 and includes several enhancements to improve accessibility. Information about bug fixes can be found under PWA Studio Versions.

Magento 2.4.6 includes the following fixes and improvements to optimize security.

• Gaps in admin action logs have been fixed with more specific validation of actions within grid views, bulk actions and exports.
• reCAPTCHA validation no longer fails at checkout if unexpected errors occur during payment processing.
• New system configuration for requesting an email confirmation when a Magento admin user changes their email.

Magento Open Source 2.4.6 introduces support for PHP 8.2. PHP 8.1 is still fully supported. Support for PHP 7.4 has been removed in this version. You cannot run Magento Open Source 2.4.6 with PHP 7.4.

Magento Open Source now supports:

• Composer 2.2.x. Composer 1.x has been removed.
• Redis 7.0.x. Although compatibility with Redis 6.2 is maintained, we recommend using this version with Redis 7.0.x as Redis 6.2 is expected to reach end of life in 2024.
• OpenSearch is now supported as the default search engine for Magento Open Source. Magento version 2.4.6 supports OpenSearch v2.x and has been tested with OpenSearch 2.5. Although compatibility with OpenSearch 1.x is maintained, it is recommended to use Magento 2.4.6 with OpenSearch 2.x.
• Elasticsearch 8.x.
• MariaDB 10.6 (LTS version). Magento 2.4.6 is still compatible with MariaDB 10.4, but it is recommended to upgrade to MariaDB 10.6.

Magento Open-Source was released on 9.8.2022 and introduces improvements to platform quality, payment methods, GraphQL caching performance and accessibility in version 2.4.5. It also includes updates for integrated Google modules.

Magento 2.4.5 contains over 290 quality fixes and improvements. The complete "Magento Open Source 2.4.5 release notes" are available in English.

The main focus of Magento 2.4.5 was on improving web accessibility for store front-ends developed on the basis of Venia (PWA). These improvements include:

• The summary of search results is now displayed for screen readers.
• Screen readers are now informed when a new page view is loaded.
• Contrast and keyboard accessibility have been improved

Further improvements for more accessibility:

• The shopping bag button now provides a programmatic or textual indication of its status. Screen reader users are informed that clicking on this button will expand other content or that the associated content will be expanded or collapsed.
• The text elements or images of the credit card option for payment information now meet the minimum color contrast ratio of 4.5:1 required by WCAG 2.0 for standard text of 18pt (24px) or 14pt (19px) when printed in bold.
• The text of filter and sort buttons now meets the WCAG 2.0 required minimum contrast ratio of 4.5:1 for standard text of 18pt (24px) or 14pt (19px) when printed in bold.
• Buttons that trigger dropdowns now provide screen readers with information about their expanded or collapsed state and accessible names.
• Screen reader users are informed when a new page view is rendered. If a page title changed, this was not previously announced.

Magento 2.4.5 contains numerous fixes and new improvements to optimize security.

• reCAPTCHA support has been added to the"Share wishlist","Create new customer account" and"Gift card" forms.
• Access control lists have been added for the inventory functions of Magento 2.4.5.
• The security of inventory templates has been improved.
• The MaliciousCode filter, which can be used to identify malicious code, has been updated and now uses the HtmlPurifier library.
  
  

Google has updated the tracking and integration mechanisms of AdWords and Google Analytics in web applications by integrating them with Googel Tag (GTag). This integration of Google features into websites expands the ability to track and manage content through Google services. Magento has a number of integrated modules such as Google AdWords, Analytics, Optimizer and Tag Manager that use the previous API for integration with Google services. In Magento version 2.4.5, these integrations have been completely re-implemented using the GTag approach

With Magento 2.4.5, Apple Pay is now available for all merchants who have activated payment services. When using Apple Pay, customers do not need to enter their credit or debit card details. Apple Pay is available on the product detail page, in the mini-shopping cart, in the shopping cart and in the checkout process.

Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers in their Magento store. Previews of the "PayPal", "Credit" and "Pay Later" buttons are now available in the Magento admin interface for the "Checkout", "Minicart", "Cart" and "Products" pages. The previews show how these buttons will look when they are activated and displayed in the store frontend.

Magento Open Source 2.4.5 now supports:

• Composer 2.2
• TinyMCE (5.10.2). Previous versions of TinyMCE (v5.9.2 or earlier) allowed arbitrary execution of JavaScript when updating a specially crafted URL or an image with a specially crafted URL.
• jQueryUI (1.13.1)
• PHPStan (^1.5.7 with restriction) GitHub-35315

The DHL integration schema has been updated from v6.0 to v6.2. This update does not change the product behavior.

Deprecated JavaScript libraries have been updated to their latest versions and deprecated dependencies have been removed. These changes are backwards compatible.

