Documentation Commerce Release information

Magento Open Source 2.4.5 release notes

Last update: Mon Apr 29 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Release Notes

CREATED FOR:

Experienced
Admin
Developer

Magento Open Source introduces improvements to platform quality, payment methods, GraphQL caching performance, and accessibility. It includes updates to integrated Google modules.

This release includes over 290 quality fixes and enhancements.

NOTE

Adobe Commerce releases may contain backward-incompatible changes (BICs). To review backward-incompatible changes, see BIC reference. Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.

Other release information

Although code for these features is bundled with quarterly releases of the Magento Open Source core code, several of these projects are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.

Magento Open Source 2.4.5 highlights

Look for the following highlights in this release.

Security enhancements

This release includes 20 security fix and platform security improvements. This security fix has been backported to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4.

No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:

IP allowlisting
two-factor authentication
use of a VPN
use of a unique location rather than /admin
good password hygiene

See Adobe Security Bulletin for the latest discussion of these fixed issues.

Additional security enhancements

Security improvements for this release improve compliance with the latest security best practices, including:

reCAPTCHA support has been added to the Wish List Sharing, Create New Customer Account, and Gift Card forms.
ACL resources have been added to Inventory.
Inventory template security has been enhanced.
The MaliciousCode filter has been upgraded to use the HtmlPurifier library.

Platform enhancements

Magento Open Source 2.4.5 now supports

Composer 2.2
TinyMCE (5.10.2). Earlier versions of TinyMCE (v5.9.2 or earlier) allowed arbitrary JavaScript execution when a specially crafted URL or an image with a specially crafted URL was updated.
jQueryUI (1.13.1)
PHPStan (^1.5.7 with constraint) GitHub-35315

The DHL Integration schema has been updated from v6.0 to v6.2. This upgrade will not result in a change in product behavior.

Outdated JavaScript libraries have been updated to their latest versions, and outdated dependencies have been removed. These changes are backward compatible.

Composer dependency updates

The following Composer dependencies have been updated to the latest versions with constraint:

colinmollenhour/credis (1.13.0)
guzzlehttp/guzzle (^7.4.2)
laminas/laminas-captcha (updated with a constraint ^2.12)
laminas/laminas-db (^2.15.0)
laminas/laminas-di (^3.7.0)
laminas/laminas-escaper (~2.10.0)
laminas/laminas-eventmanager (^3.5.0)
laminas/laminas-feed (^2.17.0)
laminas/laminas-mail (^2.16.0)
laminas/laminas-mvc (^3.3.3)
laminas/laminas-server (^2.11.1)
laminas/laminas-servicemanager (^3.11.0)
laminas/laminas-validator (^2.17.0)
league/fly (2.4.3)
monolog/monolog (^2.5)
phpmd/phpmd (^2.12.0)
phpstan/phpstan (^1.5.7)
phpunit/phpunit (~9.5.20)
php-cs-fixer (^3.4.0)
webonyx/graphql-php (14.11.6)

The laminas/laminas-session, laminas/laminas-text, and laminas/laminas-view dependencies have been removed.

Other upgrades and replacements

The DHL Integration schema has been updated from v6.0 to v6.2.
The default Gateway URL for USPS shipping has been updated to use https instead of http.
The Froogaloop library has been replaced with the Vimeo Player.js library (2.16.4).
The grunt-eslint (NPM) library has been upgraded to the latest version.
The jQuery Storage libraries have been replaced with julien-maurel/js-storage.
The php-cs-fixer and phpcs static code analysis tools are now compatible with PHP 8.x.
glob.js dependency (upgraded with constraint to ~7.2.0)
serve-static.js dependency (upgraded with constraint ~1.14.2)
underscore.js dependency (NPM) (1.14.2)
moment-timezone-with-data.js (0.5.34)
The library jquery/jquery-cookie has been replaced with js-cookie/js-cookie.
The jarallax.js and jaralax-video.js libraries have been updated to use the latest version of the Vimeo REST API.

