Documentation Commerce Release information

Magento Open Source 2.4.3 release notes

Last update: Mon Apr 29 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Release Notes

CREATED FOR:

Experienced
Admin
Developer

Magento Open Source 2.4.3 introduces enhancements to performance and security plus significant platform improvements. Security enhancements include expansion of reCAPTCHA coverage and inclusion of built-in rate limiting. Core composer dependencies and third-party libraries have been upgraded to the latest versions that are compatible with PHP 8.x. Page Builder is now available as a bundled extension in Magento Open Source. It is now the default content editing tool for Adobe Commerce and Magento Open Source.

This release includes over 370 new fixes to core code and 33 security enhancements. It includes the resolution of almost 290 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in GraphQL.

This release includes over 370 new fixes to core code and 33 security enhancements. All known issues identified in the Magento Open Source 2.4.2 release notes have been fixed in this release.

NOTE

Adobe Commerce releases may contain backward-incompatible changes (BICs). To review backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.

See Adobe Commerce 2.4.2-p2 release notes for information about Adobe Commerce 2.4.2-p2.

Other release information

Although code for these features is bundled with quarterly releases , several of these projects (for example, Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.

Apply `AC-3022.patch` to continue offering DHL as a shipping carrier

DHL has introduced schema version 6.2 and will deprecate schema version 6.0 in the near future. Adobe Commerce 2.4.4 and earlier versions that support the DHL integration support only version 6.0. Merchants deploying these releases should apply AC-3022.patch at their earliest convenience to continue offering DHL as a shipping carrier. See the Apply a patch to continue offering DHL as shipping carrier Knowledge Base article for information about downloading and installing the patch.

Apply MC-43048__set_rate_limits__2.4.3.patch to address issue with API rate limiting

This hotfix provides a solution for the issue where Web APIs cannot process requests that contain more than 20 items in an array. This issue affects deployments running Magento Open Source 2.4.3, Adobe Commerce 2.4.3, or 2.3.7-p1. Built-in rate limiting was added to these releases to prevent denial-of-service (DoS) attacks, and the default maximum was set to 20. This patch reverts the default limit to a higher value. If you suspect that your store is experiencing a DoS attack, Adobe recommends lowering the default input limits to a lower value to restrict the number of resources that can be requested. See the Web API unable to process requests with more than 20 items in array Knowledge Base article.

Apply AC-384__Fix_Incompatible_PHP_Method__2.4.3_ce.patch to address PHP fatal error on upgrade

The following fatal error can occur during upgrade to Magento Open Source 2.4.3:

PHP Fatal error: Uncaught Error: Call to undefined function Magento\Framework\Filesystem\Directory\str_contains() in [...]/magento/vendor/magento/framework/Filesystem/Directory/DenyListPathValidator.php:74

This error results from the use of the str_contains function, which is an PHP 8.x function. The application Open Source 2.4.3 does not support PHP 8.x. This hotfix replaces this function with a supported PHP 7.x function. See the Adobe Commerce upgrade 2.4.3, 2.3.7-p1 PHP Fatal error Hotfix Knowledge Base article.

Highlights

Look for the following highlights in this release.

Substantial security enhancements

This release includes 33 security fixes and platform security improvements. Many of these security fixes have been backported to 2.4.2-p2 and 2.3.7-p1.

Thirty-three security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities

No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP allowlisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin, and good password hygiene. See Adobe Security Bulletin for a discussion of these fixed issues.

Additional security enhancements

Security improvements for this release improve compliance with the latest security best practices, including:

A new Composer plugin helps prevent dependency confusion and identifies malicious packages with the same names as internal packages on the public package repository. See the Adobe Releases New Composer Plugin with 2.4.3 Release blog post.
Rate limiting is now built in to APIs to prevent denial-of-service (DoS) attacks. Web APIs now impose restrictions on the size or number of resources (the default maximum is set to 20 and can be configured to a different value based on business need) that can be requested by a client. See Rate limiting for information about configuring these restrictions.
ReCAPTCHA coverage has been extended to include:
- Web APIs that have corresponding HTML pages are covered through ReCAPTCHA. (This excludes web APIs that are accessed by integrations.) ReCAPTCHA coverage protects endpoints from spam attacks. When web APIs are accessed by a third-party integration service that uses OAuth, ReCAPTCHA is disabled.
- The Place Order storefront page and payment-related web APIs. ReCAPTCHA protection for these pages is disabled by default and can be enabled from the Admin. This coverage adds an anti-brute force mechanism to protect stores from carding attacks.

NOTE

Starting with the 2.3.2 release, we will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This allows users to more easily identify unaddressed vulnerabilities in their deployment. You can learn more about CVE identifiers at CVE.

Infrastructure improvements

This release contains enhancements that improve the quality of the framework and the following functional areas:

Customer Account
Catalog
CMS
OMS
Import/Export
Promotions and Targeting
Cart and Checkout
B2B
Staging and Preview

PayPal Pay Later is now supported in deployments that include PayPal. This feature allows shoppers to pay for an order in bi-weekly installments instead of paying the full amount at time of purchase.

New use_application_lock indexing mode. The use_application_lock mode lets you enable re-indexing through either the use of environment variables or by configuring the app/etc/env.php file. You no longer need to manually reset the indexer after failure with this mode enabled. See Using application lock mode for reindex processes.

Platform enhancements

Version 2.4.3 is not yet compatible with PHP 8.x, but the following platform upgrades bring us closer to future compatibility with PHP 8.x.

Core Composer dependencies and third-party libraries have been upgraded to the latest versions that are compatible with PHP 8.x.
The KnockoutJS library has been upgraded to v3.5.1 (the latest version).
The deprecated TinyMCE v3 library has been removed. The Magento_Tinymce3Banner module and MFTF tests related to TinyMCE v3.x have been removed from Adobe Commerce.
Magento Open Source 2.4.3 has been tested and confirmed to be compatible with Redis 6.0.12. (version 2.4.x remains compatible with Redis 5.x.)
Laminas library dependencies have been upgraded to PHP 8.x-compatible versions. Some redundant dependencies have been removed from the composer.json file. Magento Open Source 2.4.3 uses Laminas 3.4.0.

Performance enhancements

This release includes enhancements that decrease indexation time for Product Price and Catalog Rule indexers. Merchants can now exclude a website from a customer group or shared catalog, which reduces the number of records for indexing and improves indexing times.

Adobe Stock Integration

This release includes Adobe Stock Integration v2.1.1.

GraphQL

This release adds GraphQL coverage for shared routes. The route query and RoutableInterface support routing requests on product, category, and CMS pages. The urlResolver query has been deprecated, and its functionality has been superseded by the route query.

See the GraphQL Developer Guide for details on these enhancements.

Page Builder

Page Builder is now available as a bundled extension in Magento Open Source. It is now the default content editing tool for Adobe Commerce 2.4.3 and Magento Open Source 2.4.3. It can replace the WYSIWG editor with any third-party module.

Page Builder replaces the TinyMCE editor in the following Admin areas:

CMS Page
CMS Block
Category Description
Product Description

All the content created in TinyMCE has been migrated into Page Builder as HTML.

PWA Studio

For information about enhancements and bug fixes, see PWA Studio releases. See compatibility for a list of PWA Studio versions and their compatible versions.

Upgrade Compatibility Tool

The scope of the Upgrade Compatibility Tool has been expanded based on feedback from the community. Join our #upgrade-compatibility-tool Slack channel to get support from the Adobe product team and the community, as well as to help guide the future direction of the tool.

Vendor Developed Extensions

See the following articles for updates on features and changes for this release:

Fixed issues

We have fixed hundreds of issues in the 2.4.3 core code.

Installation, upgrade, deployment

The bin/magento setup:db:status command now returns a message indicating that everything is up-to-date after a successful upgrade. Previously, the application displayed this error: Declarative Schema is not up to date.

Configuration values are now preserved on form reload when the creation of a new configurable product fails. Previously, values were lost during form reload, and the application displayed this error: The value specified in the URL Key field would generate a URL that already exists. GitHub-32102

The application no longer throws an exception when you run bin/magento setup:upgrade to upgrade from a Magento Open Source deployment with Redis to Adobe Commerce.

Deployments running on Galera Cluster now support more customers. GitHub-31038

Administrators can now successfully log in to a deployment when the application has been installed with either the —use-rewrites=0 option or with web/seo/use_rewrites set to 0 in core_config_data_table. GitHub-32100

Updated sortOrder load for AsyncCssPlugin. The application now loads AsyncCssPlugin before JsFooterPlugin. GitHub-30882

Magento\Config\Model\Config\PathValidator now checks display path to determine if an element exists, and if it has a config path, uses the config.xml path instead for validation. GitHub-27678

Compiling Less files with Grunt or by server-side compilation now yields the same results. Previously. .abs- styles, which extends other .abs- styles in _extends.less, were not output properly when compiled with Grunt. This resulted in differences between production and development deployments. GitHub-7231

Adobe Stock Integration

The application now displays an informative message and a link to the Admin Stores > Configuration > Advanced > System page on the Search for Adobe Stock page when API Key (Client ID) and Client Secret are not set. Previously, the application displayed this error: We couldn't find any records and no link.

