Magento 2.4.8 Official Release: What's Updated?

The Magento community has some exciting news to celebrate! On April 8, 2025, Adobe announced the official release of Adobe Commerce 2.4.8. This update is packed with improvements in security, compliance, performance, and overall quality, making your eCommerce journey even smoother.

Updated: The latest released security patches are 2.4.8-p3 and 2.4.9-alpha3 are out on October 14, 2025.

In this article, we’ll explore the standout new features and enhancements that make this release truly special.

Magento 2.4.8 - Release Schedule & Support Duration

To maintain the security and performance of Adobe Commerce, Adobe releases regular patches related to Magento 2.4.8 version. Please note that scheduled release dates are subject to change. Stay informed about upcoming patch releases by following this information.

From 2026, Adobe introduced a new timeline for security patches and other official releases as follows:

Here is a table summarizing the release and end-of-support dates for each version:

Adobe recommends upgrading to Adobe Commerce 2.4.8 to receive support until April 2028 and take advantage of the latest improvements. If you’re running an older version of Magento, it’s time to take action. Explore our Magento 2 upgrade service to safely upgrade your store to the latest version

Related post: 3 Methods to Upgrade Magento 2 to the Latest Version.

Highlights of Magento 2.4.8-p3 Security Patch Release

CVE-2025-54236: Fixes a REST API vulnerability that might harm customer accounts

Learn how to make extensions compliant with the latest updates here.

Also, you can discover the new 2.4.9-alpha3 release with new updates of Braintree, framework and other security bug fixes.

Highlights of Magento 2.4.8-p2 Security Patch Release

APSB25-71 (Priority: 2): Fixes critical Magento vulnerabilities

• CWE-20 - Improper Input Validation: Application denial-of-service
• CWE-352 - Cross-Site Request Forgery: Privilege escalation
• CWE-863 - Incorrect Authorization: Arbitrary file system read
• CWE-79 - Cross-site Scripting (Stored XSS): Privilege escalation

and other important vulnerabilities here

Highlights of Magento 2.4.8-p1 Security Patch Release

• API Performance Improvement: Fixes issues with slow performance on bulk web API endpoints that started after earlier patches.
• CMS Blocks Access Fix: Solves the problem where Admin users with limited permissions (like merchandising-only access) couldn’t view the CMS Blocks page. This issue occurred after installing recent security patches.
• Cookie Limit Compatibility: Fixes a compatibility issue with the MAX_NUM_COOKIES setting, ensuring extensions and customizations that deal with cookies work correctly again.
• Async Operations Update: Restricts asynchronous operations that were affecting customer orders from being overridden.
• Security Fix:
  • CVE-2025-47110: Fixes a security vulnerability related to email templates.
  • VULN-31547: Resolves a security issue with category canonical links.

Key Highlights of Magento 2.4.8 Release

Adobe Commerce 2.4.8 enhances security, offers PHP 8.4 and MariaDB 11.4 compatibility, significantly improves GraphQL API for faster Edge Delivery storefront migration, and includes 500+ quality fixes. Here are some notable enhancements of this latest update:

1. Security

Settings

• Duo Security 2FA: Updated Duo Security two-factor authentication (2FA) in Adobe Commerce to use the latest Web SDK v4.

• Encryption keys: Redesigned encryption key management to make it easier to use and fix past bugs and limitations.

• One-time password (OTP) settings: Fixed an error in OTP settings caused by a backward-incompatible change in version 2.4.7.

Subresource Integrity (SRI)

• The SRI mechanism introduced in 2.4.7 has been refactored. SRI hashes are now saved directly in the pub/static directory, organized by area (adminhtml, base, frontend).

2. Platform

Cache: Adds support for Valkey 8.x.

Database:

• LTS compatibility: Compatible with these long-term support (LTS) database versions: MariaDB 11.4 LTS and MySQL 8.4 LTS
• UTF8MB4 collation: Defaults to utf8mb4 collation for MySQL, ensuring compatibility with MySQL 8 and future updates
• Stricter foreign key validation: In MySQL 8.4, restrict_fk_on_non_standard_key is ON by default, blocking non-unique or partial keys as foreign keys.

Message queue:

• Add support for RabbitMQ 4.x; customers must migrate from classic mirrored queues to quorum queues due to high availability requirements.

PHP

• Add PHP 8.4 and PHPUnit 10 support
• Remove PHP 8.1 compatibility
• Ensure PHP 8.2 compatibility for upgrade purposes
• Upgrade to PHP 8.3 before moving to Adobe Commerce 2.4.8

Components: Several third-party components and dependencies were updated, including Composer 2.8.x, jQuery/Bootstrap 5.3.3, PHPUnit 10.x, and others, to improve platform stability and performance.

Search: Adobe Commerce is now optimized for OpenSearch 2.19 and is no longer supported with Elasticsearch.

3. Performance

Indexers: The default indexer mode is now “Update by Schedule” for new installs or upgrades of Adobe Commerce.

Product prices: Bulk updates of tier prices via the /V1/products/tier-prices REST API are now more efficient.

4. Quality

Inventory: Functions independently, without the hidden dependency on the Catalog introduced by the InventoryIndexer.

Orders: The label of the ‘Submit Comment’ button has been updated on the order detail page.