Accessibility updates

The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:

Search results summary information is now announced to screen reader users
Screen readers are now informed when a new page view loads
Contrast and keyboard accessibility have been improved

Google Analytics

Google has updated the tracking and integration mechanisms of AdWords and Analytics in web applications through integration with GTag. This integration of Google functionality into website pages extends opportunities to track and manage content through Google Services. Adobe Commerce has a set of built-in modules including Google AdWords, Analytics, Optimizer, and TagManager that leverage the former API for integration with Google services. In this release, we have re-implemented this integration using the GTag approach. See Migrate from analytics.js to gtag.js (Universal Analytics).

GraphQL

GraphQL performance enhancements include:

Developers and administrators experience faster rebuilding of the unified storefront GraphQL schema on deployment or when changing attributes in production. Shoppers also experience significantly faster page load speeds when the GraphQL schema must be rebuilt for any reason.
Added capability to consume the expiration date/time of the authorization token through the use of JSON Web Tokens (JWT) in the GraphQL API.
The bin/magento config:set graphql/session/disable 1 command allows merchants to completely disable the creation of session cookies for all GraphQL operations. By default, the application Open Source creates these cookies and relies on them for authorization, which affects performance. Going forward, we recommend using tokens as the only form of authorization for GraphQL requests. We do not recommend using session cookies alone or in conjunction with authorization tokens. See GraphQL Authorization.
Session cookies are now launched in GraphQL operations using class proxies only when needed.
Session usage has been removed from http header processors in GraphQL such as store, customer, or currency.

See the GraphQL Developer Guide for details on these enhancements.

Inventory

Inventory template security has been enhanced.

Page Builder

Page Builder v.1.7.2 is compatible with Magento Open Source 2.4.5.

Page Builder column layout includes these enhancements:

Columns are now exposed, permitting users to control column settings on the storefront.
Column resizing now supports wrapping triggered by user actions.

Payments

Apple Pay is now available to all merchants running deployments with Payment Services enabled. This payment method does not require shoppers to enter their credit or debit card details. Apple Pay is available on the product details page, mini cart, shopping cart, and checkout workflow. Merchants can toggle on this feature.

PayPal

Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers.
Previews of the PayPal, Credit and Pay Later buttons are now available in the Admin for the checkout, minicart, cart, and product pages. Previews reveal how these buttons will look when they are enabled and rendered on the storefront.

Braintree

Braintree has discontinued the KOUNT fraud protection integration. It has been removed from the Magento Open Source codebase.
The Always request 3DS option has been added to the Admin.

PWA Studio

PWA Studio v.12.5.x is compatible with Magento Open Source 2.4.5.

New features for this release include:

Shopper behavior data is collected on PWA Studio storefront for web analytics services. Merchants can now subscribe and extend these events as needed.
Merchants can now select a service to deploy from the Admin (Google Tag Manager).

For information about enhancements and bug fixes, see PWA Studio releases. See Version compatibility for a list of PWA Studio versions and their compatible Magento Open Source core versions.

Fixed issues

We have fixed hundreds of issues in the Magento Open Source 2.4.5 core code.

Installation, upgrade, deployment

You can now rename a data patch and add the old class name as an alias in the patch_list database table. Magento Open Source now checks whether data patch aliases already existed in the database before applying the patch. Previously, the applicationOpen Source threw an error under these conditions.

Magento Open Source no longer throws an exception when you try to change the Admin URL to a custom URL from the Admin. Previously, after changing the Admin URL, you could not log in. GitHub-35416

Merchants can now successfully upgrade from an Magento Open Source 2.4.2 deployment with Klarna to Magento Open Source 2.4.3. GitHub-33760

The path to Magento Open Source Analytics is no longer hardcoded. Previously, this hardcoded path resulted in conflicts when multiple Magento Open Source instances were installed on one server. GitHub-29373

Accessibility

The Shopping bag button now provides a programmatic or textual indication of its state. Screen reader users are informed that clicking this button will expand other content, or that the associated content is expanded or collapsed. Previously, this button did not provide a programmatic or textual indication of its state.

