Magento 2.4.7 Release! Let’s see what’s new!

Magento Open Source version 2.4.7 now supports PHP 8.3 and brings numerous improvements, including hundreds of fixes and enhancements. The core Composer dependencies and third-party libraries have been updated to the latest versions. This release also expands GraphQL coverage for custom attributes and improves GraphQL resolver caches. Additionally, it adds support for the latest FedEx and UPS services updates.

Magento Open Source 2.4.7 Highlights

Security Enhancements  and Bug Fixes :

This release incorporates the same security fixes and enhancements found in Adobe Commerce versions 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8. Refer to the Adobe Security Bulletin for detailed information about these fixed issues.

While no confirmed attacks related to these issues have been reported so far, certain vulnerabilities could potentially be exploited to access customer information or take control of administrator sessions. Most of these vulnerabilities require attackers to first gain access to the Admin. Therefore, it’s important to take all necessary measures to safeguard your Admin, including but not limited to:

• Implementing IP allow listing
• Enabling two-factor authentication
• Using a VPN
• Choosing a unique location for the admin panel rather than the default /admin
• Maintaining good password practices

 

1. Non-generated Cache Keys for Blocks: Now, cache keys for blocks that aren’t automatically generated have different prefixes compared to those that are automatically generated. Also, these keys can only contain letters, digits, hyphens (-), and underscores (_).
2. Limit on Auto-generated Coupon Codes: Magento Open Source now limits the number of coupon codes generated automatically. By default, the maximum is set to 250,000. This helps prevent the system from being overloaded with too many coupons. Merchants can adjust this limit using the new “Code Quantity Limit” option in the configuration settings.
3. Optimization of Admin URL Generation: The process of generating the default Admin URL has been optimized to make the generated URLs less predictable by increasing randomness. This enhances security.
4. Full-page cache configuration: A new setting allows configuring the maximum number of handles per API request to mitigate risks associated with dynamically loaded content fragments. Merchants can adjust this setting in the Admin panel.
5. Subresource Integrity (SRI) support: Implemented to comply with PCI 4.0 requirements for verifying script integrity on payment pages. Integrity hashes are provided for JavaScript assets, primarily on payment pages.
6. Content Security Policy (CSP) updates: Configuration enhancements to comply with PCI 4.0 requirements, with default settings varying for payment pages versus others. A nonce provider has been added for executing inline scripts, and options to configure custom URIs for reporting CSP violations.
7. Native rate limiting for payment information: Allows merchants to configure rate limiting for payment information transmitted via REST and GraphQL APIs, enhancing protection against carding attacks.
8. Changes to the default behaviour of certain APIs: The default behaviour of the isEmailAvailable GraphQL query and the corresponding REST endpoint now always returns true. Merchants can revert to the original behaviour by enabling the “Enable Guest Checkout Login” option in the Admin, but this may expose customer information to unauthenticated users.

Platform Enhancements

Here’s what’s new and improved in terms of the platform:

1. PHP 8.3 compatibility: Magento Open Source 2.4.7 now supports PHP 8.3 alongside PHP 8.2. While PHP 8.2 will be supported until December 2025, merchants running 2.4.7 deployments are advised to migrate to PHP 8.3 after that date.
2. RabbitMQ 3.13 support: This release is compatible with RabbitMQ 3.13, although it still works with versions 3.11 and 3.12 until their respective end-of-support dates. However, it’s recommended to use Magento Open Source 2.4.7 with RabbitMQ 3.13.
3. Composer 2.7.x compatibility: While remaining compatible with Composer 2.2.x, this release now supports Composer 2.7.x.
4. Varnish Cache 7.4 support: Magento Open Source 2.4.7 is compatible with Varnish Cache version 7.4, although it also works with versions 6.0.x and 7.2.x. However, using version 7.4 or version 6.0 LTS is recommended.
5. Other compatibility updates: This release also includes compatibility with Elasticsearch 8.11, support for OpenSearch 2.12 and 1.3, and compatibility with Redis 7.2.
6. Library updates: The extjs library has been replaced with the latest version of jsTree, and the jquery/fileUpload library has been removed. Additionally, all JavaScript libraries and NPM dependencies in Magento Open Source core code have been updated to the latest versions, and all Laminas library dependencies have been updated to versions compatible with PHP 8.3.

Inventory Management

Inventory Management (v1.2.7) is a tool included in Adobe Commerce and Magento Open Source core code. It helps users manage product inventory effectively.

PWA Studio

PWA Studio version 14.0 now works with Magento Open Source 2.4.7-beta1. This update brings various improvements aimed at enhancing accessibility. For details on bug fixes, check out the PWA Studio releases. You can also find a list of PWA Studio versions and the Magento Open Source core versions they’re compatible with in the Version Compatibility section.

Web API framework

In this release, two new REST endpoints have been introduced to address a limitation with the existing REST API endpoints for managing product attributes. The issue arises with the GET and POST endpoints for V1/products/attributes, which return the same value for the is_filterable attribute regardless of whether it’s set to “Filterable (with results)” or “Filterable (no results)”.

To work around this limitation, two new REST endpoints have been implemented:

1. PUT /V1/products/attributes/{attributeCode}/is-filterable/{isFilterable}: This endpoint allows updating the is_filterable attribute for a specific product attribute. It accepts two path parameters: attributeCode (String) and isFilterable (int, where 0 represents No, 1 represents Filterable (with results), and 2 represents Filterable (no results)).

2. GET /V1/products/attributes/{attributeCode}/is-filterable: This endpoint retrieves the value of the is_filterable attribute for a specific product attribute. It accepts a path parameter attributeCode (String).

Magento Open Source Extension metapackage

In this release, the Magento Open Source Extension metapackage version 1.0.0 is introduced. This metapackage automatically includes certain Magento Open Source extensions with the core release. When you run composer update, the version of this extension included in the meta package is installed, making it easier to upgrade the extension to the latest core release. This extension follows its release schedule.

For Magento Open Source 2.4.7, the included extensions in this metapackage are:

1. Adobe Commerce integration with Adobe IMS
2. Braintree
3. Payment Services

In the future, additional extensions will be included in upcoming versions of this extension metapackage.

B2B

When it comes to B2B, Adobe Commerce 2.4.7 delivers new capabilities and enhancements for B2B negotiable quotes, REST API updates, and multiple bug fixes:

• Seller-initiated quotes; 
• Line item discounts;
• Notes exchange on a quote;
• Improved Quote Detail view;
• REST API updates, etc.

Page Builder

Magento Open Source 2.4.7 is compatible with the latest Page Builder version – v.1.7.4.

GraphQL

Magento Open Source 2.4.7 improves GraphQL caching and adds support for customer EAV characteristics to the GraphQL schema:

• Custom attributes get better support.
• Improved GraphQL caching speeds up page load time. 
• CMS page and CMS blocks are the new GraphQL resolver cache types.
• Improved GraphQL parser performance.

You Can Find Official Release Notes Here.