Backend

Administrators with restricted access (for example, who are assigned access to one website only) can no longer edit categories set to Global scope.

The generated System report (System > Support > System Report) is now rendered correctly. Previously, report content was misaligned.

The application now turns off validation on the Price field as expected when the Dynamic price setting is enabled during bundle product creation. Previously, the application threw a validation error when you removed a value from the Price field when the Dynamic price setting was enabled. GitHub-26214

Infinite redirects no longer occur when the Admin URL differs from the default website URL in deployments where the application is configured to be accessible from two URLs.

Bundle products

You can now use the addProductsToCart mutation to add a bundle product with more than one checkbox option to a cart.

Price indexing of bundle products is now executed using temporary tables, which avoids locking database tables. Previously, the applicationused physical tables, which resulted in locked tables.

A bundle item’s price can now be set to 0.00. Previously, when you returned to the edit page after setting the price to 0.00, the price returned to its default value. GitHub-32383

Order details for orders that contain bundle products now show the correct price for the bundle products if the price were changed before the order was placed.

Bundle product stock status is now updated based on the stock status of its child products. Previously, bundle products were shown as out-of-stock when one option was removed from the product, and the bundle product had two options with the same SKU.

An administrator can now change the value for a bundle product’s Shipment Type attribute after it has been moved to a different attribute group. Previously, this attribute was always saved with a Together value if it were moved to an attribute group other than the default group in the attribute set.

The GraphQL setGuestEmailOnCart mutation now correctly updates guest email. Previously, the quote and quote address tables were not updated.

Adding, removing, or updating a child product to a bundle product through REST API calls now triggers re-indexing as expected. Previously, these actions did not trigger re-indexing, and as a result, the bundle product did not change its stock status until manual re-indexing was performed.

The application now displays the correct price range for bundle products with tier prices. GitHub-30284

The application now displays the same total price as expected on the shopping cart page and in the shipping step of the checkout workflow after the price of a bundle option has changed.

You can now successfully configure a bundle product by accessing it from a customer shopping cart. Previously, the Configure Product page never completely loaded, and you could not save your settings.

Merchants can now assign a unique price for a bundle product on each store view of a multistore deployment. Website-specific prices are saved in the catalog_product_bundle_selection_price table. Previously, the application did not base a bundle product’s price on website scope even when Stores > Configuration > Catalog > Catalog > Price > Catalog Price Scope was set to Website. No website-specific prices were saved in catalog_product_bundle_selection_price. GitHub-12584

Invoices for bundle products now display the correct quantity for the associated simple products when Dynamic Pricing is disabled. Previously, simple products associated with the bundle product had the quantity of the parent product, not the bundle product). GitHub-30802

The updateProductsInWishlist mutation now successfully updates items that belong to a bundle product in a wishlist. Previously, instead of updating the wishlist item, this mutation deleted the item and created a new one, which changed the item ID.

Cache

The varnish6.vcl file has been updated to bypass caching of the customer page.

CAPTCHA

CAPTCHA now correctly validates data provided by a shopper, and CAPTCHA fields are now displayed as expected after a shopper’s multiple unsuccessful attempts to check out with PayPal Payflow Pro.

CAPTCHA validation no longer fails randomly on the payment page of the checkout workflow.

The application now displays CAPTCHA fields as expected after you exceed the number of failed completion attempts. Previously, although the application prompted you to attempt the CAPTCHA challenge again, it did not display the CAPTCHA fields.

CAPTCHA now works as expected on the checkout page. Previously, after a shopper correctly answered a CAPTCHA challenge, the loader on the checkout page never completed, and the application displayed this error: captchaData[formId] is undefined. (This error occurred only when the shopper used the same browser from which they had previously accessed a deployment running 2.3.5-p1.)

_.isEmpty() checks in the defaultCaptcha.js file now complete successfully. Previously, these checks did not complete, and as result, the checkout page failed to load after upgrade. GitHub-31641

Cart and checkout

The application now takes into account locale-specific decimal locators when converting and updating product quantity in the cart.

The application now displays the Terms and Conditions validation message in the relevant block only when a shopper clicks the Place Order button. Previously, the application displayed this message in the Apply Discount Code block whenever a shopper changed payment method in the checkout workflow: The order wasn't placed. First, agree to the terms and conditions, then try placing your order again.

The application now discards changes to the billing address form on the checkout payment step if the shopper fails to click the Update button and returned to the shipping step.

Products with a customizable option (File) now include active links as expected throughout the multi-shipping checkout process. Previously, this link was missing. GitHub-31095

The Admin shopping cart now displays product prices in correct currencies for stores that support multiple currencies. Previously, prices were converted to the specified currency more than once — first, when products were added to the cart from the storefront, and then again when the order was subsequently rendered on the Admin.

Shoppers can now add a product to their cart whose Minimum Advertised Price (MAP) exceeds its regular product price.

Shoppers can now successfully change their billing address from the checkout workflow when checking out with multiple addresses.

All paid payment transactions created by guests are now saved to the database and visible in the Admin as expected. Previously, only a small subset of concurrent orders were saved in the database, and most orders were lost due to timeouts that resulted from database locks. GitHub-25862

The application now correctly displays inline welcome messages that contain special characters when a guest places a product in the mini cart. Previously, the application did not add the product to the mini cart or display the welcome message. GitHub-32250

The shipping page of the checkout workflow now successfully loads when in-store delivery is enabled. Previously, the application threw a JavaScript error and the shipping checkout page did not completely render.

Added the itemResolvers argument to the catalog di.xml file. As a result, checkout is no longer broken if configurable and grouped product modules are disabled. GitHub-30860

The application now displays the radio buttons in the Payment & Shipping Information section as expected during the Admin re-order workflow. GitHub-30257

The application now correctly applies cart price rules with a cart-level fixed discount when the cart contains a bundle product with multiple options. Previously, the cart price rule was not completely applied to the order. GitHub-30952

The Add to cart button on the category list view now works as expected. GitHub-32232

You can now use POST /V1/carts/mine/items to add a custom quantity of grouped products to a cart. GitHub-26909

The application no longer populates the billing address area of the checkout workflow with the shipping address. Previously, when the State/Province field for the billing address was empty, and shipping and billing addresses differed, the application populated the billing address State/Province field with information from the shipping address. GitHub-31608

Catalog

Mass update of Enable Qty Increments and Qty Increments attributes now works as expected. GitHub-29544

The application no longer throws a JavaScript error after you enable recent products synchronization with the Admin. Previously, the application displayed this JavaScript error: Cannot read property 'status' of undefined.

Custom theme layout updates are now applied as expected. Previously, custom theme layout updates were ignored.

The product category cache is now cleared as expected by cron during indexer_update_all_views execution. Previously, product counts on the Category page after re-indexing were incorrect.

Attribute values now remain unchanged when an attribute is not specified in a product update REST API request for a store view. Previously, if an attribute were not specified, the application reset the attribute value to its default scope value.

The Admin products grid (Admin Catalog > Products) now displays the correct product count when products are filtered by SKU.

The application now displays accurate stock status when a product is added to a CMS page when Category Permissions are enabled and prevents the display of price for the specified customer’s group. Previously, all products were shown as out-of-stock regardless of the real stock status.

The Advanced Pricing Customer Group Price block price input field now has a minimum width of five digits. Previously, only two symbols were visible in this field on low resolution displays.

The application now successfully deletes a product media image after deleting a product. Previously, the product media image remained in the folder after successful deletion of the product.

Page layout now updates as expected when you create or edit a product in the Admin and then create a Schedule Design Update. GitHub-32007

A custom product attribute with a value of zero can now be successfully saved as blank. Previously, the application did not update this value to blank.

Custom category layout update files now apply to products as expected. Previously, the update file handle (catalog_category_view_*) did not match the product handle. GitHub-27285

Sorting has been disabled for the Fixed Product Tax (FPT) column of the Admin products list. Previously, the Products page could not be reloaded after the FPT column had been sorted.

The Page Builder products widget preview now works as expected in a multi-website deployment when matching products have a different price on each website.

Sorting by position on product search using GET /rest/V1/products/?searchCriteria[filterGroups] now works as expected. Previously, product collection did not have a field position value for sorting. GitHub-31591

Admin users can now see double spaces in the Name and SKU fields in the product grid. Previously, the applicationcollapsed multiple spaces into a single space.

Products are now displayed as out-of-stock on the storefront when salable quantity on the Admin is 0. Previously, these products were listed as in stock on the storefront, and the application displayed an active Add to cart button. GitHub-31117

Administrators can now add products with customizable options (File) to the Items Ordered grid from the Shopping Cart section (Customer’s Activities column) of the Admin Customer page. Previously, the application did not add the item to the list because the value was not formatted correctly before being inserted into \Magento\Catalog\Model\Product\Type\AbstractType::_prepareOptions.

The application no longer prompts shoppers to select a product option for a bundled product that has one option only.

The application now displays all subcategories in layout updates (anchor and non-anchor categories) during creation of a new widget.

The product query no longer overwrites default values for all store views in a multi-store deployment when a product name is updated for one store view only. GitHub-31083

Magento Open Source updates the total page count as expected when you change the per page value of the Admin Related Products, Up-Sells, and Cross-Sells list. GitHub-31059

Administrators can now add products with two or more customizable options (File) to an order by SKU.

