Magento Open Source introduces improvements to platform quality, payment methods, GraphQL caching performance, and accessibility. It includes updates to integrated Google modules.
This release includes over 290 quality fixes and enhancements.
Although code for these features is bundled with quarterly releases of the Magento Open Source core code, several of these projects are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.
Look for the following highlights in this release.
This release includes 20 security fix and platform security improvements. This security fix has been backported to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Security improvements for this release improve compliance with the latest security best practices, including:
reCAPTCHA support has been added to the Wish List Sharing, Create New Customer Account, and Gift Card forms.
ACL resources have been added to Inventory.
Inventory template security has been enhanced.
MaliciousCode filter has been upgraded to use the
Magento Open Source 2.4.5 now supports
PHPStan (^1.5.7 with constraint) GitHub-35315
The DHL Integration schema has been updated from v6.0 to v6.2. This upgrade will not result in a change in product behavior.
The following Composer dependencies have been updated to the latest versions with constraint:
laminas/laminas-captcha(updated with a constraint ^2.12)
laminas/laminas-view dependencies have been removed.
The DHL Integration schema has been updated from v6.0 to v6.2.
The default Gateway URL for USPS shipping has been updated to use
https instead of
Froogaloop library has been replaced with the Vimeo
Player.js library (2.16.4).
grunt-eslint (NPM) library has been upgraded to the latest version.
jQuery Storage libraries have been replaced with
phpcs static code analysis tools are now compatible with PHP 8.x.
glob.js dependency (upgraded with constraint to ~7.2.0)
serve-static.js dependency (upgraded with constraint ~1.14.2)
underscore.js dependency (NPM) (1.14.2)
jquery/jquery-cookie has been replaced with
jaralax-video.js libraries have been updated to use the latest version of the Vimeo REST API.
The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:
Google has updated the tracking and integration mechanisms of AdWords and Analytics in web applications through integration with GTag. This integration of Google functionality into website pages extends opportunities to track and manage content through Google Services. Adobe Commerce has a set of built-in modules including Google AdWords, Analytics, Optimizer, and TagManager that leverage the former API for integration with Google services. In this release, we have re-implemented this integration using the GTag approach. See Migrate from analytics.js to gtag.js (Universal Analytics).
GraphQL performance enhancements include:
Developers and administrators experience faster rebuilding of the unified storefront GraphQL schema on deployment or when changing attributes in production. Shoppers also experience significantly faster page load speeds when the GraphQL schema must be rebuilt for any reason.
Added capability to consume the expiration date/time of the authorization token through the use of JSON Web Tokens (JWT) in the GraphQL API.
bin/magento config:set graphql/session/disable 1 command allows merchants to completely disable the creation of session cookies for all GraphQL operations. By default, the application Open Source creates these cookies and relies on them for authorization, which affects performance. Going forward, we recommend using tokens as the only form of authorization for GraphQL requests. We do not recommend using session cookies alone or in conjunction with authorization tokens. See GraphQL Authorization.
Session cookies are now launched in GraphQL operations using class proxies only when needed.
Session usage has been removed from
http header processors in GraphQL such as store, customer, or currency.
See the GraphQL Developer Guide for details on these enhancements.
Inventory template security has been enhanced.
Page Builder v.1.7.2 is compatible with Magento Open Source 2.4.5.
Page Builder column layout includes these enhancements:
Columns are now exposed, permitting users to control column settings on the storefront.
Column resizing now supports wrapping triggered by user actions.
Apple Pay is now available to all merchants running deployments with Payment Services enabled. This payment method does not require shoppers to enter their credit or debit card details. Apple Pay is available on the product details page, mini cart, shopping cart, and checkout workflow. Merchants can toggle on this feature.
Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers.
Previews of the PayPal, Credit and Pay Later buttons are now available in the Admin for the checkout, minicart, cart, and product pages. Previews reveal how these buttons will look when they are enabled and rendered on the storefront.
Braintree has discontinued the KOUNT fraud protection integration. It has been removed from the Magento Open Source codebase.
The Always request 3DS option has been added to the Admin.
PWA Studio v.12.5.x is compatible with Magento Open Source 2.4.5.
New features for this release include:
Shopper behavior data is collected on PWA Studio storefront for web analytics services. Merchants can now subscribe and extend these events as needed.
Merchants can now select a service to deploy from the Admin (Google Tag Manager).
We have fixed hundreds of issues in the Magento Open Source 2.4.5 core code.
patch_listdatabase table. Magento Open Source now checks whether data patch aliases already existed in the database before applying the patch. Previously, the applicationOpen Source threw an error under these conditions.
PUT /V1/productsendpoint to update product price attributes for a specific website. Previously, if some product attributes were overridden for a specific store view, you could not update a price attribute for that product in that same store view.
addProductsToCartmutation now works correctly with multiple products. Previously, this query returned the first product with an accurate subtotal, but returned a subtotal of 0 for other products.
