Magento Open Source 2.4.4 is now available with multiple new enhancements and bug fixes. However, the most prominent addition to the platform is support for PHP 8.1. All project libraries related to Magento 2, as well as the corresponding dependencies, have been updated to support this PHP version. The new feature even impacts the core Composer dependencies and third-party libraries. Another vital peculiarity of Magento 2.4.4 Open Source is OpenSearch 1.2. In addition to that, the latest version includes almost 250 quality fixes and enhancements.
Table of contents
Magento 2.4.4 introduces one security fix that has been backported to Magento Open Source 2.4.3-p2 and Magento Open Source 2.3.7-p3. Other platform security improvements include:
- The email variable usage is completely removed in 2.4.4.
- It is no longer possible to use integration tokens for API Bearer token authentication.
- Session IDs were removed from the database.
- OAuth access tokens and password reset tokens are now encrypted and stored in the database.
- The upload of non alpha-numeric file extensions was disabled to strengthen validation.
- reCAPTCHA was added to coupon codes.
- Swagger is automatically disabled in production mode.
- HTTPS is enabled by default for storefronts. This feature is turned on by default.
- The dependency confusion plugin is required for all Magento Open Source installations.
- The limit on the size of arrays accepted by Magento Open Source RESTful endpoints is configurable on a per endpoint basis.
- Limiting the size and number of resources that a user can request through a web API on a system-wide basis is possible via new mechanisms.
Magento Open Source 2.4.4 offers a few essential enhancements:
- The platform now supports PHP 8.1 with all the corresponding project libraries and dependencies.
- Magento 2.4.4 supports Elasticsearch 7.16 and OpenSearch 1.2. Both solutions are available for on-premise deployments. At the same time, OpenSearch is the default search engine for cloud deployments.
- The JQuery library of version 3.6.
- The jquery-ui library version 1.13.0.
- Support for TinyMCE 5.8.1.
- Support for the RequireJS library 2.3.6.
- Support for PHPUnit 9.5.x.
- Laminas dependencies in Magento 2.4.4 have been upgraded to the latest versions to support PHP 8.1.
- Several 1.10.0 jQuery components have been removed in Magento 2.4.4:
- ajaxOptions and cache options for tabs;
- .zIndex(). jQuery UI v1.12.1 includes jquery/z-index.js, which supports the use of .zIndex();
- Data fallbacks for widget names. Now, it is necessary to use the full name for the .data() key;
- Hard coding of classes in widgets, such as ui-corner-all.
With Magento 2.4.4, you get the following GraphQL improvements:
- More efficient GraphQL cart operations with the collectQuoteTotals() method.
- Better storefront performance based on new GraphQL request caching that involves: Fastly and Varnish that cache GraphQL requests sent with auth tokens.
- The storeConfig query returns the configuration settings for the Zero Subtotal Checkout and Check/Money Order payment methods.
- The webonyx library is updated to 14.9.
- The GraphQL resolver returns translated strings following the store scope parameter.
- Descriptive transaction names for New Relic to simplify debugging.
All vendor-bundled extensions have been removed from Magento Open Source 2.4.4 except Braintree.
- Support for the Venmo payment option.
- The Pay Later option incorporates the shopper’s location.
- More convenient testing with the ability to select any shopper country.
- Messaging integration with Pay Later for the checkout page.
Magento 2.4.4 brings fixes aimed at users Without Vision or Limited Vision:
- improved tooltips;
- accessible naming;
- screen elements tagging;
- redesigned icons and buttons.
Page Builder provides the ability to add alternative text to images. Thus, you can improve content accessibility for Image, Banner, and Slide.
You can find more information about this release here: Magento 2.4.4 Release Notes.