Magento 2.4.7: Improved Security, 100+ Quality Fixes, Engaging User Experiences, and More

Today, your storefront isn’t just a website—it’s the heart of your brand, the hub of customer interactions, and the engine driving your business growth. This makes it crucial to ensure that every aspect of your digital presence is optimized.

However, as eCommerce platforms grow in complexity, ensuring secure, high-performance, and reliable operations has become increasingly challenging. Recent studies show that 70.19% of consumers abandon their carts due to subpar website performance and security concerns^[i]. Not just this, 88% of online consumers are less likely to return to a site after a poor experience^[ii]. 

This is where Magento steps in! With its latest release, Magento 2.4.7 tackles these challenges head-on by introducing advanced security features, enhanced GraphQL capabilities, and significant performance boosts. It also includes the Adobe Commerce Extension metapackage, Braintree updates, and PWA Studio compatibility, ensuring a captivating eCommerce experience.

In this blog post, we’ll understand how businesses can leverage the full potential of the latest upgrades introduced in the Magento 2.4.7 version. We’ll also decode the steps to upgrade to Magento 2.4.7, empowering your store to operate at peak efficiency. 

Magento Open Source 2.4.7 Features & Enhancements

1. Security Enhancements

Magento 2.4.7 introduces several key security enhancements to bolster platform security and compliance. Here’s a summary of the major improvements—

– General Security Enhancements:

• Unified Security Fixes: The Magento 2.4.7 release incorporates security fixes from previous Adobe Commerce versions (2.4.6-p5, 2.4.5-p7, and 2.4.4-p8). To further strengthen your site’s security, particularly in the Admin area, consider implementing measures such as:
  – IP Allowlisting
  – Two-Factor Authentication
  – VPN Usage
  – Unique Admin Location
  – Good Password Hygiene

– Additional Security Features:

• Non-Generated Cache Key Behavior Changes: Non-generated cache keys now have distinct prefixes from auto-generated keys. Furthermore, these keys must only contain letters, digits, hyphens (-), and underscores (_).

• Coupon Code Limits: To prevent system overload, Magento Open Source now caps the number of auto-generated coupon codes at 250,000. Merchants can adjust this limit through the new Code Quantity Limit configuration option.

• Admin URL Generation Optimization: The default Admin URL generation process has been optimized for enhanced randomness, making URLs less predictable.

• Full-Page Cache Configuration: A new setting helps mitigate risks associated with the HTTP {BASE-URL}/page_cache/block/esi endpoint by facilitating the configuration of handle parameters. The default maximum is set to 100, which can be adjusted in the Admin settings.

• Subresource Integrity (SRI) Support: To comply with PCI 4.0, SRI is now used to verify the integrity of JavaScript assets on payment pages. This feature can be extended to other pages if needed.

• Content Security Policy (CSP) Updates: Configuration changes have been made to Content Security Policies (CSPs) to align with PCI 4.0 requirements. By default, payment pages will operate in restricted mode, whereas other pages are set to report-only mode. 

Additionally, a nonce provider has been introduced, enabling the execution of inline scripts within CSPs by generating unique nonce strings for each request. New options have also been added to configure custom URIs for reporting CSP violations on the Admin Create Order and storefront Checkout pages. Note that switching to restrict mode CSP may block existing inline scripts, which could result in browser errors. Thus, it’s important to update whitelist configurations accordingly. 

• Native Rate Limiting: Rate limiting is now available for payment information transmitted through REST and GraphQL APIs. This feature helps prevent carding attacks by controlling the volume of transaction attempts.

• GraphQL and REST API Behavior Changes: The isEmailAvailable GraphQL query and REST endpoint now default to returning true. Merchants can revert to the original behavior by enabling the Guest Checkout Login option, though this may expose customer information to unauthenticated users.

Related Read: 6 Ways to Protect Your Magento Panel

2. Fixed Issues

Magento open source 2.4.7 includes 100+ fixes to improve the platform’s functionality and performance. The key ones include—

• Enhanced Performance for Large Catalogs and Promotions: The platform now performs better when handling large product catalogs and managing complex promotional rules, ensuring smoother operations and faster processing times.
• Tax Calculation Accuracy: The update resolves inaccuracies in tax calculations that occurred in certain scenarios, providing more precise and reliable tax computations during transactions.
• reCAPTCHA Validation During Checkout: Issues with reCAPTCHA validation during the checkout process have been fixed, helping to ensure that customer verification steps are completed smoothly and without errors.
• Payment Gateway Integration Issues: Problems where payment gateways were not processing transactions correctly have been addressed, improving the reliability of various payment methods.
• Custom Attribute Display Issues: The release corrects display problems for specific custom attributes, ensuring product information is presented accurately and consistently across the storefront.
• Improved Product Detail Page Loading: Slow loading times for product detail pages that contain many attributes have been resolved, resulting in a faster and more seamless browsing experience.
• Inventory Sync Across Multiple Websites: Issues with inventory synchronization between multiple websites have been fixed, helping to maintain accurate stock levels and availability across different storefronts.