There has been an error processing your request.
cartquery no longer return null responses when a product is out of stock. A new
errorselement containing the error message was introduced to the response. Previously, when you ran a query with an out-of-stock product, the application Open Source displayed a
nullvalue under the
itemssection in the response. See cart query.
Parent Onlyattribute scope is now used properly in the Cart Rule condition.
PUT /V1/products/for a store view. Previously, a new URL key was generated based on the new product name and assigned to the product, which overrode the URL key in that store view.
Unfortunately there are no products in this category on our website currently.
catalogrule_product_pricetable after a full re-index. Previously, triggers were removed from the
catalogrule_product_pricetable after a
PUT /V1/products/tier-pricesreturned an incorrect error message.
ConfigurableWishlistItem.configured_variantfield has replaced the
ConfigurableWishlistItem.child_skufield. The latter field triggered an internal error when a customer wish list contained an un-configured configurable product.
Synchronize widget products with backend storagesetting is enabled, the application Open Source adds recently view product data into the
catalog_product_frontend_actiondatabase table. It includes the customer or visitor ID when adding records. The
recently_viewed_productsection in the response is now empty if customer ID and visitor ID are null. As a result, when the
customer/section/loadAjax request is sent, the application Open Source can correctly filter recently viewed products based on customer or visitor ID. Previously, the response included all the data available in the
catalog_product_frontend_actiondatabase table because there was no check for an empty customer or visitor ID.
Item (Magento\Catalog\Model\Product\Interceptor) with the same ID "<ID>" already exists. GitHub-33145
form_keydiffered, and Magento Open Source displayed this error:
Invalid Form Key. Please refresh the page.
intto prevent possible performance issues.
Magento Open Source now displays an error message as expected when you try to create an attribute from the product page without completing the Admin field. GitHub-33099
Product ratings are now correct on all catalog product lists when the home page contains multiple catalog lists. GitHub-33867
productsquery now retrieves prices for configurable products that accurately reflect the Display Out Of Stock configuration setting. Previously, the query did not return accurate prices.
selectattributes via a patch script. Previously, eligible global attributes were hidden.
addConfigurableProductsToCart mutation can now be used to add configurable products with custom options. Previously, the applicationOpen Source threw this error:
Magento 2.3.4 graphql Notice: Undefined index: option_value in /var/www/html/mg234/vendor/magento/module-configurable-product-graph-ql/Model/Resolver/ConfigurableCartItemOptions.php on line 62. GitHub-28860
You can now re-order configurable products with optional custom options. Previously, re-order attempts failed, and meant displayed this error:
Some of the selected options are not currently available. GitHub-35409
addConfigurableProductsToCartmutation now works as expected with multiple products. Previously, incorrect product information was returned, or an invalid error message was returned. GitHub-30948
TIMESTAMPDIFF(DAY, ,)SQL function has replaced the
TO_DAYS()function and calculates the difference in the timestamps on the basis of date and time. Previously, email reminders were not sent per schedule because of the incorrect calculation of two date-time values of cart abandonment (any timezone) and server time (UTC).
bin/magento setup:config:setcommand no longer overrides already set cache ID prefixes in
bin/magento setup:static-content:deploy -s compactcommand now includes styles from child themes as expected. Previously, theme CSS files were not present on the storefront after deployment.
di.xmlfile after update.
updateCartCurrencyfunction now sets string instead of an object inside the cart object. Previously, the applicationOpen Source did not load a quote using
updateCartCurrencyfunction set an object instead of a string inside the cart object. GitHub-34199
\DateTimeFormatter::formatObject(). This method now works as expected with numeric values for
preg_replace()error on the Admin. The third argument (
$subject) is now of type
isFreeShippingmethod now returns an integer rather than a Boolean.GitHub-35164
Error: Call to undefined method ReflectionUnionType::getName(). GitHub-35292
/checkout/sidebar/updateItemQty/?item_qty=erroron the storefront. Previously, this error was thrown:
Warning: A non-numeric value encountered in /vendor/magento/module-checkout/Controller/Sidebar/UpdateItemQty.php on line 69. GitHub-34380
trim(): Passing null to parameter #1 ($string) of type string is deprecatederror when the AMPQ connection is configured without SSL configuration.
longblogdatabase definition to
long blob. GitHub-35108
magento2/app/code/Magento/Security/Model/AdminSessionsManager.phphas been corrected from
.htpasswdhas been added to banned locations in the
nginxconfiguration file. GitHub-35150
ProductRepository.php:getmethod now returns cache keys once. Previously, they were returned twice. GitHub-34958
GraphQl-GroupedProductGraphQlmodules have been updated. GitHub-34951
Name is not valid!error.
