Adobe Commerce 2.4.8 (and Magento Open Source 2.4.8) was officially released on April 8, 2025, bringing a host of security updates, performance improvements, and new feature enhancements. With over 580 quality fixes, improved GraphQL capabilities, and support for the latest technologies, this release is vital for merchants aiming to maintain security, scalability, and compliance.

In this blog, we break down the most significant updates and how they may impact your Magento-based store.

Magento 2.4.8 Version: Detailed Overview

Here’s an in-depth look at the latest Magento version for Adobe Commerce & Magento Open Source editions:

Security & Platform Enhancements

  • Support for PHP 8.4 and MariaDB 11.4
  • Removal of PHP 8.1 compatibility
  • Optimized for OpenSearch 2.19 (Elasticsearch marked deprecated)
  • TinyMCE upgraded to version 6.8.5 (TinyMCE 5 removed)
  • Updated third-party components for enhanced platform stability
  • Duo Security (2FA) updated with the latest Web SDK v4
  • CLI commands added for managing encryption keys
  • Improved Subresource Integrity (SRI) support for enhanced frontend security

Performance & Scalability Updates

  • Default Indexer Mode set to “Update by Schedule”.
  • Upgraded RabbitMQ (4.x), Composer (2.8.x), Redis (Valkey 8), and Varnish (7.6)
  • Enhanced caching logic and support for bulk operations
  • Performance improvements to GraphQL, product category assignment, and tier price updates
  • New indexer management command: indexer:set-status

Checkout, Cart & Order Enhancements

  • Improved checkout experience with updated Braintree and PayPal express payment flows
  • Cart rule logic fixed for logged-out users
  • Guest checkout improvements with new order cancellation and return support
  • Accurate display for virtual products at checkout
  • Added “Free” payment method visibility for zero-value orders

GraphQL Improvements

  • Extensive updates across:
    • Cart & Checkout
    • Orders
    • Customer Accounts & Groups
    • Catalog & Product Pricing
    • Gift Options & Returns
    • Shipping & Tax
  • Enhanced security and performance with validation, custom attributes, and structured query handling

Braintree Integration Enhancements

  • Upgraded SDKs: PHP 6.21.0 and JS 3.112.0
  • Support for:
    • Apple Pay & Google Pay line item display
    • Express checkout with real-time shipping method integration
    • Storing Google Pay & PayPal payment methods
  • Deprecated payment methods: Sofort and Giropay

Developer-Focused Updates

  • PHPUnit upgraded to version 10
  • RequireJS upgraded to 2.3.7
  • JSON format support added to the REST Import API
  • Improved GraphQL parser for better performance
  • Enhanced error handling in APIs and customer forms

Fixes Worth Noting

  • Fixed issues with:
    • Coupon codes not working on downloadable products
    • Cart price rules being incorrectly applied
    • Customer compare lists not retaining items after login
    • Customer address save errors
    • Middle name field not saving for guest checkouts
    • Orders incorrectly visible across multiple websites via API

Technology Stack Comparison: 2.4.7 vs 2.4.8

Magento Version 2.4.7 2.4.8
PHP 8.3 and 8.2 8.4 and 8.3
Elasticsearch 8.0 8.11 (Deprecated)
OpenSearch 1.3 and 2.12 2.19
Composer 2.7.x 2.8.x
RabbitMQ 3.13,3.12 and 3.11 4.x
Varnish Cache 7.5 7.6
Redis 7.2 Valkey 8
MariaDB 10.6 11.4
MySQL 8.0 8.4
TinyMCE 5 6.8.5
PHPUnit 9 10
Security Enhancements
  • Cache Key Behavior Changes
  •  Coupon Code Generation Limits (capped at 2,50,000 by default)
  • Admin URL Optimization
  • Full-Page Cache Configuration
  • Rate Limiting for REST and GraphQL APIs
  • It introduces fixes to security vulnerabilities as listed in the security bulletin APSB23-35. These include some of the most critical vulnerabilities including cross-site scripting and XML Injection.
  • Risk associated with {BASE-URL}/page_cache/block/esi HTTP endpoint has been fixed
  • The SRI mechanism introduced in 2.4.7 has been refactored to improve reliability and performance
  • It introduces fixes to security vulnerabilities as listed in the security bulletin APSB25-26.
  • Change Updates the Duo Security (2FA) implementation with the latest SDK (Web SDK v4).
  • Added new CLI commands for changing keys and re-encrypting certain system configurations, payment, and custom field data. Admin UI is no longer available.
  • OTP Window field now provides an accurate explanation of the setting and the default value has been changed from 1 to 29.
  • SRI hashes are now stored directly in the pub/static directory and organized by area (adminhtml, base, frontend). No need to redeploy static content after cache flushes.