In addition to the mentioned fixes, Magento 2.4.7 addresses various other issues. These include resolving cart and checkout problems, improving the functionality of catalog rules, and addressing issues related to coupon code usage. Furthermore, the update fixes problems related to using diacritics or accents in emails, ensuring proper handling of special characters.

3. Performance & Scalability Enhancements

Magento Open Source 2.4.7 brings significant performance and scalability enhancements, improving the overall efficiency and responsiveness of the platform. Here’s an overview of these enhancements—

• Enhanced Indexer Management: The newly introduced `indexer:set-status` command enables dynamic management of indexer statuses, enabling Admin users to change the status to suspended, invalid, or valid. This feature is useful during extensive bulk operations like product imports or updates. It enables users to control when the system’s cron jobs automatically trigger indexers. This helps manage system performance and reduce unnecessary load during heavy operations.
• Improved Product Listing for Complex Products: Load times have been improved for product listing pages featuring complex products with over 100 options. The performance of GraphQL requests to list products by category has also been optimized, providing a faster and smoother browsing experience for users dealing with large and complex product inventories.
• Sales Rule Performance Improvements: For enterprise deployments with numerous active sales rules (around 100,000), the platform now manages them more efficiently. Magento Open Source 2.4.7 ensures that multiple cart price rules do not cause performance degradation during checkout operations, maintaining a consistent and efficient checkout process.
• Faster Store-Level Configuration Save Operations: In deployments with over 500 stores, saving configuration settings can be time-consuming. The new Async Config module addresses this by enabling asynchronous configuration save operations. It uses a cron job and a consumer to process the save operation in a message queue, significantly reducing the time required for these operations. This module is disabled by default but can be enabled to enhance performance in large-scale deployments.
• Faster Config Cache Generation for Large Configurations: The `bin/magento cache:clean config` command now pre-warms the enabled config cache, reducing downtime required to generate the cache for large configurations. Additionally, saving configurations no longer clears the config_scopes cache before writing data, reducing the time other requests are blocked. This change results in quicker configuration cache generation and an overall more responsive system. 

4. Platform Enhancements

Magento 2.4.7 introduces several platform enhancements focusing on security compliance and compatibility with modern technologies. 

• The release introduces PHP 8.3 compatibility, enabling Magento to run on both PHP 8.3 and 8.2, with PHP 8.2 being supported until December 2025. Merchants are encouraged to migrate to PHP 8.3 after this date. Additionally, all core code, bundled extensions, Adobe-owned extensions, and SaaS services are now compatible with PHP 8.3.
• RabbitMQ 3.13 support is another key update, making Magento compatible with the latest version of this message broker. While support for RabbitMQ 3.11 and 3.12 continues until August 2024 and December 2024, respectively, using RabbitMQ 3.13 is recommended for optimal performance and security.
• In terms of Composer and Varnish Cache, Magento 2.4.7 supports Composer 2.7.x while maintaining compatibility with Composer 2.2.x. For caching, the platform is now compatible with Varnish Cache 7.4, though it also remains compatible with versions 6.0.x and 7.2.x. However, Varnish Cache 7.4 or version 6.0 LTS is recommended for the best performance.
• Magento 2.4.7 enhances search functionality with Elasticsearch 8.11 compatibility and adds support for OpenSearch 2.12 and OpenSearch 1.3, expanding search engine integration options. It also supports Redis 7.2, which improves caching and overall performance.
• JavaScript libraries have been updated to the latest versions, with jsTree replacing extjs and the jquery/fileUpload library being removed. All NPM dependencies have been updated for better security and functionality. Additionally, all Laminas libraries have been updated to ensure compatibility with PHP 8.3.
• Lastly, shipping and API integrations have been updated significantly. The Commerce UPS XML API gateway has been migrated to the new UPS REST API, aligning with UPS’s new OAuth 2.0 security model. The legacy FedEx WSDL Web Services have been updated to the latest RESTful APIs, ensuring compatibility before the older services are retired in May 2024. Magento also introduces support for the new USPS Ground Advantage shipping method, which replaces several retired USPS services. Additionally, the Temando shipping modules have been removed from the core code base.
  

5. Magento Open Source Extension MetaPackage

The Magento Open Source Extension metapackage v1.0.0 is a key enhancement that simplifies managing and upgrading extensions. This metapackage automatically bundles select Magento Open Source extensions with the core release, enabling users to streamline the upgrade process. When running a composer update, the included version of these extensions is automatically installed, ensuring compatibility and reducing the effort needed to upgrade extensions alongside the core.