The application no longer throws an error when an administrator with restricted permissions adds a Product widget to a CMS page in the Admin. Previously, the application threw this error when the administrator clicked the Save button: We are sorry, an error has occurred while generating the content.

Product detail pages now open with the date customizable option populated with the date from the previous order when Use JavaScript Calendar is enabled. The custom date option value resolver now falls back to an alternative format if the value is not formatted based on the current configuration. Previously, the custom date option value was empty.

The application now displays only one error in the cart when the product is out-of-stock. Previously, the application displayed redundant messages. GitHub-27469

You can now set the required_options and has_options bundle attributes as expected while creating or updating a bundle product using the POST /V1/product/:sku endpoint. Previously, these custom attributes were set to 0 (zero) despite efforts to set it to 1 (one).

Administrators can now add a product with a customizable option (File) to an order by SKU. GitHub-30285

You can now save a product and price without specifying type_id. GitHub-13639

Group products are now available on the storefront as expected when a REST PUT /V1/products/:sku/links request is used to associate a new child product with a new group product. Previously, products were not correctly indexed after running bin/magento cron:run.

You can no longer create a product with a NULL SKU value. Previously, you could create a product without a SKU value through a custom importer or directly in the database, but when you tried to edit it from the Admin, the application threw an error. GitHub-27411, GitHub-32525

Adding required custom options to a simple product no longer removes it from parent composite products without warning. The application now displays an informative warning and does not save the product. Previously, the applicationsaved the product changes and did not display a warning. GitHub-30492

Catalog rule

The products query now returns the current values when a catalog price rule applies to an item. GitHub-26738

Temporary tables that begin with catalogrule_product__temp are now deleted as expected when re-indexing fails after a cart or catalog rule expires, is disabled, or becomes inactive. GitHub-22273

Time zones are now applied in the same way in \Magento\CatalogRule\Model\Indexer\IndexBuilder::reindexById and \Magento\CatalogRule\Model\Indexer\IndexBuilder::reindexByIds. GitHub-29549

CMS content

Large images are now resized as expected during upload when the Enable Frontend Resize configuration setting is enabled.

Fixed the error handling for the CMS Page save controller. Previously, when an Error object was thrown on the cms_page_prepare_save event, the application passed this object to the addExceptionMessage function, breaking its contract because this function expects an Exception. This was resolved by adding an error message using the addErrorMessage function. GitHub-30149

Configurable products

The application no longer duplicates product thumbnails in a product’s image gallery when you click on a product’s configurable options.

The configuration pop-up that the application displays when you are editing a configurable product from a wish list now closes as expected when you click the OK button.

The application now correctly generates invoices for orders that contain only one configurable product. GitHub-31143

Shoppers can now add configurable products to their cart from a non-default store view. Previously, when the shopper on a non-default store view tried to add a configurable product, the application displayed this error: Could not add item to cart. Please check required options and try again. GitHub-31660

Content security Policy CSP)

Content Security Policy now supports the loading of base64-encoded images and fonts through data: scheme.

cron

Cron clean up queries have been refactored to reduce or eliminate the following performance issues: cron jobs remaining stuck in a pending state, increasingly slow MySQL queries, and an increase in CPU usage. GitHub-26507

cronjobs that have been in status running for more than 24 hours are now automatically changed to status error. As a result, a new instance of that job can run again and you do not need to manually change job status when a job incorrectly remains set to status running. Previously, if a cronjob were stuck in status running, the application prevented new instances of the same job from starting, and you had to manually change job status. GitHub-8933

cron jobs now complete as expected and no longer throw this serialization error: [Magento\Framework\DB\Adapter\DeadlockException]SQLSTATE[40001]: Serialization failure: 1213 Deadlock found when trying to get lock; try restarting transaction, query was: DELETE FROM cron_schedule WHERE (status = 'missed') AND (job_code in ('indexer_reindex_all_invalid', 'indexer_update_all_views', 'indexer_clean_all_changelogs')) AND (created_at < '2018-09-28 18:32:28'). GitHub-18409

indexer_update_all_views cron jobs now run as expected after a previous failure. The failed run is marked as a failure in the cron_schedule schedule, and the subsequent run does not automatically fail. Previously, the cron_schedule table filled with pending jobs, and indexer_update_all_views cron job did not run. GitHub-23054

cron deadlocks no longer occur as a result of cron trying to set a lock in large deployments where groups overlapped. GitHub-8933

cron deadlocks no longer occur on the cron_schedule table after only a few cron jobs have run. GitHub-22438

Custom customer attributes

The State field on the storefront Customer Account address book is now loaded as and remains a drop-down page element. The Submit button is now disabled until all page elements have been completely loaded. Previously, the applicationloaded this field as a textbox before rendering it as a drop-down element, and shoppers could enter and save values in the text field, which later caused an error during checkout.

The application no longer throws an error when you save a customer address attribute with a file attachment in the Admin Customer address field when uploading files. This occurred due to a missing return statement in the controller action. Previously, the application threw this error: Something went wrong while saving the file.

REST GET Cart API calls now return correct custom attribute values for billing and shipping addresses. Previously, custom address attributes were displayed incorrectly in the order details page in the My account storefront page and in the Admin.

The application now successfully handles files that contains customer address attributes with input type file (attachment). Previously, the application threw this error during upload of the attached file: Something went wrong while saving the file.

Customer

Filtering by account creation date now produces results that comply with configured timezone settings and that capture all relevant created accounts.

The customer grid filter now uses a correct website option for a restricted user if the data was previously cached. Previously, the customer grid filter retrieved website parameters from cache and included incorrect data for restricted users.

The application no longer throws an exception on the Admin Customers page when one website is deleted in a multi-website deployment. Previously, when an administrator tried to access the comprehensive customers list, the application did not display all customers and displayed this error: The website with id 2 that was requested wasn't found. Verify the website and try again.

Administrators with permission can now re-assign customers to different websites from the customer’s Account Information tab.

You can now upload a file successfully when creating a customer address attribute with an input type of (File). Previously, when you tried to upload and save a file, the application threw this error: Something went wrong while saving the file.

Downloadable

The application now displays links to downloadable products in the New Order email when the order contains both a downloadable product and a configurable product with a downloadable option. Previously, the application displayed the link to the stand-alone downloadable product but not the link to the configurable product with a downloadable option.

EAV

Customer address attribute date values are now saved in four-digit format instead of two-digit format.

Email

The password reset link on the Admin reset password page now works as expected. Previously, when a custom template was used for the reset admin password page, the application displayed this message when an administrator clicked the link inside the email: Your password reset link has expired. This occurred because the custom email template contained the wrong variable for the user ID.

Sending customer email from the Admin now works properly when enabled at the store-view level. Previously, the application did not send customer emails when email notification settings were enabled at the store-view level but not the global level.

The application now sends email as expected in multi-site deployments where not all websites have enabled asynchronous email sending. Previously, if at least one website had this setting disabled, email was not sent from any website, even when enabled. Invoice, Shipment, and Credit Memo emails had similar issues. However, Order Comments, Invoice Comments, Shipment Comments, and Credit Memo Comments emails were sent successfully. GitHub-31950

Invoices and invoice PDFs now include the same prices for bundle products as expected. Previously, invoice PDFs included the incorrect price for bundle products. GitHub-12856

String casting has been added to the email template filter method to ensure the return value is a string. Previously, when an exception was caught while not in developer mode, the application returned a phrase object. This in turn triggered a fatal Uncaught TypeError. GitHub-32671

Order confirmation emails are now sent as expected when asynchronous sending is enabled (Stores > Configuration > Sales > Sales Emails > General Settings > Asynchronous sending) on one website in a multi-site deployment. GitHub-31950

The application now logs an error as expected when an exception occurs as a customer attempts to send an email from the Contact Us form. GitHub-23645

Frameworks

Parent classes in the Admin are now checked for docblock annotation along with the original class and inherited interfaces. Previously, because parent classes were not checked, performing any customer-related actions in the Admin that triggered an event resulted in an error. The application logged this error in the exception log: report.CRITICAL: Method's return type must be specified using @return annotation..

The application no longer throws a fatal error when the Redis server is stopped in a deployment in which Redis page caching is enabled.

The application now honors the Exclude media folder from backup setting when backup is enabled with bin/magento config:set system/backup/functionality_enabled 1. Previously, the Media Folder was backed up despite this setting because the path to /magento was formed incorrectly with a double //.

The application now translates all translatable strings as expected for the Admin cart page. Previously, translation load happened too late and skipped all observers that were subscribed to controller action pre-dispatch. GitHub-31849

Form validation on the Create New Customer Account page now works successfully when the Login as Customer enable extension setting is disabled. Previously, the application threw a JavaScript error.

Exception handling for child processes forked by ProcessManager has been improved. When an exception occurs now, the main process exits and an error message is displayed only once. Previously, multiple indexer failures were logged and multiple messages were displayed. GitHub-30622

Global Magento Open Source plugins (for example, webapi_rest and graphql ) are no longer triggered for a new custom area type when the di.xml of this area file contains no registered plugins.