Magento Open Source 2.4.4 introduces support for PHP 8.1. All project libraries and dependencies have been updated for compatibility with PHP 8.1. Core Composer dependencies and third-party libraries have also been updated to the latest versions compatible with PHP 8.1.

This version of Magento also includes support for OpenSearch 1.2, which is an open source alternative to Elasticsearch. In addition, a lot of work has been done on optimizing security measures for Magento.

Another focus in the 2.4.4 release of Magento this time was on improvements for web accessibility, i.e. accessibility for people with disabilities, which will have a legal basis in June 2025 as part of the Accessibility Reinforcement Act in Germany and the EU.

Magento 2.4.4 and Adobe Commerce 2.4.4 contain a total of almost 250 quality corrections and improvements, which you can find in the complete "Magento Open Source 2.4.4 release notes". Below we list the main functions for Magento store operators that were released with Magento 2.4.4.

Magento 2.4.4 offers improved compliance with accessibility guidelines. This version includes improved tooltips, accessible naming and labeling of screen elements, and redesigned icons and buttons. Over 80% of these fixes help to improve the shopping experience for users with no or limited vision.

Furthermore, the following measures for more accessibility in the Magento admin area and store frontend have been introduced with Magento 2.4.4:

• Screen readers can now read all relevant form elements on product pages.
• The contrast for buttons to delete and move images throughout the store frontend has been improved to enhance readability for visually impaired users.
• The magnifying glass icon used throughout the product interface for searching has been given an accessible name and text alternative.
• The rich text editor toolbar can now be accessed using the tab key.
• The accessible name of the control now contains the text of its visible label for the Number of items per page drop-down menu.
• The table controls on the Catalog > Product Details page now have visible labels and an accessible name when the table is collapsed.
• Editing links in the Products table now have a clear, meaningful link text.
• The buttons that open tooltips now have text names.
• Buttons in the entire store frontend now have unique, descriptive, accessible names.
• The contrast of the buttons for deleting and moving images has been improved throughout the store frontend to improve readability for visually impaired users.
• Text alternatives have been added to the pencil icon that appears when a merchant edits an input for the search engine optimization accordion.

• The text input field on the New View product page now has an accessible name.

Magento 2.4.4 contains numerous corrections and new improvements to optimize security.

• The IP allow list enables the Magento administration interface to be enabled only for certain IP addresses
• Two-factor authentication enables login to the Magento administration interface only if authentication via an app, such as Google Authenticator or Authy, has taken place.
• Magento 2.4.4 now supports the use of a VPN
• The Magento administration interface can now be accessed via a randomly generated URL, which is automatically set during installation, instead of via the /admin path segment. The URL can be changed later at will.
• Magento checks the password security and thus supports secure passwords with certain minimum requirements.
  
  

Magento Open Source 2.4.4 now supports PHP 8.1 and all project libraries and dependencies have been updated for compatibility with PHP 8.1. Additional platform enhancements include:

• Magento Open Source 2.4.4 adds support for Elasticsearch 7.16 and OpenSearch 1.2.
• The jquery library has been updated to version 3.6. The jquery-ui library has been updated to version 1.13.0. Other JavaScript libraries have been updated to the latest versions.
• The rich text editor for Magento, if you don't want to use Page Builder, TinyMCE 5.8.1 is now supported. TinyMCE 4 has been removed from the codebase.
• The RequireJS library has been updated to the latest version (v2.3.6).
• PHPUnit has been updated to the latest version (9.5.x). The tests and test frameworks have been updated to be compatible with the new version.
• Most Laminas dependencies have been updated to the latest versions compatible with PHP 8.1. Three Laminas dependencies have been removed from the codebase to reduce the number of dependencies.
• The GraphQL interface, which is also used by the Hyvä theme, has numerous improvements, including a significant increase in performance.

• Secure email variables are now a prerequisite for use in emails.
• Improved security for API tokens.
• Session IDs are no longer stored in the database.
• OAuth access tokens and password reset tokens are now stored encrypted in the database.
• Validation has been improved to prevent non-alphanumeric file extensions from being uploaded.
• AddedreCAPTCHA support for coupon code capture.
• HTTPS is now enabled by default for the Magento Open Source Storefront.
• The Dependency Confusion plugin is now required for all Magento Open Source installations. Previously this was only the case for Composer installations.
• Developers can now configure the limit for the size of arrays accepted by Magento Open Source RESTful endpoints per endpoint.
• Mechanisms have been added to limit the size and number of resources a user can request via a web API on a system-wide basis and to override the default settings for individual modules.

The Page Builder was previously reserved for Magento Enterprise and the commercial Adobe Commerce versions, but is also available free of charge in the Magento Open Source version.