  GraphQL:

  • Added a “theme” field to the “recaptchaV3Config” query. It allows you to specify the name of the theme to use to render the reCaptcha ensuring accurate price and currency information.
  • Improved security by ensuring that requests with expired customer tokens
Performance and scalability enhancements
  • optimized parser requests and cacheable queries
  • Multiple clicks in the Sales > Orders page’s mass action drop-down menu no longer generate multiple POST requests. GitHub-37997
  • Improved performance of page loading speed when many options are added to bundled products. GitHub-29409
  • The process of assigning products to categories from the Products in Category tab has been optimized.
  • The performance of the addProductToCart mutation when executing with many custom product attributes has improved.
  • Performance issues when loading product attributes that are used by cart rules have been resolved. Only product attributes for active cart rules are now loaded.
  • The parser method in GraphQL is only called once, which was called three times earlier, which results in better performance.
  • This release introduces enhanced caching capabilities with improved page load speed and support for custom attributes.
  • JSON format is now supported for the REST Import API.
  • Enhanced indexer management. The new indexer:set-status command supports the dynamic management of indexer status. Admin users can use this command to change the indexer status to suspended, invalid, or valid. This feature is particularly useful for managing system performance during extensive bulk operations, such as product imports or updates, by allowing control over when the system’s cron jobs automatically trigger indexers.
  • GraphQL now supports order cancellation.
  • Indexer: The default indexer mode is “Update by Schedule” for all indexers which improves system performance and reduces potential issues.
  • Product Price: Bulk Updates of tier prices without causing performance issues or unresponsiveness via [/V1/products/tier-prices] REST API.
  • Inventory: The system now operates without the previously hidden dependency from the Catalog introduced by InventoryIndexer, ensuring that the product creation, display mode switch, stock status change, and other related functionalities work as expected.
Payments
  • Logged-in customers can now store their Google Pay payments for future use
  • 3DS verification support for Google Pay non-tokenized cards
  • Logged-in customers who have previously stored their PayPal account can now store new credit/debit cards and PayPal accounts in the Customer account area.
  • Customers can use PayPal Pay Later, PayPal Credit, and Pay Now via default card
  • Express pay options at the checkout, including PayPal, PayPal Pay Later, Apple Pay, and Google Pay
  • Removed “Sofort” and “Giropay” payment methods

Why You Should Upgrade

Magento 2.4.8 is not just about security patches—it sets the foundation for the future with better compatibility, a modernized stack, and enhanced API support. By upgrading, you ensure:

  • Continued Adobe support until April 2028
  • Compliance with the latest standards
  • Performance and scalability improvements
  • Better checkout experience for customers

Magento 2.4.8 Release Notes

You can take a look at the release notes for Magento 2.4.8 for even more detailed information about everything this new version offers.

Final Thoughts

If you’re currently on 2.4.7 or earlier, we highly recommend planning your upgrade to 2.4.8. Whether you’re focused on site speed, better payment UX, or enhanced security, this release checks all the boxes.

Need help upgrading? Our certified Adobe Commerce experts at Rave Digital are ready to guide you through a seamless upgrade process tailored to your business needs.