Everything you need to know about Magento 2.4.7

Overview

Released on April 9, 2024, Magento (Open Source/Commerce) 2.4.7 brings a host of new features, quality fixes, and enhancements designed to improve the performance and security of your online store. Here’s a quick overview of the most significant updates:

• General Security Improvements
• Support for PHP 8.3
• FedEx And UPS Shipping Changes
• Payment Enhancements for Braintree and Adobe Commerce Payments
• GraphQL improvements
• Scalability and performance updates
• Metapackage extension updates
• Compliance with best practices of PCI v4.0

Security

General Security

Includes security fixes and platform enhancements from Adobe Commerce versions 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8, See Adobe Security Bulletin for more info

• Non Generated Keys Behaviour change:
  • They are now prefixed to differentiate against auto generated cache keys
  • Now must only contain letters, digits, hyphens(-) and underscores(_)
• Coupon Generation Limits: to prevent system overload, by default they now a maximum of 250,000
• Default Admin URL: Generation of admin URL has been optimized for increased randomness.
• Subresource Integrity (SRI): support for script integrity verification on payment pages.
• Native Rate limiting: Native rate limit added for payment information through REST and GraphQL APIs to protect against and potentially reduce carding attacks
• Change default behaviour of isEmailAvailable: The Rest Endpoint and GraphQL Query have changed to always return that an email is available to prevent exposure of customer information to unauthenticated users.

Content Security Policy (CSP)

Configuration updates and enhancements have been made to comply with PCI 4.0 requirements:

• CSP is enabled for payment pages in both Admin and Storefront and set to restrict mode by default.
• All other pages are still set as report only to not be too restrictive.

Platform Enhancements

Service/Platform Changes

• PHP: 8.3 compatibility added.
• RabbitMQ: 3.13 compatibility added.
• Composer: 2.7.x compatibility maintained.
• Varnish: 7.4 compatibility added.
• Elasticsearch: 8.11 compatibility added.
• OpenSearch: Version 2.12 and OpenSearch and version 1.3 compatibility added.
• Redis: 7.2 compatibility added.

Additional Changes

• Added (Only available in Adobe Commerce): Support for multiple coupons per order, maximum can be configured in the admin see multi-coupon config for more details
• Added: Support for USPS Ground Advantage shipping method - Integration with USPS shipping service
  • Features Included:
    • Fetching Shipping rates
    • Scheduling of Deliveries and Returns.
  • Replaces existing shipping methods
    • USPS Retail Ground
    • First-Class Package Service
    • Parcel Select Ground
• Updated: Extjs library replaced with the latest version of jsTree.
• Removed: jquery/fileUpload library removed.
• Updated: JavaScript libraries and NPM dependencies updated to the latest versions.
• Removed: of Temando shipping modules deprecated in Magento Open Source 2.4.4.
• Migration: from legacy FedEx WSDL Web Services to FedEx RESTful APIs, as the WSDL are set to expire May 15, 2024
• Migrated: Migration of Commerce UPS XML API gateway to Commerce UPS REST API.
• Updated: All Laminas library dependencies have been updated to the latest version compatible with PHP 8.3.

Braintree

• Enhanced support for PayPal vaulting: logged in customers who have vaulted their PayPal can now can via the following methods
  • Pay Now (with default card and without logging into PayPal Account)
  • Different funding source
  • Different account
  • PayPal Pay Later or PayPal Credit button
• 3DS Support for Google Pay: Added 3DS verification support for Google Pay non-tokenized cards, further reading can be found at PayPal 3DS Secure Docs
• Improved Vault payments: allow logged-in customers to vault/store payments in order to offer user a faster checkout experience, methods include:
  • Apple Pay
  • Google Pay
  • Venmo
  • ACH Payments
• Express Payment Buttons at Checkout: To foster a faster/smoother checkout experience, there are now express payment options at the beginning of the checkout for the following method
  • Apple Pay
  • PayPal (Pay now and Pay Later)
  • Google Pay
• Improved Management of vault options: from within their customer account, so they can now vault payment options without having to complete a transaction.
• Frictionless Transactions: Previously, when 3DS was enabled, every customer was challenged regardless of whether the bank requested or not. Now it’s only challenged when the bank request it to speed/improve checkout experience.
• Dispute webhooks: When a customer disputes a transaction in Braintree, the dispute status is now passed on to Commerce, which can be searched via the Sales Order Grid in admin.
• Enhanced GraphQL for payment methods: GraphQL support has been added for all Braintree payment methods except Venmo
• Support and release notes: added in Admin Configuration, so they quickly share this when communicating with Braintree Support.