Exceptions that occur during initialization are no longer cached and now trigger a 500 response code.

The last handler merged into a communication.xml file no longer overrides all previously created handlers. GitHub-29528

General fixes

The application now displays the correct number of stars on the My Product Reviews page and on the MyAccount page recent reviews. Previously, the application applied review stars to only the first review and left the other reviews on the page unstarred.

Account links in headers now follow WCAG standards. Previously, account links in headers contained duplicated IDs, which caused WCAG validation to fail.

The application no longer throws system log-generated errors when a guest shopper uses an invalid address. Previously, the applicationintermittently displayed this error instead of rendering the page: No such entity with addressId. GitHub-15115

The image resizing process no longer halts for images in unsupported format. Previously, when catalog:images:resize encountered an unsupported image format, the process stopped and the application displayed this error: bin/magento catalog:images:resize Unsupported image format.

WEBP and AVIF support for logo images has been added to the Admin. GitHub-32495

You can no longer change the scope of the media_gallery attribute. Previously, when you changed the scope of the media_gallery attribute back to global, the application threw an error.

Related products that were added as a scheduled update are no longer displayed on a storefront product page after the end date of the update. GitHub-469

Filtering now works as expected on the list of scheduled exports when entity type is selected. Previously, the filter did not work, and the application threw a JavaScript error. GitHub-361

Category images are now copied as expected from the catalog/tmp/category directory to the catalog/category directory when categories are saved using the database storage method. The image row in the media_storage_file_storage table now also has the correct directory_id. GitHub-11995

Merchants are now notified about invalidated caches as expected after submitting changes to the CMS hierarchy. Previously, the application did not invalidate caches while saving CMS hierarchy.

Redundant AJAX requests to the cart section of the shopping cart have been reduced. Previously, the application did not properly load the cart subtotal, which triggered cart reload again.

Added validation for URLs to prevent reserved words from inclusion in URL keys. See Defining Well-Known Uniform Resource Identifiers (URIs)

On deployments running PHP 7.4, The application now returns a 404 error when the Generate “category/product” URL Rewrites setting is set to No, and a shopper tries to access a non-existent category path. Previously, the applicationreturned a 500 error stating: Trying to access array offset on value of type bool. GitHub-31984

nowdoc has replaced heredoc in the Magento_Backend store switcher. GitHub-32262

Added Argentina, Bolivia, Chile, Ecuador, Guyana, Paraguay, Peru, Suriname, and Venezuela regions to the directory_country_region table. GitHub-31169

Added Albania, Denmark, Greece, Iceland, Portugal, and Sweden regions to the directory_country_region table. GitHub-31040

Messages are now flagged as errors in the MysqlMQ message queue when exceptions occur. GitHub-18140

The application now references the correct class object when loading tax info for the Admin credit memo and invoice pages. GitHub-31197

Royal Mail Click & Drop integration now works as expected. Previously, the application threw this error when you tried to activate his integration: Sorry! Something went wrong. Please try again later. GitHub-28996

The application now displays an informative error message when an incorrect shipment, credit memo, or invoice ID is passed in a URL. Previously, the application threw a fatal error. GitHub-30424

Recursion in the location of static files has been removed. The application now displays a 404 page instead of a 500 error. Previously, a bug in the default NGINX configuration lead to infinite recursion. GitHub-31530

The name of the cms_index_noroute.xml file has been corrected to cms_noroute_index.xml. GitHub-31300

The .editorconfig file has been refactored to correct the automatic formatting of db_schema_whitelist.json files. GitHub-31171

Resizing a browser window no longer triggers duplicate binding magnifier events. GitHub-30788

The application no longer throws an SQL exception when filtering Magento\Users\Model\ResourceModel\Users\Collection by user_id. GitHub-31216

Gift cards

Price range validation logic has been added to the gift card creation page. Previously, an administrator could create a card with a minimum value that exceeded the maximum value. GitHub-493

The addRequisitionListItemsToCart query now returns the amount of a custom gift card as expected when the request does not contain a value for allow_open_amount.

Gift message

Administrators are now directly redirected into the requested Admin page after login. Previously, when an administrator logged in, they were redirected to the Admin dashboard (or whichever page was configured as the startup page) and had to manually navigate to their destination. GitHub-31042

Google Tag Manager

The UI component for the billing address on the payment page of the checkout workflow now uses quote address correctly when Google Tag Manager is enabled. Previously, a JavaScript error occurred on the payment page.

GraphQL

The GraphQL products query now returns attribute options that are sorted in the same sort order as used on the attribute edit page.

The response to the { category(id: 2){ children { name children { name } } } } GraphQL request now includes a correctly sorted category tree.

The CartItemPrices object now contains the new GraphQL field fixed_product_taxes, which returns an array of the fixed product taxes that are applied to a cart item. Previously, fixed product taxes that were applied to a cart item were not included in the cart query.

Empty requests to GraphQL now throw response code 200 instead of 500. Previously, the GraphQL parser threw an exception before the query result was generated.

The applyRewardPointsToCart mutation now updates a cart’s grand total to accurately reflect the value of the reward points deducted. GitHub-486

Disabled products are no longer included in the GraphQL response when GraphQL is used to link upsell products.

Merchants can now use the GraphQL setShippingAddressesOnCart method to set billing and shipping addresses for a shopper’s cart when guest checkout is disabled.

The categoryList query no longer throws an exception when it contains multiple fragments on the CategoryTree object. GitHub-31086

The GraphQL product query now returns the correct customer group prices.

The GraphQL products query response now sorts aggregations according to product attribute position.

The application no longer throws type errors during GraphQL queries when product and category URL suffixes contain null values. GitHub-30909

The CustomizableDateValue object now contains the type attribute. Its value is an enumeration that can be set to DATE, DATE_TIME, or TIME.

The dynamicBlocks query returns the contents of dynamic blocks that match the specified filters.

The POST V1/products/special-price-delete request now deletes only the price with a specified store_id as expected. Previously, the call removed all special prices for the specified SKU from all stores. GitHub-25907

Fixed an error with the country_code attribute in the createGiftRegistry mutation.

Fixed problems with the giftRegistryUid attribute of the updateGiftRegistryItems mutation.

Added an additional check to prevent the updateGiftRegistryRegistrants mutation from being used to add random people as a registrants to a gift registry.

The addConfigurableProductsToCart mutation now returns the correct thumbnail of the specified product. Previously, it returned the thumbnail of the parent product.

The products query no longer exposes a product’s special price when the special price period is set for a future date. GitHub-30210, GitHub-29631

The customer query response now includes the total_giftcard attribute as part of the OrderTotal object.

Corrected a problem that caused the products query to return erroneous info about price tiers on items that do not have tier pricing set. GitHub-32279

Image

You can now set the required_options and has_options bundle attributes as expected while creating or updating a bundle product using the POST /V1/product/:sku endpoint. Previously, these custom attributes were set to 0 (zero) despite efforts to set it to 1 (one).

Import/export

The Category IDs filter for product entities in the Export page Entity Attributes grid now works as expected.

Grouped product stock status now updates as expected to out-of-stock when all child products are out-of-stock. GitHub-32647

Configurable product stock status is now automatically updated as expected when child product stock status is updated by import. Previously, product stock status was not automatically updated when child products stock status was updated by import.

You can now save empty values in a scheduled export. Previously, the applicationupdated empty filter values after export creation or save. Both no and not specified values were represented by zero in the database, and a value of not selected was overridden with no.

The export process now takes into account user role scope when exporting product, stock sources, and customer entities. Previously, the export process ignored user role scope, which permitted the export of private user role export entities.

The application now sets the product tax class to None if a product is imported with tax_class_name values None or 0. Previously, if product tax_class_name was None in the CSV file, the application created a new tax class None, which duplicated the existing tax class. If product tax_class_name were 0 in the CSV file, the application ignored that value, and product tax class did not change after import.

Administrators can now successfully change the name of a bundle product’s bundle_values from the Admin. Previously, the application displayed the product as out-of-stock on the storefront after you changed the name from the Admin. Products were also merged with the same SKU into a single bundle-option section.

The application now takes into account user scope when exporting customer data. Previously, when you tried to export customers, the application exported customer data from all websites.

The application now removes product relationships between up sell, cross sell, and related products during CSV file import as expected when __EMPTY__VALUE__ is specified in the CSV file.

Exporting custom address data for many customers (Admin System > Export) no longer routinely results in a memory error. Previously, when exporting custom address data, the application tried to load all customer data, which resulted in memory depletion, and the application threw a failure-to-allocate-memory error.

Duplicate tier prices are no longer imported during the default CSV import process. Previously, validation was missing to prevent the import of duplicate tier prices, and when duplicate tier prices occurred, merchants could not save products. Merchants also saw this error when they tried to schedule a product change: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry….

All product images are now validated during import. Previously, the applicationvalidated only the first image when a product had multiple images. GitHub-28236

You can now delete a region from a customer address as expected during import. Previously, the assigned region did not change when a customer address was imported with an empty region.

Products with JSON or HTML content as additional product attributes are now exported correctly to a CSV file. Previously, the CSV file contained overlapped data strings in incorrect fields.