5. GraphQL

Cart and checkout

• New fields were added to the CartItemPrices type to improve pricing and discount calculations.
• The checkout process now shows only the “Free” payment method when the order total is zero.
• Support for retrieving terms and conditions configuration via the StoreConfig GraphQL query was added.
• The grand_total_excluding_tax field was added to the CartPrices type.

Customers and customer groups

• Improved error handling in the generateCustomerToken mutation for unconfirmed emails
• Added a resend confirmation email mutation for resending email confirmations
• Added a customerSegments query to enable personalization

Orders

• Improved error messaging to include inventory availability
• Added a date_of_first_order field to the CustomerOrders type
• Extended the OrderAddress type to include custom attributes for better order details

Products and catalog:

• ProductInterface now includes a quantity field for stock.

• Introduced store configurations for catalog pricing rules, an allCatalogRules query, and the Product.rules field for applied rules.

Gift options and gift cards:

• GiftOptionsPrices and OrderTotal now include price_excluding_tax and price_including_tax fields for per-item and order-level gift wrapping, as well as printed cards.

• The storeConfig query now includes printed_card_priceV2, returning a price object instead of a string.

Shipping and billing

• Added an address book identifier to the CartAddressInterface for shipping or billing addresses.

• Added a “same_as_billing” field to ShippingCartAddress to indicate if the shipping and billing addresses are the same.

Note: You can view the full details on the Adobe Experience League.

Major Issues Fixed in Magento 2.4.8 Official Release

582 issues are fixed in the Adobe Commerce 2.4.8 core code. 10 notable fixes are listed below:

1. API /V1/transactions: Fixed an issue where parent_txn_id equals txn_id, preventing infinite loops and execution time errors.

2. GraphQL Type Issue: Fixed a data type issue in GraphQL when using the GetCustomSelectedOptionAttributes function with integer type parameters.

3. Special Characters in Category URL: Ensured that special characters in the url_key of categories are displayed correctly when created via REST API.

4. REST API Orders Visibility: Fixed the visibility issue of orders from different websites in the REST API.

5. Guest Account Middle Name: Correctly stores and displays the middle name of customers in guest accounts.

6. Admin Page Actions Alignment: Fixed the alignment of page action buttons in the admin interface, preventing layout issues.

7. Developer Info Command: Correctly displays constructor parameters when using the dev:info command.

8. Customer Opt-In Checkbox Translation: Enabled translation support for the customer opt-in checkbox in the admin interface.

9. Compare List Persistence After Login: Ensured products in the compare list remain after the user logs in.

10. Shipping Address Validation: Fixed an issue where changing the postal code in the shipping address would trigger unnecessary reloads.

These improvements represent Adobe’s ongoing commitment to platform stability, though many in the community are already looking ahead to what Adobe Commerce’s SaaS future might bring with Magento 3. As these incremental updates continue, they lay important groundwork for the more significant architectural changes expected in future releases.

While these fixes address important current pain points, we recommend staying informed about Adobe’s long-term vision for the platform as you plan your upgrade strategy and future commerce technology investments.

Special Deals for Mageplaza extensions compatible with Magento 2.4.8

Magento 2.4.8 is already here, so why not prepare for your store with the latest compatibility? Renew extensions now to secure any updates - and this up to 20% OFF offer:

• Renew for 1 year or 1 extension: 5% discount
• Renew for 2 years or 2 extensions: 10% discount
• Renew for 3 years or 3 extensions: 15% discount
• Renew for 4 years or 4 extensions: 20% discount

Note: This deal can be applied together with Mageplaza Rewards.

Take advantage of these deals to stay up-to-date with the latest version of Mageplaza extensions!

Looking for
Upgrade Services?

Upgrade your Magento 2 store to the latest version for new features and security - with the help of our dedicated experts.

Upgrade now

FAQs

What are the system requirements for Magento 2.4.8?​

Magento 2.4.8 supports PHP versions 8.3 and 8.4, MariaDB 11.4, MySQL 8.4, and other updated technologies. It’s essential to review the full system requirements to ensure compatibility.

What are the key features of Magento 2.4.8?​

Magento 2.4.8 introduces enhanced security measures, compatibility with PHP 8.4 and MariaDB 11.4, significant improvements to the GraphQL API, and over 500 quality fixes and enhancements.

​How long will Magento 2.4.8 be supported?​

Adobe Commerce 2.4.8 will receive support and updates until April 2028, ensuring users have access to security patches and feature enhancements during this period.

How does Magento 2.4.8 affect my current store?​

Upgrading to Magento 2.4.8 ensures your store benefits from the latest security patches, performance improvements, and feature enhancements, keeping your platform secure and up-to-date.

Are Mageplaza Magento 2 extensions compatible with Magento 2.4.8?

We are actively working on releasing updates to ensure full compatibility with the latest Magento version. Stay tuned for new releases and be sure to renew your subscription to access the most up-to-date versions of our extensions.

Summary

Magento 2.4.8 brings a powerful set of upgrades, enhancing performance, security, and user experience. Key improvements include faster page loads and optimized database queries for smoother operations. Security enhancements provide better protection against vulnerabilities. Beyond these highlights, this release also includes numerous bug fixes, stability improvements, and extended support for the latest PHP versions and technologies, making it a more robust and future-ready platform.