Update Your Magento Store to Latest version 2.4.8
Latest Magento Feature Update Released on 8th April 2025
Latest Version of Magento: 2.4.8 Oldest Supported Version of Magento: 2.4.5
End of Life: August 9, 2025
NOTE: Support for Magento 2.4.4 and 2.4.5 is ending on 25th of Nov.
Magento 2.4.8 - New Magento Version Stable is Released
Magento 2.4.8 introduces important updates in security, platform compatibility, and performance. Here are the highlights:
Security Enhancements
- Multiple security fixes with enhanced token validation and role-based access controls.
- Improved 2FA and reCAPTCHA behavior in both admin and storefront environments.
- Library updates to address vulnerabilities (e.g., Monolog, Flysystem, LessPHP).
Improved Performance
- New indexers now default to “Update by Schedule” and begin in the “Ready” state, reducing manual steps.
- Optimized database queries for faster product and inventory operations.
- Stability and efficiency improvements for high-volume merchants.
Developer Experience
- Support for MySQL 8.4, MariaDB 11.4, Composer 2.4.x, and PHP 8.3.
- Deprecated Elasticsearch 8 support, paving the way for future enhancements.
- PHPUnit 10 readiness and upgraded JS/NPM packages.
- Cleaner admin UI with improved button labels and interface cues.
User Experience
- Updated Page Builder/WYSIWYG editor with better formatting control and reliability across content types.
- Accessibility improvements in admin and storefront views for better compliance.
Latest Security Patch for Supported Version
Date of Release: 11th Feb 2025
Versions
Magento 2.4.7 (p5)
Magento 2.4.6 (p10)
Magento 2.4.5 (p12)
Magento 2.4.4 (p13) *
Based on the latest security bulletin (APSB25-26) released by Adobe on April 8, 2025, the following critical issues have been addressed:
Critical Issues Addressed
1. Improper Authorization (CVE-2025-27188):
This vulnerability allowed users with low privileges to escalate their privileges within the system. The patch ensures stricter authorization controls, preventing unauthorized privilege escalation.
2. Cross-Site Request Forgery (CSRF) (CVE-2025-27189):
Exploiting this vulnerability could enable attackers to perform unauthorized actions on behalf of authenticated users, potentially leading to application denial-of-service. The update introduces enhanced CSRF protections to mitigate this risk.
3. Improper Access Control (CVE-2025-27190 & CVE-2025-27191):
These issues involved inadequate access controls that could allow unauthorized users to bypass security features. The patch reinforces access control mechanisms to ensure that only authorized users can access specific functionalities.
4. Insufficiently Protected Credentials (CVE-2025-27192):
This vulnerability pertained to inadequately protected credentials, posing a risk of unauthorized access. The update enhances credential protection measures to safeguard user information.
Additionally, the patch includes improvements to the system’s security infrastructure, addressing previous limitations and enhancing overall system integrity.
For more detailed information, please refer to the official
About the Comic String Vulnerability
The Comic String vulnerability is a critical security issue identified across multiple versions of Magento. It is one of the biggest vulnerabilities in the history of the platform, it exposes Magento stores to potential attacks, allowing hackers to exploit unprotected endpoints, inject malicious code, or gain unauthorised access to sensitive data.
To safeguard your store, Adobe has released various patches that mitigate this vulnerability across supported versions of Magento. Each supported version of Magento now has dedicated security patches addressing this issue:
- Magento 2.4.7: Fully patched with release 2.4.7 itself, which also brings many security and performance enhancements.
- Magento 2.4.6-p5: Patch version `p5` resolves this vulnerability with additional security improvements.
- Magento 2.4.5-p7: Patch version `p7` ensures robust protection against the vulnerability.
- Magento 2.4.4-p8: Addressed with patch version `p8` to safeguard your platform.
NOTE: The stable of next Magento version 2.4.8 is available to updated. Make sure you update to the latest version or apply the latest security patch to protect your store from this and other security risks.
System Requirements for Magento 2.4.8
To run Magento 2.4.8 efficiently, make sure your environment meets the following requirements:
- PHP: Version 8.3/8.4
- MySQL: 8.4
- MariaDB :11.4
- Elasticsearch: 8.17 [Deprecated]
- Open Search: 2.19
- Varnish Cache: Version 7.6
- Redis: 8
- Composer: 2.8
- RabbitMQ: 4
Legacy Features and Updates in Previous Versions
If you’re upgrading from an earlier version, here’s a quick look at what’s new in recent versions:
Magento 2.4.7
- Includes over a dozen security fixes and validation enhancements.
- Improved GraphQL and REST API protection for sensitive data.
- Support added for PHP 8.3 and updated system dependencies.
- Boosted performance with optimized caching and indexing.
- Extended GraphQL coverage and a new Extension Metapackage for streamlined management.
Magento 2.4.6
- Over 150 bug fixes and quality improvements.
- Security enhancements like refined admin token validation.
- Support for PHP 8.2.
Magento 2.4.6
- Over 150 bug fixes and quality improvements.
- Security enhancements like refined admin token validation.
- Support for PHP 8.2.
Magento 2.4.5
- Introduction of asynchronous bulk APIs for efficient data management.
- Enhanced B2B capabilities including better quote and order management.
- Expanded GraphQL support for inventory and B2B functionalities.
Magento 2.4.4:
- Improved support for MySQL 8.0.
- Enhanced UI/UX in Page Builder.
- Support for Elasticsearch 7.16 and OpenSearch.
Why Upgrade?
Upgrading your Magento store is essential to maintaining security, performance, and compatibility with the latest technologies. With the Comic String vulnerability patched, enhanced GraphQL caching, and new developer tools, Magento 2.4.8 delivers a faster, safer, and more seamless shopping experience.