Index

Process Manager now exits with an error when a child process fails. Previously, Process Manager always exited successfully if the number of functions passed to it (for example, indexer dimensions) was lower than the value of the MAGE_INDEXER_THREADS_COUNT environment variable. GitHub-30964

Products are now available as expected in storefront search results when linking products using a REST PUT /V1/products/:sku/links request when indexer mode is set to Update on Save.

The catalog price rule indexer now works as expected when the indexer mode is set to Update on Save. GitHub-370

Deleting a disabled category that does not include a product now has no effect on catalog search and category flat index tables. Previously, deleting an inactive category triggered a full re-index. GitHub-23297

Custom indexers can now use different entity column names for subscriptions. Previously, the database trigger used the column name from the indexer last set to Update by Schedule rather than the designated indexer. GitHub-21853

The application no longer sends AJAX requests to reload customer data sections (Magento_Customer/js/section-config) that are unaffected by the request. GitHub-31948

The following indexers are no longer invalidated after you add, remove, or reorder products in a category: catalog_category_product and catalogsearch_fulltext (and their dependents). Previously, these inadvertent removals triggered full re-indexing of sites. A full re-index is now prevented under these conditions when flat catalog is not enabled.

Infrastructure

The dependency pelago/emogrifier has been updated from version 3.1.0 to 5.0.0. This update resulted in the introduction of backwards-incompatible changes to the Magento\Email\Model\Template\Filter class. The changed code is executed during email templates rendering. See BIC reference.

Corrected an issue with \Magento\CatalogInventory\Model\Indexer\Stock\CacheCleaner::getCategoryIdsByProductIds that prevented saving a new product.

The deprecated TinyMCE v3 library has been removed. The Magento_Tinymce3Banner module and MFTF tests related to TinyMCE v3.x have been removed from Adobe Commerce.

The application no longer throws an Invalid header value detected error on the Contact us form when a shopper enters an email address that contains French diacritic marks (such as “é”, “è”). The application now converts UTF-8 letters in the user name to ASCII encoding. Previously, UTF-8 letters were not converted to ASCII encoding in the unique section of the email address.

The application no longer throws a PHP fatal error when a plugin is added to a parent class. GitHub-31291

Updated the README.md files for these modules: Magento_Msrp, Magento_MsrpConfigurableProduct, Magento_MsrpGroupedProduct, Magento_Multishipping, Magento_MysqlMq. GitHub-32577

phpcpd has been updated to v6.0.3 for PHP 8 compatibility.

ramsey/uuid has been updated for compatibility with PHP 8.0. GitHub-31777, GitHub-826

colinmollenhour/php-redis-session-abstract has been updated to v1.4.4 for PHP 8 compatibility. GitHub-32709

Corrected an invalid combination of tabs and spaces in the phpstan.neon file. GitHub-31239

Removed use of obsolete property $_isScopePrivate throughout the code base. GitHub-30506

Page layouts are no longer hard-coded in Magento\Widget\Block\Adminhtml\Widget\Instance\Edit\Chooser\Container. As a result, the getPageLayouts() function now returns the actual list of page layouts declared by the different modules as expected. Previously, it returned only hard-coded layouts. GitHub-31168

The composer.lock file has been updated to the latest version of the Coding Standard. GitHub-31152

Added a missing dependency on the web-token/jwt-framework package to the magento/module-jwt-framework-adapter. GitHub-32578

Passive listeners have been added to the fotorama.js library to improve lighthouse metrics score. GitHub-31140

The README.md file for the Google Analytics module has been updated. GitHub-32616

Process Manager now handles exceptions properly in forked processes. The main process now exits, and The application now displays an error message only once. Also, the exceptions from the forked processes are now handled when they are thrown in the main process. Previously, the application logged multiple indexer failures and displayed multiple error messages. GitHub-30622

The application no longer throws an error when a plugin is added to a parent class. (The optionsProvider parameter is now declared after getContentIdentities in Assest.php.) Previously, the application threw this error: Error: Cannot instantiate interface Magento\Framework\Data\OptionSourceInterface. GitHub-31291

Executing Magento\Framework\Filesystem\Io\Ftp::ls() on an empty folder now returns an empty array as expected. Previously, the application threw this exception: Invalid argument supplied for foreach() in vendor/magento/framework/Filesystem/Io/Ftp.php…. GitHub-31288

The update method for both Role and Rules has been marked as deprecated in app/code/Magento/Authorization/Model/Role.php. GitHub-30756

Concatenation for SameSite cookie parameters has been corrected. Previously, incorrect concatenation appended the lex suffix to value, domain, and other parameters. GitHub-26377, GitHub-32440

allure-framework/allure-phpunit has been upgraded to v1.3.1 throughout the code base. Previously, the application displayed this error: Warning: Use of undefined constant GLOB_BRACE - assumed 'GLOB_BRACE' (this will throw an Error in a future version of PHP) in /var/www/html/src/vendor/allure-framework/allure-phpunit/src/Yandex/Allure/Adapter/AllureAdapter.php:74. GitHub-24635

The application now displays more informative errors when errors occur running bin/magento commands in production mode. Previously, either the application displayed no error messages or displayed messages that lacked information. GitHub-32786

The ArrayIterator PHP object has been updated to work as expected with PHP 7.4. GitHub-32088

The application no longer throws an error when a customer tries to complete an order when no shipping carriers are available. Instead, it displays the checkout page and this message: Sorry, no quotes are available for this order at this time. Previously, the application displayed a blank checkout page and recorded this message in the exception log: array_keys() expects parameter 1 to be array, null given. GitHub-30830

The application no longer logs each cookie as a separate context. The $_COOKIE array has also been converted to a string. Previously, because each cookie was logged as a separate context, when the number of cookies exceeded 50, the application logged this message: Unable to send the cookie. Maximum number of cookies would be exceeded. GitHub-31334

Invoice

When creating new invoices in the Admin, the Email Copy of checkbox now works as expected. Previously, the checkbox was ignored if the global setting to send invoice emails was enabled in Sales Emails. It is now consistent and operates the same way as the shipment and credit memo creation pages. GitHub-28511

Media Gallery

bin/magento media-gallery:sync now fails as expected when processing PNG images that lack XMP information.

Entries in the catalog_product_entity_media_gallery table are removed as expected when related products are deleted. GitHub-17727

Image details can now be updated in the Media Gallery when JavaScript minification is enabled. Previously, image details were not saved, and the application displayed this error: TypeError: Cannot read property 'call' of undefined in jquery.validate. GitHub-31633

MFTF

New features and MFTF core bug fixes are described in the Functional Testing Framework Changelog.

The magento indexer:reindex and cache:flush commands and the AdminReindexAndFlushCache action group have been removed from tests to improve execution for the following modules: Bundle, Catalog, CatalogRule, CatalogRuleConfigurable, CatalogUrlRewrite, Downloadable, Indexer, Paypal, and Sales. GitHub-31031

AdminSubmitCategoriesPopupActionGroup has been added to tests to prevent test failure. GitHub-31251

Tests have been refactored with StorefrontCheckQuickSearchStringActionGroup and StorefrontAssertProductNameOnProductMainPageActionGroup (existing action groups). GitHub-31251

Refactored tests

The following tests have been refactored to improve execution time:

AddOutOfStockProductToCompareListTest

AdminApplyTierPriceToProductWithPercentageDiscountTest

AdminCheckingCreditMemoTotalsTest

AdminCheckDashboardWithChartsTest

AdminConfigDefaultProductLayoutFromConfigurationSettingTest

AdminCreateInvoiceTest

AdminCreateOrderAddProductCheckboxTest

AdminMassOrdersCancelCompleteAndClosedTest

AdminMassOrdersCancelProcessingAndClosedTest

AdminMassOrdersHoldOnCompleteTest

AdminMassOrdersHoldOnPendingAndProcessingTest (replacement for deprecated AdminMassOrdersHoldOnPendingAndProcessingTest)

AdminMassOrdersUpdateCancelPendingOrderTest

AdminMassProductPriceUpdateTest

AdminMassUpdateProductAttributesMissingRequiredFieldTest

AdminOrdersReleaseInUnholdStatusTest

AdminPanelIsFrozenIfStorefrontIsOpenedViaCustomerViewTest

AdminSortingByWebsitesTest

AdminUpdateSimpleProduct

AdminUpdateSimpleProductWithRegularPriceInStockEnabledFlatTest

AdminValidateShippingTrackingNumberTest

CancelOrdersInOrderSalesReportTest

ProductsQtyReturnAfterOrderCancelTest

StorefrontConfigurableProductBasicInfoTest

Action groups

Repetitive actions have been replaced with action groups in these tests:

