Magento Open Source and Adobe Commerce 2.4.5 Release Notes

With Magento Open Source and Adobe Commerce 2.4.5, the platform’s usability, payment choices, GraphQL caching efficiency, and accessibility have all been enhanced. Along with updates to the Upgrade Compatibility Tool and integrated Google components, Live Search B2B functionality is also added. This release includes more than 400 quality fixes for Adobe Commerce and 290 enhancements for Open Source. Below, we highlight the core changes introduced in version 2.4.5. Check our Magento 2 Release Notes for more information.

Also, note that  Adobe Commerce 2.4.5 includes resolution of all issues addressed by the following hotfixes:

• The Braintree_disabled_partial_capture_for_applepay_googlepay.zip patch handles the inability to generate partial invoices via Apple Pay or Google Pay through Braintree as a payment method.
• The AC-2655_2.4.4.patch.zip patch manages an issue when it is impossible to add a product to the cart with the enabled Allow Countries option.

Security 

This release contains 20 security revisions introduced along with security patches. Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4, together with Adobe Commerce 2.4.3-p3 and Adobe Commerce 2.3.7-p4, include backports of this security upgrade.

However, there is no reason to worry since there haven’t been any confirmed attacks involving these issues. In spite of that, you need to fix these bugs because they might be exploited to access user data or your admin. An attacker must gain access to the Admin to leverage these issues. Therefore, according to the official recommendations, you should take all required safety measures to protect the Admin section. The best security practices usually consist of the following steps:

• IP-based permitting;
• 2-factor authentication;
• VPN;
• Unique location for admin instead of a default one;
• Secure password and strong password hygiene.

Additional security enhancements for 2.4.5 are associated with these features:

• reCAPTCHA has been introduced for the Wish List Sharing, Create New Customer Account, and Gift Card forms.
• Inventory has been enhanced with ACL resources.
• Inventory template security reached a new level.
• The MaliciousCode filter incorporates the HtmlPurifier library.

Platform

Adobe Commerce on-premises deployments introduce compatibility with Elasticsearch 7.17 (~7.17.0 with constraint). So, it is now possible to use either Elasticsearch or OpenSearch 1.2. As for cloud-hosted deployments, they don’t support ElasticSearch 7.11 or later, being bound to OpenSearch as a default search engine. However, both of them support Composer 2.2, TinyMCE 5.10.2, jQueryUI 1.13.1, and PHPStan ^1.5.7 with constraint.

Also take notice that there is no change in product behavior as a result of the DHL Integration schema update to v6.2.

It’s also important to note that, similar to Open Source, old JavaScript libraries in Adobe commerce have been updated to the most recent versions. Additionally, it indicates the removal of outdated dependencies. Be mindful that these modifications are backwards compatible.

Composer dependencies are the same for Adobe Commerce 2.4.5 and Open Source 2.4.5:

• colinmollenhour/credis (1.13.0)
• guzzlehttp/guzzle (^7.4.2)
• laminas/laminas-captcha (updated with a constraint ^2.12)
• laminas/laminas-db (^2.15.0)
• laminas/laminas-di (^3.7.0)
• laminas/laminas-escaper (~2.10.0)
• laminas/laminas-eventmanager (^3.5.0)
• laminas/laminas-feed (^2.17.0)
• laminas/laminas-mail (^2.16.0)
• laminas/laminas-mvc (^3.3.3)
• laminas/laminas-server (^2.11.1)
• laminas/laminas-servicemanager (^3.11.0)
• laminas/laminas-validator (^2.17.0)
• league/fly (2.4.3)
• monolog/monolog (^2.5)
• phpmd/phpmd (^2.12.0)
• phpstan/phpstan (^1.5.7)
• phpunit/phpunit (~9.5.20)
• php-cs-fixer (^3.4.0)
• webonyx/graphql-php (14.11.6)

Removed dependencies are similar for both systems: 2.4.5 has removed laminas/laminas-session, laminas/laminas-text, and laminas/laminas-view .

Other updates and replacements include:

• Instead of using http, the default Gateway URL for USPS shipping now uses https.
• Instead of using the Froogaloop module, Magento 2.4.5 now makes use of the Vimeo Player.js library (2.16.4).
• The most recent version of the grunt-eslint (NPM) library has been upgraded.
• The jQuery Storage libraries are no longer utilized in favor of julien-maurel/js-storage.
• The static code analysis tools php-cs-fixer and phpcs are completely compatible with PHP 8.x as of Magento Open source and Adobe Commerce 2.4.5.
• Support to 7.2.0 with a constraint has been added to the glob.js dependency update.
• Support to 1.14.2 with a constraint has been added to the serve-static.js dependency.
• Dependency on underscore.js (NPM) has been changed to version 1.14.2.
• Support to 0.5.34 with a constraint has been added to moment-timezone-with-data.js.
• The jquery/jquery-cookie library is no longer utilized; instead, js-cookie/js-cookie is used.
• The libraries jarallax.js and jaralax-video.js have been updated to make use of the most recent Vimeo REST API version.