Page Builder is available as an extension bundle for Magento Open Source and can be optionally integrated as required As soon as Page Builder has been integrated, it replaces Magento's rich text editor and is available as a new standard tool for editing content of any kind.

The Page Builder can replace the Content Editor in the following admin areas:

• CMS pages
• CMS blocks
• Category description
• Product description

All content created with the previous editor can be migrated to the Page Builder. In addition, a variety of sample content and modules can be downloaded for the page builder. Banners, forms, various buttons and call-to-actions, column layouts and even lazyloading or sliders are available here free of charge.

The Magento Page Builder is also directly compatible with the Hyvä theme.

With Magento 2, control mechanisms were also established which make it possible to make customer-specific content cacheable via the browser control on the part of Magento. Private content is the concept for this. Magento 2.4.3 includes improvements that shorten the indexing time for product price and catalog rule indexers. Merchants can now exclude a website from a customer group or a shared catalog, which reduces the number of records to be indexed and shortens indexing times.

• Magento now takes country-specific decimal locators into account when converting and updating the product quantity in the shopping cart.
• Shoppers are now redirected to the cart page instead of the product page when trying to update the mini cart for an order with deleted items. Previously, shoppers were redirected to the product page.
• Shoppers can now add a product to their cart whose minimum advertised price(MAP) exceeds the regular product price.
• Shoppers can now successfully change their billing address through the checkout workflow when checking out with multiple addresses.
• Custom design layout updates are now applied as expected. Previously, custom design layout updates were ignored.
• The Advanced Pricing customer group price block price input field now has a minimum width of five characters. Previously, only two symbols were visible in this field on low resolution displays.
• Magento now successfully deletes a product media image after deleting a product. Previously, the product media image remained in the folder after successfully deleting the product.

Magento 2.4.3 includes over 370 new fixes to the core code. It includes the resolution of nearly 290 GitHub issues by community members. These community contributions range from minor cleanups to the core code. Click here to see the bug fixes in the Magento 2.4 release notes.

Magento is known for integrating and supporting various third-party platforms, payment providers and other standard components out of the box. These modules are also updated as part of the regular system upgrades. In Magento 2.4.3, the following platforms have been updated as listed below:

• Core Composer dependencies and third-partylibraries have been updated to the latest versions compatible with PHP 8.x.
• The KnockoutJS library has been updated to v3.5.1 (the latest version).
• Magento Open Source 2.4.3 has been tested and confirmed to be compatible with Redis 6.0.12 . (Magento 2.4.x remains compatible with Redis 5.x.)
• The dependencies of the Laminas library have been updated to PHP 8.x compatible versions. Some redundant dependencies have been removed from the composer.json file. Magento Open Source 2.4.3 uses Laminas 3.4.0. Magento 2.4.3 is not yet compatible with PHP 8.x, but the following platform upgrades will bring us closer to future compatibility with PHP 8.x.

• This release includes the Adobe Stock integration v2.1.1.
• PayPal Pay Later is now supported in deployments that include PayPal. This feature allows shoppers to pay for an order in bi-weekly installments instead of paying in full at the time of purchase.
• Authorize.Net integration has been removed from core code - extension available in Commerce Marketplace

Several scalability improvements allow Magento 2.4.2 to natively support complex catalogs that are up to 20 times larger than in previous versions.

This release includes over 280 new core code fixes and 35 security improvements. It includes the resolution of almost 290 GitHub issues by community members. Click here to see the bug fixes in the Magento 2.4.2 release notes.

Reduction in the size of network transfers between Redis and Magento. The resulting performance improvements include a reduction in network cache size and execution time for many scenarios.

Improved message queue performance. Three new configuration settings allow for a reduction in CPU consumption of consumer queues. These optional parameters provide better control over consumers and save server resources.

This release includes all the core quality improvements that were included in Magento 2.4.0, over 150 new fixes to the core code and over 15 security improvements. It includes the resolution of nearly 300 GitHub issues by community members. Click here to see the bug fixes in the Magento 2.4.1 release notes.

This release includes all the core quality improvements that were included in Magento 2.4.0, over 150 new fixes to the core code and over 15 security improvements. It includes the resolution of nearly 300 GitHub issues by community members. Click here to see the bug fixes in the Magento 2.4.1 release notes.

Currently supported Magento versions:

• Here you can find the Magento 2.4 functions and changes.

Older Magento 2.x versions without support:

• Here you can find the Magento 2.3 functions and changes.
• Here you can find the Magento 2.2 functions and changes.

Older Magento 1.x versions without support:

• Here you can find the Magento 1.9 functions and changes.
• Here you can find the Magento 1.8 functions and changes.
• Here you can find the Magento 1.7 functions and changes.
• Here you can find the Magento 1.6 functions and changes.