The current version of this metapackage includes essential extensions such as Adobe Commerce integration with Adobe IMS, Braintree, and Payment Services. This enhancement ensures a more integrated upgrade experience and promises future additions to the extension lineup. This also helps businesses stay up-to-date with the latest functionalities.

6. Additional Updates

• Braintree Updates: Magento 2.4.7 introduces several enhancements to Braintree payment integrations.
• Vaulted PayPal and Pay Later changes empower customers to use PayPal without logging in, select different funding sources, or utilize PayPal Pay Later or Credit options.
• 3DS Support for Google Pay has been added, enabling 3DS verification for non-tokenized Google Pay cards.
• Customers can now vault Apple Pay, Google Pay, Venmo, and ACH Payments, simplifying future transactions.
• Express Payment buttons have been introduced at the start of checkout to speed up the process.
• Braintree release notes and support links are now directly accessible from the Admin configuration.
• GraphQL support for most Braintree payment methods has been expanded, except for Venmo.
• New features also include Frictionless Transactions to reduce checkout steps and Dispute Webhooks to track transaction disputes directly within Magento.
• GraphQL Enhancements: Magento 2.4.7 improves GraphQL capabilities with enhanced caching, support for custom attributes, and new query/mutation options.
• Enhanced GraphQL Caching improves page load times by caching queries such as availableStores and currency.
• Order Items now include product images for better efficiency.
• Expanded Support for Resolver Caching enhances performance by caching more query resolvers.
• New fields have been added to existing mutations and queries, such as quickorder_active and new queries like guestOrder. Deprecated queries include clearCustomerCart and createEmptyCart.
• Lastly, improved GraphQL Parser Performance reduces the number of parsing calls per request, further enhancing efficiency.
• PWA Studio: PWA Studio v14.0, compatible with Magento 2.4.7-beta1, includes multiple accessibility improvements. It enhances the Progressive Web App (PWA) experience by ensuring better compatibility and accessibility features.
• Web API Framework: Magento 2.4.7 introduces two new REST endpoints to address a limitation in the REST API related to the is_filterable attribute for product attributes. These endpoints, PUT /V1/products/attributes/{attributeCode}/is-filterable/{isFilterable} and GET /V1/products/attributes/{attributeCode}/is-filterable, enable more precise control over filterable attributes, providing a workaround for previously restricted filter settings.

Related Read: Leveraging Adobe Commerce to Build Exceptional Shopping Experiences

Why & How to Upgrade Your Adobe Commerce (Magento) Version? 

Upgrading the Adobe Commerce version ensures a business stays ahead with the latest security patches, performance enhancements, and new features that improve user experience. It also helps maintain compatibility with third-party extensions and integrations, ensuring smooth operations. Ultimately, an updated version enhances store functionality, providing better scalability and security for future growth.

Businesses can upgrade their Adobe Commerce (Magento) version by following these steps— 

1. Review Requirements: Before upgrading, run a full compatibility check on your current themes, extensions, and custom modules. At this point, tools like the Magento Version Compatibility Checker can help identify any potential issues.
2. Backup Your Project: Create backups of your database and code in integration, staging, and production environments. Use automated backup tools or run mysqldump for databases and secure your codebase with version control tools like Git.
3. Staging Environment For Testing: Use a dedicated staging environment to test the upgrade before deployment. This will ensure that any issues are caught before impacting your live store.
   
4. Rollback Strategy: If the upgrade causes significant issues, be ready to roll back by restoring from your backups or reverting code changes through version control. Use Git to quickly restore your codebase.
5. Update Configuration: Update your .magento.app.yaml and composer.json files to align with the new version’s requirements.
6. Upgrade Codebase: Use Composer to update your project to the desired Magento version, ensuring that dependencies and configurations are correct.
7. Downtime During the Upgrade: To minimize downtime, activate maintenance mode using bin/magento maintenance:enable. Schedule the upgrade during low-traffic periods or use zero-downtime deployment practices if possible.
8. Verify and Test: After the upgrade, thoroughly test critical features like checkout, payment gateways, customer data, and admin functions. Run performance benchmarks & review logs for any error messages. Automated testing tools like Selenium or MageTestFest can be used to streamline the regression testing process.
9. Upgrade Extensions: When upgrading Adobe Commerce, ensure third-party extensions are compatible with the latest version. Additionally, update the outdated extensions to prevent performance issues and ensure seamless integration with new features & improvements.

At this point, a proficient Magento services partner can streamline the upgrade process by handling technical complexities, ensuring compatibility with custom modules, and providing expert support to minimize downtime & optimize performance. Their expertise can also ensure a smooth transition to the latest Magento version with minimal disruption to your business operations.

References: 
^[i] Baymard
^[ii] Linearity