Performance and scalability (AC-specific update)

In Adobe Commerce 2.4.5, the primary index performance of the catalog product index price tmp table has improved as a result of the table’s primary index count being decreased from three to one. This enhancement reduced the eSKU multiplication caused by shared catalogs, subsequently reducing the volume of entries produced by the price index. The time it took to index the data was greatly reduced by this change.

Accessibility 

Through simplification of the frontend’s perception, use, comprehension, and understanding, this version aims to improve the retail experience on Venia (PWA). Users of screen readers are now given access to the summary information for search results. Additionally, when a new page view loads, screen readers are now alerted. Also, the contrast and accessibility of the keyboard have increased.

Adobe Sign (AC-specific update)

Customers can now electronically sign customized documents, such as terms and conditions and purchase agreements, during an Adobe Commerce checkout.

Integration with Adobe IMS (AC-specific update)

For Adobe Commerce merchants who have an Adobe ID and want a streamlined login to Adobe Commerce and Adobe Business products, the Adobe IMS authentication workflow can be connected with Commerce authentication. After this link has been enabled for your Commerce business, each admin user must log in using their Adobe credentials as opposed to their Commerce credentials.

Branding (AC-specific update)

The Admin of Adobe Commerce has been modified to better represent Adobe’s brand strategy. The alterations have an impact on navigational elements, data grid color changes, headers, and footers.

B2B (AC-specific update)

The optimized normalized database data is used to implement the Shared Catalogs feature. Due to the reduced eSKU multiplication, performance is enhanced because fewer database entries must be kept in storage. Adobe Commerce used to duplicate each SKU in the catalog for each Shared Catalog. Now, it offers different eSKUs for people who are currently directly assigned to a Shared Catalog. The new Enabled Shared Catalog direct product price assignment settings option improves the performance of the product price indexer.

This release also includes a lot of bug fixes.

Google Analytics

With the incorporation of GTag, Google has enhanced the AdWords and Analytics monitoring and integration procedures in web apps. Now that Google capabilities have been included into web pages, more data may be tracked and managed using Google Services. The old API is used by many built-in modules in Adobe Commerce, such as Google AdWords, Analytics, Optimizer, and TagManager, to connect to Google services. This integration has been re-implemented in Magento 2.4.5 utilizing the GTag method.

GraphQL

Improvements to GraphQL’s performance are introduced in both Adobe Commerce and Magento Open Source.

When delivering or modifying attributes in production, developers and administrators observe a quicker rebuilding of the unified storefront GraphQL schema. Customers notice considerably faster page loads every time the GraphQL schema needs to be rebuilt.

In addition to that, JSON Web Tokens (JWT) in the GraphQL API can now be used to retrieve the authorization token’s expiration time and date.

Also, retailers can totally stop all GraphQL activities from creating session cookies by using the bin/magento config:set graphql/session/disable 1 command. Certain cookies that are used for authorization and have an impact on performance are created automatically by Adobe Commerce. Note that session cookies should not be used on its own or in combination with permission tokens.

Pay attention to updated GraphQL operations that only use class proxies to launch session cookies when necessary.

And sessions are no longer required for http header processors. This change impacts shop, customer, and currency in GraphQL.

Inventory

The inventory template faced security enhancements in both Adobe Commerce and Magento Open Source 2.4.5.

Live Search (AC-specific update)

Adobe Commerce 2.4.5 includes tailored pricing and support for B2B clientele. Live Search now recognizes the pricing that has been set for a specific customer group or shared catalog as well as the product allocations to customer groups.

Page Builder

Version 1.7.2 of Page Builder can now be utilized with Adobe Commerce and Magento Open Source 2.4.5. Users can modify the storefront’s column settings now that the columns are displayed. Wrapping in response to user events is now supported for column resizing.

Payments

All businesses with enabled Payment Services can use Apple Pay. Customers don’t need to provide their card information in order to use this payment option. The product description page, mini cart, shopping cart, and checkout all accept Apple Pay. Retailers have the choice to turn on this feature.

The following changes are made for PayPal in Magento 2.4.5:

• Customers in Spain and Italy have the option of using PayPal Pay Later.
• On the checkout, minicart, cart, and product pages, the admin section offers previews of the PayPal, Credit, and Pay Later buttons. When enabled and shown on the shop, these buttons will appear exactly as they do in the previews.

The following updates to Braintree may be visible to Magento 2.4.5 users:

• The integration for KOUNT fraud protection is no longer supported by Braintree. The source code is now devoid of it.
• Admins can now select the option to always require 3DS.

PWA Studio

PWA Studio version 12.5.x is compatible with Magento Open Source version 2.4.5. Now, web analytics service providers collect data on consumer behavior on the PWA Studio storefront. Retailers can now sign up for and extend these events as needed. As for merchants, they can select a service to launch from the Admin (Google Tag Manager).

Upgrade Compatibility Tool (AC-specific update)

The following improvements are included in Adobe Commerce 2.4.5 in this area:

• Method signature validation now identifies constructor or method signature mismatches.
• Validation of the database’s schema now reveals alterations and inconsistencies.
• The DI configuration validation now examines di.xml for references to removed or deprecated non-API core classes as well as preferences for core classes and interfaces.
• UCT now recognizes deprecated code and provides thorough recommendations for each issue.