productsquery now returns product information that accurately reflects the “Show Related Products” configuration. The
crosssell_productsfields in the GraphQL ProductInterface are now resolved according to Show Related Products, Show Upsell Products, and Show Cross-Sell Products configuration respectively.
tier_price) to product comparisons. Previously, the product comparisons page crashed when the Comparable on storefront setting for this attribute was enabled. GitHub-35244
A technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later.
price_rangeattribute has been added to the GraphQL
productsquery no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318
price_including_taxfield has been added to
ProductInterfaceare no longer deprecated. GitHub-34783
categoriesquery no longer throws an exception when fetching a list of categories one of which contains an image that cannot be found on the filesystem. Previously, the applicationOpen Source threw this exception:
Category image not found. GitHub-34266
productsquery now returns
category_uidas an aggregation as expected. GitHub-32557
updateCartItemsmutation now removes products as expected when the product stock has reached the maximum stock amount. GitHub-30220
urlResolverquery now resolves the path delimiter (/) correctly when multiple homepages have the same identifier. Previously, the query did not resolve the delimiter and returned null. GitHub-33615
customerqueries now fetch bundle product multi-select options as expected when querying orders. GitHub-34717
ClearCustomerSessionAfterRequestplugin logged out the shopper. GitHub-34550
productsquery responses are now correctly calculated when the Display Out of Stock Products configuration setting is enabled. Previously, disabled options were taken into account in the minimum and maximum price calculation.
productsquery now returns correctly filtered multiple categories when sorting by position.
setShippingAddressesOnCartrequests now successfully validate region IDs. Previously, the applicationOpen Source threw an error when you used region ID instead of region code.
productsqueries now return only the categories associated with the store passed in the request.
categoryListquery now returns results that reflect the queried store’s root category when the store is specified in the header. Previously, categories from the default root category were included in results even though another store was specified in the header.
productsquery no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318
cartquery now returns only one payment methods for free orders. Previously, all active payment methods were returned in the query response. GitHub-34036
productsqueries no longer returns
price_rangevalues for configurable products that are affected by disabled variants. GitHub-33629
collectQuoteTotalscall to ensure store credits are not applied multiple times.
generateCustomerTokenAsAdminmutation now retrieves customer tokens as expected. Previously, tokens were not returned, and this error was returned:
Customer email provided does not exist.
typeproduct attribute is defined. Previously, the schema was invalid because the
typeattribute on products types was overwritten by the custom
updateCustomerV2mutation are now added with active newsletter subscriptions. Previously, customers were unsubscribed from newsletters even when the request contained proper input parameters. GitHub-33599
productsquery for a specific store view now returns only categories that are in the specific website’s root category in multi-site deployment. Previously, the query returned categories from the root categories of other websites. GitHub-34570
productsquery now returns only the subcategory of provided category ID. Previously, it returned all categories. GitHub-35220
customerOrdersquery now responds as expected when the
gift_messageobject is specified in the response but no gift message exists. Previously, the query returned this message:
Can't load gift message for order is returned. GitHub-28957
catalog_category_productindexer that caused the
productsquery to return categories from another store. GitHub-31253
generateCustomerTokenmutation now creates an entry in the
customer_logas expected after generating a customer token. GitHub-33378
Imported resource (image) could not be downloaded from external resource due to timeout or access permissions in row(s):.
populateExistingOptionsmethod. The option title is also displayed correctly. Previously, after the initial import, successive imports resulted in corrupted behavior and doubled options. Shoppers could not add the product to the cart, either.
catalog_url_rewrite_product_categorytable are now deleted before inserting new ones. Previously, the following error occurred during multi-store product import:
SQLSTATE: Integrity constraint violation. GitHub-34210
delayedRenderlogic for the toolbar in TinyMCE.
contentUpdatedevent listener. GitHub-32068
getTypeIDfunction now returns product type ID not product ID. GitHub-35458
jQuery UI slider and
SelectMenu mapping has been corrected in
Observers placed on
sales_order_state_change_before now support the retrieval of data from the order object. The
event argument has been updated. GitHub-26789
indexer:resethas been refactored to call
htmlClassattribute value, which supports the use of additional components such as the Tailwind UI. GitHub-34430
postDispatchhandler had not been specified in configuration settings.
Repetitive actions have been replaced with action groups in these tests:
The store that was requested wasn't found. Verify the store and try again.
