On March 14, 2023 Adobe released 3 new versions of Magento 2.4.
Magento 2.4.5-p2
Adobe Commerce 2.4.5-p2 is a security release that provides three security fixes that enhance your Adobe Commerce 2.4.5 or Magento Open Source 2.4.5 deployment. It provides fixes for vulnerabilities that have been identified in previous releases.
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Magento 2.4.4-p3
Adobe Commerce 2.4.4-p3 is the same security release for Adobe Commerce 2.4.4 or Magento Open Source 2.4.4.
Magento 2.4.6
Magento 2.4.6 introduces support for PHP 8.2. PHP 8.1 remains fully supported, but support for PHP 7.4 has been removed. It includes significant performance and scalability enhancements. GraphQL operations for bulk cart operations and category tree rendering response have been optimized. This release introduces the Adobe Commerce Extension metapackage.
This release includes over 300 quality fixes and enhancements. Core Composer dependencies and third-party libraries have been upgraded to the latest versions that are compatible with PHP 8.2.
Note
Although code for these features is bundled with releases of the Adobe Commerce core code, several of these projects (for example, B2B, Page Builder, and Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.
Adobe Commerce 2.4.6 highlights
Look for the following highlights in this release.
Security enhancements
This release includes eight security fixes and platform security improvements.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:
- IP allowlisting
- Two-factor authentication
- Use of a VPN
- Use of a unique location rather than /admin
- Good password hygiene
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Additional security enhancements
Security improvements for this release improve compliance with the latest security best practices, including:
- Gaps in Admin action logs have been addressed with more specific auditing of actions within grid views, mass actions, and exports.
- reCAPTCHA validation no longer fails during checkout when unexpected errors occur during payment processing. GitHub-35093
- New system configuration for requiring email confirmation when an admin user changes their email. To reduce site vulnerability, a new system configuration setting (disabled by default) was added to require email confirmation when an admin user changes their email: Stores > Settings:Configuration > Customers > Customer Configuration > Account Information Options > Require email confirmation if an email has been changed. When this option is enabled, the application will request email confirmation every time the admin user changes their email address. The following module is affected by this change:
Magento_Customer.
Platform enhancements
Adobe Commerce 2.4.6 introduces support for PHP 8.2. PHP 8.1 remains fully supported.
PHP 7.4 support has been removed from this release. You cannot run Adobe Commerce 2.4.6 on PHP 7.4.
Adobe Commerce 2.4.6 now supports:
- Composer 2.2.x. Composer 1.x has been removed.
- Redis 7.0.x. Although compatibility with Redis 6.2 remains, we recommend deploying this release with Redis 7.0.x because Redis 6.2 is expected to reach end of life in 2024.
- OpenSearch is now supported as the default search engine for Adobe Commerce on-premises and cloud deployments. It is supported as an independent search engine for Magento Open Source. This release supports OpenSearch v2.x and has been tested with OpenSearch 2.5. Although compatibility with OpenSearch 1.x remains, we recommend using this release with OpenSearch 2.x. You can install and run Adobe Commerce and Magento Open Source 2.4.6 with OpenSearch 2.x on both Cloud and on-premises
- ElasticSearch 8.x
- MariaDB 10.6 (LTS version). This release is still compatible with MariaDB 10.4, but we recommend upgrading to MariaDB 10.6.
Other upgrades and replacements
- The DHL schema has been migrated from v6.2 to v10.0.
- Outdated JavaScript libraries have been updated to their latest versions, and outdated dependencies have been removed. These changes are backward compatible.
- PHP 7.4 compatibility has been removed from the Commerce codebase.
- Symfony dependencies have been upgraded to the new LTS version. Dependencies include:
friendsofphp/php-cs-fixersymfony/consolesymfony/event-dispatchersymfony/findersymfony/processweb-token/jwt-framework
jquery-migratehas been removed from the Commerce codebase.- Upgraded
jQuery/fileUploadlibrary to v10.32. - Zend framework (ZF1) components that have reached end of life have been removed from the codebase.
- Laminas dependencies have been updated to support PHP 8.2.
- The
laminas/laminas-dependency-pluginComposer plugin has been removed. - Replaced
Zend_Filterwithlaminas/laminas-filter. - Upgraded
web-token/jwt-frameworkto v3.0.5. (latest version) - Upgraded
allure-framework/allure-phpunitto v2.x. - Upgraded the
Chart-jslibrary to v3.9.1
Performance and scalability enhancements
- Improved performance for operations affecting many customer segments. Merchants can improve the performance of operations involving more than 100 customer segments by enabling a new configuration setting. The Real-time Check if Customer is Matched by Segment setting can be disabled as needed to reduce processing time by reducing validation of each customer segment against customers.
- New system configuration setting for limiting number of products displayed in product grid. Merchants can use the new Limit Number of Products in Grid configuration setting to improve product grid performance. This limit is configured to 20000 by default and affects only product collections that are used by UI components. Limiting the number of products displayed can boost performance of operations for grids populated with more than 200,000 products.
- Improved import performance (up to 100,000 records per minute). Merchants can use the new
POST /rest/<store_view_code>/V1/import/csvREST API endpoint to import data into Adobe Commerce. This endpoint provides the same capabilities as the Admin import feature and supports using a CSV file to create, update, and remove products, product pricing, and customer entities. - Improved high-throughput order processing performance through load balancing. Adobe Commerce 2.4.6 on cloud infrastructure customers who have a high volume of simultaneous orders (1000 orders per minute) can now improve order processing performance by balancing the load on their database across different nodes. Merchants can re-balance this load by enabling secondary connections for the MySQL database and Redis instances.
Accessibility updates
The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:
- The visual text label for the Sign in button now matches its accessible name. (Best practice recommends that a UI element’s accessible name starts with the visible label text.)
- Descriptive accessible names have been added to buttons throughout the storefront.
- Verbal descriptive labels have been added to the Has Video checkboxes in search filters.
- Keyboard-only users can now access all page functionality on the storefront. Previously, shoppers could not access sub-navigation links using only keystrokes.
Here you can find the full 2.4.6 release notes which contain many additional fixes, improvements and new features for B2B, GraphQL, etc. As mentioned before although this is technically a minor update, this release may contain backward-incompatible changes.
Picture by Mateusz Feliksik.