Payment Information credit card option text elements or images of text now meet the WCAG 2.0 required minimum color contrast ratio of 4.5:1 for standard text of 18pt (24px) or 14pt (19px) if bolded. Previously, they did not meet the expected contrast ratio.

Address book > Communication > Account information custom focus indicators now provide a contrast ratio of at least 3:1 against the background color.

Filter and Sort button text now meet the WCAG 2.0 required minimum color contrast ratio of 4.5:1 for standard text of 18pt (24px) or 14pt (19px) if bolded. Previously, navigation buttons for carousels did not meet these minimum contrast requirements.

Screen readers announce the word “Venia” only once when navigating to Venia headers and footers. Previously, the same word was announced twice consecutively.

Buttons that trigger dropdowns now provide information to screen readers that indicate their expanded or collapsed state and accessible names.

Screen reader users are informed when a new page view is rendered. Previously, when a page title changed, the title change was not announced.

Adobe Stock

Users can now successfully sign out of Adobe Stock.

Bundle products

You can now use the PUT /V1/products endpoint to update product price attributes for a specific website. Previously, if some product attributes were overridden for a specific store view, you could not update a price attribute for that product in that same store view.

Magento Open Source now correctly calculates the cart total for a bundle product when the Product Subselect rule is applied.

Cache

Full page cache is no longer shown as disabled in the Admin when the Magento Open Source cache is flushed and use_stale_cache is enabled.

New Relic deployment markers now work as expected when cache is flushed. GitHub-32649

Cart and checkout

The address search pop-up on the billing step of the checkout workflow no longer causes DOM errors.

The addProductsToCart mutation now works correctly with multiple products. Previously, this query returned the first product with an accurate subtotal, but returned a subtotal of 0 for other products.

Permission exceptions are now handled for restricted products that are added by SKU. Shoppers are now given an appropriate message on the storefront, and the quantity field in the error table is disabled. Previously, the applicationOpen Source threw an exception like this: There has been an error processing your request.

The SQL query that updates affected quotes after disabling a cart price rule has been optimized to avoid locking the entire quote table.

Shoppers with global account sharing are no longer required to log in again to a secondary website in a multi-site deployment when guest checkout is disabled. Customer data is now loaded when the shopper navigates to the subdomain. The shopper is no longer asked to log in again, and the previous cart contents are displayed.

Address dropdown values in the checkout workflow no longer change for the remaining items in a quote when a single quantity address item is removed in a multi-address checkout. Previously, when a product was removed from a quote during multi-address checkout, the address dropdown value changed to default for all products.

The cart query no longer return null responses when a product is out of stock. A new errors element containing the error message was introduced to the response. Previously, when you ran a query with an out-of-stock product, the application Open Source displayed a null value under the items section in the response. See cart query.

Shipping methods are now available as expected when a guest shopper creates an account after adding a product to their cart before proceeding to checkout. Previously, when a guest added a product the cart before creating an account, no shipping methods were available during checkout. After adding other products to the cart, shipping methods became available.

Shoppers can now add products to their carts when no options in the Allow Countries field have been selected.

Cart contents and login status are now reloaded as expected after a session times out when Enable Persistence is set to Yes. GitHub-35182

Mini cart subtotals are now updated correctly when a shopper navigates from the shipping page to the cart page in the checkout workflow for an order with multiple shipping addresses. Previously, the subtotal was doubled.

The mini cart now displays previously added products after a session timeout when Enable Persistence is enabled . GitHub-35183

Merchants can now create a credit memo in which Refund Shipping (Incl. Tax) is set to -0.01 and can now set this amount to 0. Previously, the credit memo could not be created under these conditions.

Cart price rule

The Parent Only attribute scope is now used properly in the Cart Rule condition.