AdminCheckConfigurableProductPriceWithDisabledChildProductTest

AdminConfigurableProductCreateTest

AdminConfigurableProductRemoveAnOptionTest

AdminCreateProductDuplicateUrlkeyTest

AdminCreateSimpleProductNegativePriceTest

AdminCreateSimpleProductZeroPriceTest

AdminCreateVirtualProductFillingRequiredFieldsOnlyTest

AdminUpdateSimpleProductWithRegularPriceInStockDisabledProductTest

AdminUpdateSimpleProductWithRegularPriceInStockNotVisibleIndividuallyTest

AdminUpdateSimpleProductWithRegularPriceInStockVisibleInCatalogOnlyTest

New action groups

AdminClearFiltersOnGridActionGroup

AdminClickAddNewPageOnPagesGridActionGroup

AdminClickInsertWidgetActionGroup

AdminClickRefundOfflineOnNewMemoPageActionGroup

AdminFillAccountInformationOnCreateOrderPageActionGroup

AdminGoToOrderStatusPageActionGroup

AdminOpenCMSPagesGridActionGroup

AdminSelectAttributeSetOnEditProductPageActionGroup

AssertAdminProductIsAssignedToCategoryActionGroup (replaces filtering Products Grid by SKU and clicking the first row (in order to decrease test execution time)

AssertLinkActionGroup

AssertStorefrontCartDiscountActionGroup

ClickPlaceOrderActionGroup

SaveCmsPageActionGroup

StorefrontAssertProductNameIsNotOnProductMainPageActionGroup

StorefrontGuestCheckoutProceedToPaymentStepActionGroup

StorefrontHoverProductOnCategoryPageActionGroup

StorefrontSelectCustomizeAndAddToTheCartButtonActionGroup

Deleted action groups

Removed CliIndexerReindexActionGroup (or changed value) from tests to improve execution time for the Backend, Bundle, BundleImportExport, Catalog, CatalogRule, CatalogSearch, Checkout, Downloadable, Elasticsearch, Elasticsearch6, Indexer, LayeredNavigation, LoginAsCustomer, Newsletter, Sales, SalesRule, Search, Store, Swatches, UrlRewrite, Weee, and Wishlistmodules.

Removed CliCacheFlushActionGroup from Catalog, CatalogUrlRewrite, Checkout, Config, ConfigurableProduct,Contact, Cookie, CurrencySymbol, Customer, Downloadable, Elasticsearch, Elasticsearch6, Fedex, Indexer, LayeredNavigation,LoginAsCustomer, Msrp, Multishipping, Sales, Swatches, Translation, UrlRewrite, Vault, Weee, and Wishlist modules.

The application no longer sends newsletter email to a customer who has been unsubscribed from the newsletter in the time period between newsletter queue creation and the sending of the newsletter. GitHub-32116

The application now honors newsletter enablement settings (Stores > Settings > Configuration > Customers > Newsletter > General Options). Previously, these settings were always retrieved from the default scope in multi-store deployments. GitHub-31188

The REST call GET /V1/customers/search now returns correct information for customers that are subscribed to multiple newsletters. GitHub-31168

Caching subscription status has been removed from the newsletter plugin. GitHub-19345

Order

The application now correctly calculates an invoiced customer balance when returning store credit to a customer account for a partially invoiced order.

The application now saves a modified order as expected when it saves a refunded customer balance. GitHub-393

Payment methods

The application now renders payment blocks on frontend regardless of the area from which the email was sent. (The current area is now emulated as frontend before the payment block is rendered.) Previously, payment blocks were rendered in the area from which the email was sent. As a result, whether sales email was triggered from the Admin or by the REST API, URLs for assets attempted to load them from the wrong area (webapi_rest or adminhtml).

The application now sends the link for a downloadable product to the email address that is specified during checkout. Previously, when a guest shopper used PayPal Express Checkout and entered different email addresses to submit the order and to check out, the application sent the downloadable product link to the first address.

The application now displays an accurate value for available store credit on the Payment Method page in deployments that support multiple currencies.

The payment methods list is now updated as expected when a guest shopper changes an order’s shipping address to a different country during checkout. Previously, changing billing address did not trigger an update of the possible payment methods.

PayPal

Shoppers can now successfully check out a PayPal Payflow Pro order with a shipping address that contains special characters. Previously, the applicationdeclined payment for these orders.

Shoppers are now redirected back to the order success page after a successful payment using PayPal. Previously, shoppers were redirected to a blank page because session data was lost.

Performance

The performance of Admin SKU search on large catalogs has improved. Query optimizer hints now force index usage during query execution.

The performance of the catalog_product_alert cron process when running on large tables (several million rows) has been improved. Previously, catalog_product_alert loaded all product alerts, which caused an out-of-memory exception.

The application no longer loads all CMS pages when needing only one edit page to render an Admin form. These pages now load faster. GitHub-30936

Numeric values in WHERE IN expressions are now cast as number, not as string, which improves query performance in some versions of MariaDB. GitHub-31135
The use_application_lock mode lets you enable re-indexing through either the use of environment variables or by configuring the app/etc/env.php file. You no longer need to manually reset the indexer after failure with this mode enabled. When this mode is not enabled, you must manually reset the indexer after failure. See Using application lock mode for reindex processes.

Pricing

The application now correctly updates the price of a product with grouped prices when a shopper updates product quantity on the storefront. GitHub-32669

Bundle products can now be saved when products have been assigned a tier price and Magento\Framework\Api\ExtensibleDataObjectConverter is used to convert product data. Previously, when Magento\Framework\Api\ExtensibleDataObjectConverter was used to convert product data to an array when a product was saved, the application did not save the product and displayed this error: Notice: Undefined index: price in app/code/Magento/Catalog/Model/Product/Type/Price.php on line 382.

Scheduled price updates are now applied to products already in a shopper’s cart. GitHub-356

Tier price is now applied to a product as expected when quantity increments are enabled and decimal inventory is less than 1. Previously, minimal tier price quantity was set to 1.

Product video

You can now use the Add Video button (Admin Catalog > Products) to consecutively add several videos. Previously, video fields retained the details of the previous video.

Entering full-screen mode for a product video on a product page now works as expected on mobile devices. Previously, entering full-screen mode caused the video to pause before exiting full-screen mode.

The navigation arrow buttons (Next and Prev) are now visible as expected on storefront product videos.

Merchants can now add Vimeo videos using the Insert video button on the product page as expected. Previously, the application displayed a 404 error. GitHub-31753

Quote

The /V1/guest-carts/examplecartid/items call now returns the requested store view. Previously, it returned the first store view in the store, not the requested one.

Invoice sending is now configurable. Previously, invoice sending was not configurable, and the application always sent an invoice after it was created. Invoice and order emails were both sent in the scope of one observer. Separate observers now govern the sending of order email and invoice email. GitHub-27656

Reports

The Last Review date on Admin Reports > Reviews > By Products now displays the correct review date. Previously, the application displayed the product creation date instead of the review date.

Reviews

Product review rating stars are now correctly calculated in the Review Details section of the My Account page.

The Average Product Rating and Product Ratings sections of the product review details page now render correctly. Previously, the review ID was not set when the application calculated the storefront rating, and the product review template was not properly rendered.

The Be the first to review this product link now changes as expected to a review count after an administrator approves a review.

Administrators can now sort product reviews on the Product Reviews section of the product edit page as expected. GitHub-30270

Reviews are now saved with the correct store ID after an administrator approves and saves the review from a different domain than the store. GitHub-17510

Rewards

The application now updates the payment method list when a shopper checking out with multiple addresses either checks or unchecks the Store Credit (Reward Points) option.

Sales

Admin users can now place orders for out-of-stock items when the Backorders are allowed setting is enabled (Stores > Configuration > Catalog > Inventory > Product Stock Options). Previously, the application threw an error.

Shoppers can now find an order on the Orders and Returns page when the last name ends with a white space.

Invoices are now created with the correct grand total when a cart price rule assigning a 100% discount is applied to an order that is also subject to catalog product and discount taxes and that qualifies for free shipping. Previously, the order had the correct price, but the invoice did not. GitHub-30853

Filtering orders by date now returns accurate results. Previously, the application did not return an order that was placed after 00:00 UTC when you filtered orders by order date.

The credit memo grid now displays the correct currency symbol when Website scope is used for a Price attribute in a multi-store deployment.

Payment methods radio buttons no longer disappear on the Payment & Shipping Information section of the checkout workflow after the Admin Create New Order page is reloaded. GitHub-32106

Arabic text is now displayed correctly in invoices.

The application now calculates partial credit memo tax totals correctly for credit memos that are based on either an order or an invoice in stores that deploy PayPal Payment Pro as a payment gateway. Previously, for orders with multiple invoices, the application applied the whole tax of that order for partial invoice cancellation in the credit memo.

The application no longer creates random database deadlocks when sending new order emails to customers. Previously, deadlocks occurred because the application saved the entire object and its related objects instead of updated SQL columns. The application displayed this type of error: SQLSTATE[40001]: Serialization failure: 1213 Deadlock found when trying to get lock; try restarting transaction. GitHub-31090

The storefront Order detail page now displays the correct shipped product quantity. Previously, product quantities were incorrect because the template for the Order Shipment page rendered Qty Shipped as an int. This has been changed to float.

The application no longer emails copies of an order invoice when the Email Copy of Invoice button is unchecked. Previously, the applicationsent email to Customer and Send Invoice Email Copy To. GitHub-28511

The application no longer creates duplicate address entries for a customer account when creating a new order from the Admin for an existing customer. The Save in Address Book check box has been renamed to Add to Address Book and is now unchecked in the Admin by default.

The application now uses the logo that has been uploaded in the Logo for HTML Print View settings when shoppers print an order from their account. Previously, the application displayed the LUMA logo instead of the uploaded logo.

