magento 247

Same as other Magento releases Magento 2.4.7 contains multiple bug fixes, platform enhancements and new features, of course. In particular, Magento provides over 200 quality fixes and improvements, better GraphQL performance, and 13 security fixes and improvements in this release. 

Now let's have a better look at the Magento 2.4.7 release notes to see what this version has to offer before you download Magento and upgrade.

Magento 2.4.7 Release Notes

There have been plenty of features added in this release, however, we'd like to highlight only the most important ones, worth your attention.

Platform

The main platform improvements include the compatibility of the platform with the key technologies. 

  • PHP 8.3 compatibility: Magento Open Source now supports both PHP 8.3 and 8.2.
  • Varnish Cache 7.4: compatibility with the Varnish Cache 6.0.x and 7.2.x versions remains.
  • Composer 2.7.x: compatibility with the Composer 2.2.x remains.
  • RabiitMQ 3.11: compatibility with the RabbitMQ 3.11 remains. 
  • JavaScript Libraries: Magento 2.4.7 contains upgraded versions of the JavaScrpt Libraries — moment.js library (v2.29.4), jQuery UI library (v1.13.2), and jQuery validation plugin library (v1.19.5).
  • GraphQL Support: the latest release offers enhanced GraphQL caching capabilities and a GraphQL scheme for customer EAV attributes. 

Security features

The main highlight of the Magento 2.4.7 release is security. So there are numerous improvements included. 

  • Adobe has changed the behaviour of the non-generated cache keys. They now include prefixes different from the ones in keys generated automatically. Besides, the keys for blocks must contain letters, digits, hyphens and underscores characters from now on.
  • If you use Commerce Magento you need to know that it now limits the number of automatically generated coupons. 
  • The randomness of the default admin URL generation has increased.
  • Adobe Commerce Content Security Policies now comply with the PCI 4.0 requirements.
  • The risks related to the HTTP {BASE-URL}/page_cache/block/esi endpoint are miticated with the new full-page cache configuration setting. 
  • You can now configure the rate limiting in the payment information being transmitted via GraphQL and REST.
  • Magento added a layer of protection against carding attacks to lower the risks.
  • The behaviours of the isEmailAvailable GraphQL query have changed. It now always returns true.

Performance

In the Magento 2.4.7 release, Adobe has also improved its performance significantly.

  • There new indexer:set-status  commands allow admins to change indexer status to suspended, invalid or valid. 
  • The Enterprise users can now configure up to a million active coupon-based cart price rules with no significant performance drop on a cart or checkout operations.
  • The loading of product listing pages with complex products (over 100 options) has been improved.
  • There will be no performance degradations related to the number of active sales rules you during enterprise deployments.
  • The new Async Config module enables asynchronous saving of the configuration settings in deployments with more than 500 stores.
  • Faster generations of the config cache for large configurations.

B2B

In the latest release, the B2B functionality is also enhanced, mainly regarding the negotiable quotes. 

  • Sales representatives can generate a quote from Quote and Customer Grids.
  • Both buyers and sellers can now attach notes to the quotes. 
  • The Quote Details view now allows adding items by SKU, applying discounts to separate items, adding and modifying quotes.

Google

To provide additional protection against spam and abuse, Magento's built-in CAPTCHA module has now integrated the Google ReCAPTCHA. 

GraphQL

Magento 2.4.7 introduces an improved GraphQL functionality for payment methods and managing customer accounts. Thus you can process payments and manage customer information more efficiently. 

As we've already mentioned, transmitting payment information through GraphQL and REST API is now more secure due to the security layer. Finally, the GraphQL caching has been improved too.

If you want to get all these features and improve your Magento 2 store, update Magento to 2.4.7.

Payments

Adobe has added GraphQL support for all code operations of all payment methods, except Venmo. Besides, they've enhanced the credit cart vaulting for all payment methods except Venmo.

A long-awaited feature is the express checkout section with Paypal, Google Pay and Apple Pay Express is now included in the checkout workflow.

Fixes

Except for security, Magento improved a lot of built-in features to provide better performance and more effective management. There are plenty of fixes, but we'll include the major ones.

  • The database backup has been improved and works as expected both from the admin panel and command line. 
  • The cart tax and shipping estimator work more accurately and reflect the default destination configuration properly.
  • Magento improved the back-in-stock notification, and product alerts and now product thumbnails are displayed in the alert email as expected.
  • If you've got duplicate SKUs while importing bundle products to Magento, you should no longer face this issue in Magento 2.4.7.
  • Improve catalogue price rules in a multi-store environment. 
  • The product image gallery now supports GIFs.
  • The page cache issue with the parent product has been fixed.

Magento 2.4.7-p1 Release Notes

The main goal of the Magento 2.4.7-p1 is to improve the security of the Adobe Commerce deployment.

In particular, it includes the update for one-time password (OTP) settings for Google Authenticator. The OTP Window field description now provides accurate explanations for the settings. Besides, the default value is changed from 1 to 29.

The other issue resolved in this patch concerns the UPS integration migration from SOAP to REST API. It prevented merchants who ship outside of the US (with UPS) from using the Metric System/SI measurements of kilograms and centimetres for packages. But it is fixed now.

Magento 2.4.7-p2 Release Notes

A number of security fixes have been released in Magento 2.4.7-p2.

They introduced a new system configuration for the one-time passwords — rate limiting on two-factor authentication.

Adobe also introduced a new CLI command for encryption key rotation, a fix for the Ptototype.js vulnerability and remote code execution vulnerability.

Magento 2.4.7-p3 Release Notes

The Magento 2.4.7-p3 release includes only a few security vulnerability fixes:

  • TinyMCE dependency is updated to the latest version (7.3).
  • The Require.js is updated to the latest version (2.3.7).
  • Braintree payment getaway now includes fields required to comply with the latest VISA security requirements.

Magento 2.4.7-p4 Release Notes

The main highlight of the Magento 2.4.7-p4 is the improved usability of the encryption keys. Their management has been redesigned to eliminate previous limitations. So, there are a few new CLI commands available for changing the keys and re-encrypting certain payment, config and custom field data.

Besides, you can no longer use the Admin UI to change the keys, only CLI commands in this release.

Magento 2.4.7-p5 Release Notes

In this patch version, the vulnerable data collector tool was removed to block potential unauthorised access.

Magento 2.4.7-p6 Release Notes

Magento 2.4.7-p5 is a critical security update that fixes issues with the cookie handling, transaction safety, API performance and admin access. In particular, this release:

  • add support for MariaDB 10.11.
  • fixes an issue that prevented admin users from accessing the CMS blocks.
  • optimised the speed of bulk asynchronous API requests processing.
  • restores cookie limit behaviour defined by the MAX_NUM_COOKIES constant.
  • ensures that asynchronous processes cannot overwrite existing orders.

Magento 2.4.7-p7 Release Notes

The latest release focuses on the severe security vulnerabilities related to cross-site request handling, input validation, and incorrect authorisation checks.

Update To The Latest Version

It's recommended that you follow Magento security tips and install security patches as soon as they are released. It prevents issues and gives you the piece of mind. However, if you're ready to take one step further, update Magento to the latest version which is 2.4.8.