Catalog

Product URL keys now remain unchanged when updating product name via PUT /V1/products/ for a store view. Previously, a new URL key was generated based on the new product name and assigned to the product, which overrode the URL key in that store view.

Adding a product to a category from the Page Builder product widget set to carousel mode no longer triggers a page reload.

Products set to Not Visible Individually no longer appear in catalog Advanced Search results.

Dynamic bundle attributes are now updated correctly on the Mass Attribute Update page. Previously, the Dynamic SKU attribute remained set to Yes even though they were disabled on the Mass Update page.

Catalog rules are now correctly applied using incremental indexers rather than a full re-index.

You can now successfully switch between list and grid views of multi-page product lists. Previously, when you navigated to the last page of a multi-page product list view before switching to the grid view, the application Open Source displayed this error: Unfortunately there are no products in this category on our website currently.

Admin Action Log reports now display updated product IDs and updated status information as expected.

Triggers are now restored as expected to the catalogrule_product_price table after a full re-index. Previously, triggers were removed from the catalogrule_product_price table after a catalogrule_rule or catalogrule_product full re-index.

Category rules that are used to assign products to categories no longer randomly change.

Categories can no longer be updated globally by an administrator with scope-restricted access. Previously, when multiple websites used the same category but different products, and an administrator with permission restricted to one store changed products in the category, the product selection also changed for other stores.

The product details page now displays the correct price when a non-default currency for a specified locale is used. Previously, numbers were not localized as expected on the storefront.

The same error message is now displayed by the API and on the storefront when trying to retrieve the tier prices of a product with duplicate records. Previously, PUT /V1/products/tier-prices returned an incorrect error message.

Magento Open Source now provides validation error messages when you try to add a product URL key with a trailing hyphen. Informative tooltip text is also available.

The new ConfigurableWishlistItem.configured_variant field has replaced the ConfigurableWishlistItem.child_sku field. The latter field triggered an internal error when a customer wish list contained an un-configured configurable product.

URL rewrites are now generated only for the selected stores during the mass attribute update to change product visibility. Previously, the mass attribute update created a URL rewrite for the wrong store.

When the Synchronize widget products with backend storage setting is enabled, the application Open Source adds recently view product data into the catalog_product_frontend_action database table. It includes the customer or visitor ID when adding records. The recently_viewed_product section in the response is now empty if customer ID and visitor ID are null. As a result, when the customer/section/load Ajax request is sent, the application Open Source can correctly filter recently viewed products based on customer or visitor ID. Previously, the response included all the data available in the catalog_product_frontend_action database table because there was no check for an empty customer or visitor ID.

Administrators can now change configurable product options in a shopper’s cart from the Admin slide panel. Previously, the slide panel did not work correctly.

Page cache is now cleared as expected for the configurable product parent when changes to a child product are saved. Previously, because the cache was not cleared, changes were not selected on the storefront configuration product page. GitHub-34508

Product lists are now rendered correctly in the Admin. Previously, the product list did not render, and Magento Open Source displayed this error: Item (Magento\Catalog\Model\Product\Interceptor) with the same ID "<ID>" already exists. GitHub-33145

Product prices are now the same on the product detail page and in storefront search in multi-store deployments after Catalogue Price Scope changes from website to global. Previously, the Catalog Search Results page displayed the global price, and the product details page displayed the website price. GitHub-34074

Layered navigation now displays products with the highest prices as expected when Price Navigation Step Calculation is set to Manual.

You can now change the per-page product limit displayed within a category when Remember Category Pagination is enabled. Previously, the cookie form_key and UI form_key differed, and Magento Open Source displayed this error: Invalid Form Key. Please refresh the page.

The EAV indexer now processes product IDs as type int to prevent possible performance issues.

A new product cache is now successfully generated after you add a new image with a name that contains ‘.’ to a product, then save the product and clean the image cache. GitHub-32699

Magento Open Source now displays an error message as expected when you try to create an attribute from the product page without completing the Admin field. GitHub-33099
Product ratings are now correct on all catalog product lists when the home page contains multiple catalog lists. GitHub-33867

Configurable products

Magento Open Source now displays the correct product price for a configurable product with a selected option after changing its quantity on product details page. Previously, the price was reset to the initial value after the quantity changed.