The pager of order items on the storefront now works as expected when item count exceeds 20. Previously, the pager took into account child products, and the total count was incorrect.

The application now displays the correct currency symbols for subtotal and shipping and handling values on Order page and Credit Memo page grids. GitHub-22662

Administrators who use Safari can now successfully add a product to an order from the Admin. Previously, when the administrator clicked the Add selected products to order button, the application displayed the spinning load icon, and the page hung.

Sales Rule

The application now applies cart price rules with Maximum Qty Discount is Applied To or Discount Qty Step (Buy X) conditions correctly when multiple cart price rules are applied to the shopping cart. Previously, if a cart price rule with Maximum Qty Discount is Applied To or Discount Qty Step (Buy X) was applied after another cart price rule, the total discount was reduced to the value configured for Maximum Qty Discount is Applied To or Discount Qty Step (Buy X) times the product price.

The Coupon report now accurately reflects coupon activity in deployments where a split database is implemented.

Cart price rules that contain the condition Category IS NOT are now applied as expected to configurable child/simple products that are not assigned to a category but whose parent products are assigned.

The GraphQL cart query now returns the correct grand total for the billing step of a cart when a coupon is applied to the order.

Search search-heading

The category page no longer contains these duplicate HTML element IDs: modes-label, mode-list, toolbar-amount, sorter, limiter.

Partial word search results no longer include unexpected or irrelevant matches, and searches produce consistent results on both the storefront and Admin. The application now uses a different analyzer without a stemmer for partial word searches. Previously, search results displayed products that did not include search keywords. (The default analyzer previously included a stemmer, and because the same analyzer was used at search time for partial word search, the search result could produce unexpected or irrelevant matches.)

Quick search now returns results if the search query has multiple words and the product name is configured as not searchable. Previously, if the product name was configured as not searchable, the application threw a query exception on search queries with multiple words.

Search results now include the weight attribute as expected when it is configured as searchable.

The application no longer throws an error when you view an empty category page with Elasticsearch enabled. Instead, it renders the page as expected and displays an informative message. Previously, an empty full-text index triggered an exception on a category page.

The search field autocomplete feature now works as expected if a shopper clicks outside the search field after beginning her search. Autocomplete suggestions now reappear when the shopper resumes typing. Previously, the application did not display autocomplete suggestions and clicking in the search box did not make the search suggestions visible again (although typing additional letters did).

Searching for a product based on its full or partial SKU in Advanced Search now returns the expected product.

Layered navigation filters now display accurate product counts. Previously, product count values from Elasticsearch were not filtered by catalog permissions.

Elasticsearch no longer throws an error when the category URL page parameter exceeds the pagination. GitHub-23843

You can now add a custom Elasticsearch field mapper to Magento\Elasticsearch\Model\Adapter\FieldMapper\Product\FieldProvider\FieldName\Resolver\CompositeResolver.

Developers can now change Elasticsearch mappings. Previously, dynamic templates sent to the Elasticsearch server in the default mappings were hard-coded, which prevented developers from indexing in Elasticsearch any extra data associated with a custom module.

Search fields (form minisearch) now work as expected when Search Suggestions are disabled.

Shipping

The application now updates shipping price as expected when a shopper navigates back to the cart page after deleting a product during checkout with multiple addresses.

The application now displays the correct adjusted shipping price when some items in the cart qualify for free shipping. Previously, when a subset of items in the cart qualified for free shipping, the application did not adjust the shipping price and displayed the full shipping price to the shopper.

Admin users who are restricted to a specific website can now create a shipment for an order placed on the same website. Previously, the application threw this exception when an Admin user who lacked permission to the default store view tried to ship an order that was placed in a store view that the Admin user had access to: Notice: Undefined offset: 1 in /app/code/Magento/Catalog/Model/Product/Attribute/Backend/GroupPrice/AbstractGroupPrice.php on line 293.

The application now takes into account relevant cart price rule discounts when determining whether an order meets conditions for free DHL shipping.

Shipping labels now use base currency as expected instead of order currency for stores that support multiple currencies when an order is placed in a non-base currency. GitHub-31891

The application now displays the correct order subtotal when a shopper returns to the cart page during checkout after navigating away from the multi-shipping page. GitHub-31889

Editing billing information during Admin order creation no longer changes shipping information for customers with different default shipping and billing addresses. GitHub-31786

The application no longer unchecks the Append Comments checkbox when a shopper clicks Get shipping methods and rates and selects a shipping method when creating an order from the Admin.

Shoppers can now use the Back browser button to return to the Select Shipping Method page while checking out an order with multiple addresses. Previously, the application displayed a corrupted Select Shipping Method page. GitHub-30268

Product quantity now remains unchanged as expected after a shopper changes quantity on the Ship to multiple address address page and clicks the browser Back button.

Flat rate shipping method charges no longer become zero when a cart price rule is applied during checkout. GitHub-21832

The application no longer throws an error when a merchant tries to ship an order using DHL when the Create shipping label checkbox is enabled and the product name contains unicode characters. Previously, the application displayed this error when requesting label creation: The response is in wrong format.

You can successfully place an order from the Admin in a multi-site deployment in which United States is enabled on one website andDisable all countries is enabled as the default scope on the other website. Previously, the application did not place the order and displayed this error: Please check the shipping address information. "regionId" is required. Enter and try again.

Store

The application no longer treats a string of 0 as an empty value when displaying a store home page. Previously, the applicationtreated an integer value at the start of a request path as a store ID, which had unintended effects on SEO.

Plugins for \Magento\Framework\App\ActionInterface under lib/internal/Magento/Framework/App/Action/Plugin have been removed to keep with the guideline that plugins should be used to customize behavior of one module from another module. GitHub-28050

The application now displays this message when you try to select Website as default when Store View is disabled during website creation: Please enable your Store View before using this Web Site as Default. Previously, the website crashed, and the application did not display an alert.

Tax

The application now takes into account hidden tax during validation of the minimum order amount.

The application now displays Fixed Product Taxes (FPT) as expected when a shopper navigates back to their shopping cart and proceeds to checkout after adding bundle products to the cart. GitHub-30250

The application now pre-fills the VAT Number input fields for both the billing and shipping addresses of the Address Information section of the Admin new order page with saved VAT numbers when an administrator creates an order for an existing customer. GitHub-31846

The application now displays a VAT Number field on the customer registration page when customer/create_account/vat_frontend_visibility is enabled.

Test

Test environments have been upgraded to Redis 6.0.12.

Removed CacheCleaner::cleanAll(); from integration tests.

Added a test for this scenario: Admin users can edit a customer account when the customer is subscribed to a queued newsletter.

Removed the cache:flush command from tests to improve execution time for the Catalog, CatalogUrlRewrite, and LoginAsCustomer modules.

Redundant parameters have been removed and POST changed to GET where needed in \Magento\Logging\Model\ProcessorTest::testLoggingProcessorLogsActionShipping.

Theme

The customer login page no longer displays this message when the Move JS code to the bottom of the page setting (Store > Configurations > Advance > Developer > JavaScript Settings) and cookies are both enabled: The store will not work correctly in the case when cookies are disabled.

Account links in headers now follow WCAG standards. Previously, account links in headers contained duplicated IDs, which caused WCAG validation to fail.

The application now prioritizes store configuration for a store logo image over layout configuration. Previously, the size of logo images was fixed and did not vary by store.

The application now displays page elements consistently on storefront pages that use standard Magento Open Source themes. Previously, not all styles were applied in Blank theme, so not all page elements were displayed in pages using this theme. (For example, no magnifier icon was present in the My Orders page search field.)

Translation and locales

Brackets that are added to strings are no longer escaped when inline translation is configured. Previously, the escapeHtmlAttr method converted the brackets into HTML entity codes.

Untranslatable phrases in the Admin are now translatable. (This pull request contributes to ongoing efforts to make all Admin strings localizable.) GitHub-11175

Text strings in the template that are used to manage stored payment methods (My Account > Stored Payment Methods ) are now translatable.

Order emails sent from the Admin now use the store locale not the locale that is associated with the administrator’s account.

UI

The Admin footer now displays the correct product version.

Pagination for sources is now present as expected during Admin shipment creation.

The product grid filter now works correctly when you use custom date attributes to filter products and the Admin user locale is en_GB.

Pinch-to-zoom gestures now work as expected in the product page image gallery magnifier on iOS devices.

Pagination of the Admin product grid search results now starts at page one for each search as expected.

Anomalies with the display of the shopping cart when zoomed have been resolved. Previously, display elements overlapped when this page was zoomed.

The order review page displayed during checkout with PayPal Express Checkout now loads successfully. Previously, the template contained the unused Update delivery method button, which was only partially hidden by the script during page rendering.

Rating stars and review text in the Customer Reviews section of the product page are now properly spaced when lengthy rating names are present.

Options are now displayed as expected in the Actions drop-down list on the Archive Invoices, Shipments, and Credit Memos pages.