The store that was requested wasn't found. Verify the store and try again. Exception in /var/www/html/vendor/magento/module-store/Model/StoreRepository.php:75. GitHub-35122
increment_idcolumn in the
sales_ordertable has been increased. Previously, third-party modules that assumed that
sales_order.increment_idhad a length of 50 characters saved only the first 32 characters of an
No such entity with cartId = 0.
cartquery no longer returns all active payment methods for free orders. GitHub-34036
Grid Filter Condition Typecustomer/customer address attribute controls how an attribute filter is matched against the attribute values in the database, Options include
Prefix Match, and
array_mergein loops. GitHub-33929
intis configured as a searchable backend
typeattribute. Previously, the applicationOpen Source threw an
PageCachekey did not include filter parameters for configurable products.
catalogsearch/advanced/indexpages. Previously, Magento Open Source displayed this error when an array was passed in any advanced search string :
Warning: trim() expects parameter 1 to be string, array given | magento/module-catalog-search. GitHub-33586
cartquery no longer includes tax when returning
GET /V1/orders/) no longer returns negative values for row totals.
Magento.GraphQl.CatalogGraphQl.ProductSearchTest.testSearchSuggestionswhen run with AWS Elasticsearch configuration.
testCreateProductOnStoreLevel integration test no longer causes a nested transaction on the database.
The following exception no longer occurs when running WebAPI tests for the Send Friend feature when product image has not set on PHP 8.1:
exception main.ERROR: /var/www/html/lib/internal/Magento/Framework/DataObject.php:131 strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated. GitHub-34864
translate_strategy=embedded. Previously, the text reverted to English after the product was added to the cart.
magento.comno longer causes performance issues during Admin login. A timeout on the request to fetch release notification has been added.
Magento_LoginAsCustomerAdminUiis enabled and Store View To Login To is set to manual selection. Previously, the applicationOpen Source threw this error:
(Magento\Framework\Exception\LocalizedException): Unable to get Customer ID. GitHub-33096
aria-labelelement instead of a placeholder on the Catalog > Product page.
.icofile types. Previously, when you tried to upload a favicon file with this extension type in the Admin, the application Open Source displayed this error:
Warning: imagecreatefromstring(): one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully in /var/www/html/vendor/magento/module-media-storage/Model/File/Validator/Image.php on line 64. GitHub-34858
url_rewritetable and Admin after the attribute code visibility status for the specific store view is changed to Not Visible Individually. Previously, all URLs were removed for the product in the
bannerelement when CSP is set to
/rest/schema) now uses unique operation IDs.
POST /V1/salesRules/endpoint now retain existing coupon code values after changing status from disabled to enabled. GitHub-35298
POST /V1/salesRules/endpoint now contain valid
Magento_ReCaptchaWebapiRestmodule is enabled. GitHub-35348
bySkuoption for configurable products. Previously, it returned a 500 error.
POST /V1/products/special-priceendpoint now works as expected. Previously, the endpoint returned this error:
Future Update already exists in this time range. Set a different range and try again.
/V1/products/base-pricesendpoint now works as expected with Catalog Price Mode - Website. GitHub-30132
qtyfield of product detail page from the wishlist itself.
Issue: Admin users cannot create an order or re-order for customers from the Admin when Braintree is enabled. When the Admin user clicks either Order or Reorder, Adobe Commerce does not submit the order, and the
system.log displays this error:
report.CRITICAL: Error: Call to a member function getMethodInstance() on null in /app/vendor/paypal/module-braintree-core/Block/Form.php:174. Workaround:
BUNDLE-3137-composer.patch is now available. See the Admin can’t create order/reorder when Braintree payment enabled Knowledge Base article for a discussion of this issue and access to the patch. A fix will also be included in Adobe Commerce 2.4.5-p1.
We are grateful to the wider Magento Open Source community and would like to acknowledge their contributions to this release.
The Community Engineering team Magento Contributors maintains a list of top contributing individuals and partners by month, quarter, and year. From that Contributors page, you can follow links to their merged PRs on GitHub.
The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).
|Partner||Pull Requests||Related GitHub Issues|
|Fisheye||magento/magento2#35504 magento/magento2#35356 magento/magento2#35355||magento/magento2#35505 magento/magento2#35587|
|Atwix||magento/magento2#35421 magento/magento2#35385 magento/magento2#35118 magento/magento2#35099 magento/magento2#35040 magento/magento2#34883 magento/magento2#34862 magento/magento2#34552 magento/magento2#33795 magento/magento2#33557 magento/magento2#33536 magento/magento2#33409 magento/magento2#33342 magento/magento2#32293 magento/magento2#28958||magento/magento2#35386 magento/magento2#34631 magento/magento2#33692 magento/magento2#33344 magento/magento2#32378|
|Ampersand||magento/magento2#35050 magento/magento2#34582||magento/magento2#35180 magento/magento2#34988|
|Comwrap||magento/magento2#32648 magento/magento2#32371 magento/magento2#31944||magento/magento2#32649 magento/magento2#33767 magento/magento2#31947|
The following table identifies contributions from our community members. This table lists the community member who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).
|Contributing community member||Pull Requests||Related GitHub Issues|
Our technology stack is built on PHP and MySQL. For more information, see System Requirements.
You can install Magento Open Source 2.4.5 using Composer.