Adobe Commerce: Performance And Scalability

• Coupon-based cart price rules performance improvements: Merchants can now configure up to 1 million active rules without significant performance impact.
• Enhanced indexer management: Indexers can now be set to (suspended, invalid or valid) from CLI commands, which is particularly useful when doing product bulk operations.
• Import via Rest API (JSON support): Import API now supports JSON: Which supports up to importing 100,000 records per minute.
• Product Listing Pages Performance: Load times for complex products with over 100 options
• GraphQL Product APIs: Performance improvements for listing products by category
• Faster Saving of Store config: New Async Config module allows saving config values in the background, this is particularly useful for Commerce projects with more than 500 stores as this is normally time-consuming.
• Faster config generation: Config generation improvements to reduce downtime and request lockout time while cache is generating.

Adobe Commerce: GraphQL Application Server

GraphQL Application Server is a standalone app that can be run alongside Adobe Commerce to improve performance, API responses are on average 30% faster.

Adobe Commerce: Payments Service

• Increased coverage for payment methods: Support for GraphQL has been expanded to cover core operations for all payment methods, except for Venmo. Services can be found described in Checkout Service
• Credit Card vaulting: Supported for all payment methods, except for Venmo.
  • Admin users can enable/disable vaulted ACH payments from admin.
  • Improved payment vault management: Customers can now manage their ACH vaulted payments from their account page
• Improved support for Express Payment: The checkout workflow now includes an express payment section that provides the following express payment methods:
  • PayPal
  • Google Pay,
  • Apple Pay.

Adobe Commerce: Additional Changes

• Commerce Webhooks: Version 1.2.0 is now installed by default, webhooks can be used to synchronous commands to be sent to an external system upon triggering of an Adobe Commerce Events
• B2B: Compatibility with version 1.4.2 of the B2B module. (NOTE: Before upgrading to 2.4.7, it’s recommended to wait for 1.5.0 GA, which supports PHP 8.3)
• Adobe IMS integration: package (adobe-commerce/adobe-ims-metapackage) is now bundled in the Commerce extensions meta package
• Adobe Stock: package (adobe-stock-integration) is now bundled in the Commerce extensions meta package

GraphQL

• Enhanced Clear Cart functionality:: Added a GraphQL mutation to clear contents of any specified shopping cart in a single action.
• Cart Creation Changes: Added createGuestCart mutation and deprecated createEmptyCart mutation, as previously we could not tell whether the cart was created by guest/customer
• Improved GraphQL cache coverage: faster GraphQL response times
• Order Item Images: Product Images belonging to an Order Item are now exposed via GraphQL
• Order Cancellation: new cancelOrder mutation allows a customer to cancel an order with a cancellation reason.
• Enhanced Custom Attributes Support:
  • Support for all attribute types
  • Extended/added support for attributes in customer and customer address objects
  • Caching for custom attributes
• Improved GraphQL parsing logic: Improvements made to reduce the amount of times this is called per request (Previously 3 calls were made, and now only 1 call is made)

Extension Metapackages

Extension metapackages is how Magento bundles additional functionality to the codebase, Extension metapackage that will be installed depends on whether you are on Open Source or Adobe Commerce

Open source

Releases includes metapackage v1.0.0 which includes the following extensions:

• Adobe Commerce integration with Adobe IMS
• Braintree
• Payment Services

Adobe Commerce

Releases includes metapackage v2.0.0 which includes the following extensions:

• Adobe Commerce Admin UI SDK
• Adobe Commerce integration with Adobe IMS
• Adobe I/O Events for Adobe Commerce
• Adobe Stock
• Braintree
• Payment Services

Conclusion

Magento 2.4.7 represents a major step forward for the Magento platform, offering general performance enhancements for a faster store, essential security updates and GraphQL performance improvements. Although there is no need to update straight away, merchants can do so if they want to benefit from a more secure and efficient site.