The application now displays a correct time value when the datetime component timeOnly option is set to yes. GitHub-23157

You can now remove a layout update after creating a new widget on Admin Content > Widgets. GitHub-29936

The Remove Layout Update button now works as expected on any layout you have added from Admin Content > Widgets. Previously, this button did not work on any layout other than the first selected when adding multiple layouts. GitHub-30286

The application now uses the page title that is set in the layout file as the browser page title for the Customer Account Edit file. Previously, the Magento\Customer\Controller\Account\Edit controller action enforced the page title value to Account Information. GitHub-30724

Checkboxes that permit merchants to toggle between showing and hiding passwords have been added to these pages:
- Customer Login
- Customer Registration
- Customer Edit (Change Password section)
- Customer Set New Password GitHub-31557

Removed a redundant header in grid cells that appeared when an administrator added a product to a grouped product set after changing the attribute set. GitHub-30911

The application now displays a DateRange filter on the Logged in area of the Customer > Login page. Previously, the application displayed a Text filter. GitHub-30328

JavaScript has been removed from template files and moved into separate files to reduce rendering issues on Admin pages. Previously, Admin pages did not render properly in deployments in which minification of HTML had been enabled. The application displayed this error: An error has happened during application run. See exception log for details. GitHub-32454

The dropdownDialog widget now loads only the draggable and resizable jquery-ui chunks it needs. Previously, it loaded large amounts of unnecessary code, which inflated load time and reduced performance. GitHub-32810

URL rewrites

Product URL rewrites for a specific website in a multi-site deployment are now generated as expected after products are assigned to a website by bulk update.

The application now correctly generates the URL path for child categories when the Use Default Value checkbox for the URL key is enabled for the parent category. Previously, moving a category in the hierarchy resulted in an incorrect url_path value when using different URL keys in a multi-store view deployment. GitHub-16202

The application now updates the url_path of the category that is assigned to all store scope when you move a category in the category hierarchy. Previously, moving a category in the hierarchy resulted in an incorrect url_path.

URL redirects that are created from the Admin using a custom URL now work successfully. Previously, GraphQL cached the response from a GraphQL urlResolver query and returned the old value after the URL rewrite update.

Product URL rewrites are now removed as expected when a product is removed from a website. GitHub-24184

Added a main_table reference to the store_id in the addStoreFilter function of the app/code/Magento/UrlRewrite/Model/ResourceModel/UrlRewriteCollection.php collection. Previously, problems occurred whenever a join is added to the collection on a table that also contains a store_id column. GitHub-31853

The PUT /V1/products/:sku REST endpoint now re-generates product URL rewrites as expected. Previously, the endpoint re-generated product url_key values but not URL rewrites. GitHub-30316

User

You can now save an effective new user role (Admin System > Permissions > User Roles) with the entire Catalog tree selected excluding Edit Product Design ( Catalog > Inventory > Products > Edit Product Design). Previously, the application did not save product changes that were made by a user in this role and displayed this error: Not allowed to edit the product's design attributes. GitHub-31973

The application now uses the correct custom email template when generating email for new Admin users. Previously, the applicationused the old default template, which omitted the administrator’s first and last names.

The application now uses the correct email template when sending email to new users. Previously, the applicationused the default template even when a custom template was selected.

VersionCMS

The application now applies the correct theme to a CMS page after you change its layout. Previously, the application changed the assigned theme to Luma after you saved your layout changes, no matter which theme was assigned to the page.

Video

Videos are now available in the product gallery as expected when advanced JavaScript bundling is enabled and used. GitHub-32501

YouTube videos for simple products that belong to a configurable product now work as expected. Previously, images were ordered by ID instead of position. Consequently, some videos were treated like images. GitHub-29690

Web API framework

The Catalog API now correctly updates a product’s custom option values by adding new values and removing old values. Previously, the API did not delete the old values.

POST /V1/guest-carts/:cartId/billing-address now returns address ID as an integer, not a string.

An administrator can now delete all of a widget’s layout updates. Previously, when a widget had multiple layout updates, an administrator could delete only the first.

Clicking the Add to Cart button on the product widget no longer results in a page reload. Previously, clicking the Add to Cart button on a product widget caused a current page to reload before the product was added to the cart.

Wish list

The application no longer resets a configurable product’s configuration settings when you click the Edit item button for the product from a wish list. GitHub-32119

The application now displays the correct product price when you update a product with a customizable file option in the wish list. Previously, the application displayed the wrong product price and did not display a link to the uploaded file.

The total product count in a wishlist for a customer with multiple wish lists now matches the number of items in the wish list. Previously, out-of-stock products were included in the total product count.

The application now removes a product from a wish list after adding it to an order. GitHub-30260

Shoppers can now add related products to their shopping cart from a wish list. Previously, the applicationadded only the configurable product, not the configurable product and its related products when a shopper clicked the Select all link of the Related Products section. GitHub-32274

Known issues

Issue: JavaScript error when reCAPTCHA is disabled. If reCAPTCHA is disabled for checkout, checkout proceeds, but the application displays an Uncaught TypeError error in the console log. This issue will be fixed in a later release.

Issue: Content Security Policy error. The storefront displays the following error in the console log: The Content-Security-Policy directive frame-ancestors does not support the source expression unsafe-inline. Storefront performance is not affected.

Issue: Anomalies with PayPal Credit display of gift card amounts. When PayPal Credit is enabled and multiple gift card amounts are configured, if a shopper changes the amount for the value of a gift card, the storefront does not update the amount for installment payments. A fix for this issue will be included in Adobe Commerce 2.4.4 and Magento Open Source 2.4.4.

Issue: The Add to order button does not work for products added to the cart by SKU. the application displays this error message when you click on the Add to order button after adding products to the order by SKU: An error has happened during application run. Products are not added to the cart. Workaround: Use the Add Products feature.

Community contributions

We are grateful to the wider Magento Open Source community and would like to acknowledge their contributions to this release.

The Community Engineering team Magento Contributors maintains a list of top contributing individuals and partners by month, quarter, and year. From that Contributors page, you can follow links to their merged PRs on GitHub.

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request, and the GitHub issue number associated with it (if available).

Partner

Pull Requests

Related GitHub Issues

magento/magento2#31022, magento/magento2#28926, magento/magento2#30992, magento/magento2#30881, magento/magento2#30938, magento/magento2#31621

magento/magento2#30265, magento/magento2#29528, magento/magento2#30286, magento/magento2#30880, magento/magento2#29690, magento/magento2#27678

magento/magento2#30410, magento/partners-magento2ee#444, magento/magento2#31736, magento/magento2#31584, magento/partners-magento2ee#449

magento/magento2#30424, magento/partners-magento2ee#31111, magento/magento2#31660, magento/partners-magento2ee#31331

magento/magento2#31142, magento/magento2#29991, magento/magento2#31208, magento/magento2#29804

magento/magento2#30911, magento/magento2#29936, magento/magento2#31188, magento/magento2#29365, magento/magento2#29805

magento/magento2#31369, magento/magento2#30615, magento/magento2#31490, magento/partners-magento2ee#445

magento/magento2#4451, magento/magento2#29302, magento/partners-magento2ee#31196

magento/magento2#30943

magento/magento2#30936

magento/magento2#32389

magento/magento2#32088

magento/magento2#31157, magento/magento2#31886

magento/magento2#30724, magento/magento2#30471

magento/magento2#30695

magento/magento2#30788

magento/magento2#30626

magento/magento2#30622

magento/partners-magento2ee#451, magento/magento2#31482

magento/magento2#31557

magento/magento2#32612, magento/magento2#32610

magento/magento2#32578, magento/magento2#32658

magento/magento2#30910

magento/magento2#30909

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the external pull requests, the GitHub issue number associated with it (if available), and the community member who contributed the pull request.

Contributing community member

Pull Requests

Related GitHub Issues

Magento Open Source 2.4.3 release notes

Other release information

Apply AC-3022.patch to continue offering DHL as a shipping carrier

Apply MC-43048__set_rate_limits__2.4.3.patch to address issue with API rate limiting

Apply AC-384__Fix_Incompatible_PHP_Method__2.4.3_ce.patch to address PHP fatal error on upgrade

Highlights

Substantial security enhancements

Thirty-three security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities

Additional security enhancements

Infrastructure improvements

Platform enhancements

Performance enhancements

Adobe Stock Integration

GraphQL

Page Builder

PWA Studio

Upgrade Compatibility Tool

Vendor Developed Extensions

Fixed issues

Installation, upgrade, deployment

Adobe Stock Integration

Backend

Bundle products

Cache

CAPTCHA

Cart and checkout

Catalog

Catalog rule

CMS content

Configurable products

Content security Policy CSP)

cron

Custom customer attributes

Customer

Directory

Downloadable

EAV

Email

Frameworks

General fixes

Gift cards

Gift message

Google Tag Manager

GraphQL

Image

Import/export

Index

Infrastructure

Invoice

Media Gallery

MFTF

Refactored tests

Action groups

New action groups

Deleted action groups

Newsletter

Order

Payment methods

PayPal

Performance

Pricing

Product video

Quote

Reports

Reviews

Rewards

Sales

Sales Rule

Search search-heading

Shipping

Store

Tax

Test

Theme

Translation and locales

UI

URL rewrites

User

VersionCMS

Video

Apply `AC-3022.patch` to continue offering DHL as a shipping carrier