Magento Free Version

[Lauren Redder]

MagentoOpen Source 2.4.7 introduces support for PHP 8.3. It includes hundreds of quality fixes and enhancements. Core Composer dependencies and third-party libraries have been upgraded to the latest available versions. This release increases GraphQL coverage for custom attributes and GraphQL resolver caches. It also introduces support for recently updated FedEx and UPS services.

Although code for these features is bundled with releases of the Magento Open Source core code, several of these projects are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.

This release includes the same security fixes and platform security improvements that are included in Adobe Commerce 2.4.6-p5, 2.4.5-p7, and 2.4.4-p8. See Adobe Security Bulletin for the latest discussion of these fixed issues.

No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:

Optimization of the default Admin URL generation process. The generation of the default Admin URL has been optimized for increased randomness, which makes generated URLs less predictable.

Added Subresource Integrity (SRI) support to comply with PCI 4.0 requirements for verification of script integrity on payment pages. Subresource Integrity (SRI) support provides integrity hashes for all JavaScript assets residing in the local filesystem. The default SRI feature is implemented only on the payment pages for the Admin and storefront areas. However, merchants can extend the default configuration to other pages. See Subresource Integrity in the Commerce PHP Developer Guide.

The default CSP configuration for payment pages for Commerce Admin and storefront areas is now restrict mode. For all other pages, the default configuration is report-only mode. In releases prior to 2.4.7, CSP was configured in report-only mode for all pages.

Added a nonce provider to allow execution of inline scripts in a CSP. The nonce provider facilitates the generation of unique nonce strings for each request. The strings are then attached to the CSP header.

Added options to configure custom URIs to report CSP violations for the Create Order page in the Admin and the Checkout page in the storefront. You can add the configuration from the Admin or by adding the URI to the config.xml file.

Native rate limiting for payment information transmitted through REST and GraphQL APIs. Merchants can now configure rate limiting for the payment information transmitted using REST and GraphQL. This added layer of protection supports prevention of carding attacks and potentially decreases the volume of carding attacks that test many credit card numbers at once. This is a change in the default behavior of an existing REST endpoint. See Rate limiting.

The default behavior of the isEmailAvailable GraphQL query and the (V1/customers/isEmailAvailable) REST endpoint has changed. By default, the APIs now always return true. Merchants can enable the original behavior by setting the Enable Guest Checkout Login option in the Admin to yes, but doing so can expose customer information to unauthenticated users.

Magento Open Source 2.4.7 is still compatible with PHP 8.1 for upgrade purposes only. PHP 8.1 is not supported and not recommended. Magento Open Source 2.4.7 core code, all bundled extensions, and all Adobe-owned extensions and SaaS services are compatible with PHP 8.3.

Varnish cache 7.4 support. This release is compatible with the latest version of Varnish Cache 7.4. Compatibility remains with the 6.0.x and 7.2.x versions, but we recommended using Magento Open Source 2.4.7 only with Varnish Cache version 7.4 or version 6.0 LTS.

All JavaScript libraries and NPM dependencies in Magento Open Source core code have been updated to the latest available versions. All Laminas library dependencies have been updated to the latest version that are compatible with PHP 8.3.

The Commerce UPS XML API gateway has been migrated to the new Commerce UPS REST API to support updates that UPS is making to their API security model. (UPS is implementing an OAuth 2.0 security model (bearer tokens) for all APIs.) All previous Commerce UPS XML APIs have been removed from the Magento Open Source 2.4.7 code base.

The Magento Open Source integration with FedEx has been migrated from legacy FedEx WSDL Web Services to the latest FedEx RESTful APIs. FedEx Web Services Tracking, Address Validation, and Validate Postal Codes WSDLS will be retired in May 2024.

More flexible cart management. The clearCart mutation now clears the contents of a specified shopping cart in a single action. It replaces the clearCustomerCart mutation, which has been deprecated.

Improvements in create cart mutations. The createGuestCart mutation has been added to replace the deprecated createEmptyCart mutation. Previously, if you used createEmptyCart, you could not determine whether the cart was for a guest or logged-in customer.

Expanded support for resolver caching. The following GraphQL query resolvers are now cacheable in the GraphQL Resolver Results cache, which improves performance when queries are submitted with POST requests:

Enhanced support for custom attributes. GraphQL custom attribute support has been enhanced by enriching API data to support all attribute types. The GraphQL EAV attributes schema now supports extending customer attributes and customer address objects in the Admin and retrieving them using GraphQL. Specific areas of enhancement include:

Improved GraphQL parser performance. GraphQL parser performance has been improved by reducing the number of times the parse method is called per request. It is now called once. Previously, the parser was called at least three times.

This release includes the Magento Open Source Extension metapackage v1.0.0, which automatically bundles select Magento Open Source extensions with this core release. The version of this extension that is included in this metapackage is installed when composer update is run, simplifying the process of upgrading the extension when upgrading to the latest core release. This extension maintains an independent release schedule.

PWA Studio v14.0 is compatible with Magento Open Source 2.4.7-beta1. It includes multiple enhancements to improve accessibility. For information about bug fixes, see PWA Studio releases. See Version compatibility for a list of PWA Studio versions and their compatible Magento Open Source core versions.

This release introduces two new REST endpoints that provide a workaround for a limitation with the REST API GET and POST V1/products/attributes endpoints. These endpoints return the same value for the is_filterable attribute for both the Filterable(with results) and Filterable(no results) options of the Use in Layered Navigation option. (The is_filterable attribute property is of type Boolean, which does not permit setting this property to Filterable(no results).)

Magento version history has witnessed substantial changes since its initial release in 2008. Each new version has introduced various improvements and features. It enhances the online shopping experience for both customers and merchants.In this article, we will look closely at Magento's rich history and its different versions. We will highlight the significance of each update and how it can benefit your business. It will give you a comprehensive understanding of Magento's past and potential developments.

Magento began with Varien Inc., an ecommerce development and consulting firm founded in Los Angeles, California, in 2001. In 2007, Magento emerged as an open-source ecommerce platform because of Roy Rubin and Yoav Kutner. Roy Rubin initiated Varien during his time as a UCLA student. Yoav Kutner joined as the CTO and co-founder in 2004, continuing until April 2012.

Around 2003, they discovered osCommerce, an open-source platform with a substantial user base. To serve their ecommerce consultancy clients, Roy and Yoav utilized a modified version of osCommerce for website development.

Initially conceived for their internal client projects, Magento eventually transitioned to open-source software. It initially posed challenges in monetization but ultimately proved advantageous in the long term.

Magento prioritizes backward compatibility in its upgrades to minimize disruptions to existing functionalities. However, thorough compatibility checks and testing are recommended before initiating an upgrade. It ensures seamless transitions and avoids potential conflicts with customizations or Magento extensions.

The release notes accompanying each Magento version highlight deprecated features. These notes detail features that are no longer supported in the current release. It also offers guidance on alternatives or workarounds for smoother transitions during upgrades.

Magento provides comprehensive documentation outlining step-by-step installation guides and Magento migration strategies. These resources offer clear instructions and best practices to facilitate smooth installations and migrations to newer versions.

Magento consistently enhances security functionalities, including reCAPTCHA support, to prevent potential threats. These improvements enhance the platform's security and protect e-commerce sites from malicious activities. It ensures a safer online environment for businesses and customers.

Magento's roadmap is strategically designed, considering market trends, user feedback, and industry advancements. Regular updates outline the platform's growth trajectory, showcasing planned improvements aligned with evolving market needs.

3a8082e126