The products query now retrieves prices for configurable products that accurately reflect the Display Out Of Stock configuration setting. Previously, the query did not return accurate prices.

Configurable options are now linked to configurable products that are created in the Admin using POST /V1/configurable-products/configurable1/child.

Multi-select attributes are now saved correctly during product edit. Previously, the applicationOpen Source saved the default option for non-selected attributes as well as selected attributes when saving a product.

Magento Open Source now displays configurable attributes as expected during the creation of global select attributes via a patch script. Previously, eligible global attributes were hidden.

The addConfigurableProductsToCart mutation can now be used to add configurable products with custom options. Previously, the applicationOpen Source threw this error: Magento 2.3.4 graphql Notice: Undefined index: option_value in /var/www/html/mg234/vendor/magento/module-configurable-product-graph-ql/Model/Resolver/ConfigurableCartItemOptions.php on line 62. GitHub-28860
You can now re-order configurable products with optional custom options. Previously, re-order attempts failed, and meant displayed this error: Some of the selected options are not currently available. GitHub-35409

The addConfigurableProductsToCart mutation now works as expected with multiple products. Previously, incorrect product information was returned, or an invalid error message was returned. GitHub-30948

Customer

Magento Open Source now displays predefined EAV system attributes correctly according to the website setting on the storefront. Previously, website-level customer attributes that were enabled for one website and disabled for another were displayed as enabled for both websites.

Downloadable

You can now remove sample links and files from a downloadable product. GitHub-31887

Email

System-issued emails are now successfully sent to recipients with “.-” in their email address.

Customers now get email reminders about their abandoned carts on the correct schedule. The new TIMESTAMPDIFF(DAY, ,) SQL function has replaced the TO_DAYS() function and calculates the difference in the timestamps on the basis of date and time. Previously, email reminders were not sent per schedule because of the incorrect calculation of two date-time values of cart abandonment (any timezone) and server time (UTC).

Magento Open Source now displays an error message on the Shipping page when a shopper enters an invalid email format after the shopper clicks Place Order. Previously, the error message was displayed on the Payment page. [GitHub-33590](https://github.com/magento/magento2/issues/33590

Frameworks

The bin/magento setup:config:set command no longer overrides already set cache ID prefixes in app/etc/env.php.

The bin/magento setup:static-content:deploy -s compact command now includes styles from child themes as expected. Previously, theme CSS files were not present on the storefront after deployment.

A new sniff has been added to check if closing slashes are used in void elements.

Magento Open Source no longer throws an SQL error after assigning a new source to a product and changing its quantity. GitHub-35262

Attribute sort order now works as specified in the di.xml file after update.

The updateCartCurrency function now sets string instead of an object inside the cart object. Previously, the applicationOpen Source did not load a quote using getQuote because the updateCartCurrency function set an object instead of a string inside the cart object. GitHub-34199

Deprecation notices no longer occur in unit tests due to\DateTimeFormatter::formatObject(). This method now works as expected with numeric values for $format.

Magento Open Source no longer displays a preg_replace() error on the Admin. The third argument ($subject) is now of type array|string instead of bool.

The isFreeShipping method now returns an integer rather than a Boolean.GitHub-35164

Magento Open Source no longer throws the following error when you create a plugin for any method of class vendor/magento/module-backend/Model/Menu.php: Error: Call to undefined method ReflectionUnionType::getName(). GitHub-35292

Magento Open Source now returns a 404 error instead of a 500 error when you navigate to /checkout/sidebar/updateItemQty/?item_qty=error on the storefront. Previously, this error was thrown: Warning: A non-numeric value encountered in /vendor/magento/module-checkout/Controller/Sidebar/UpdateItemQty.php on line 69. GitHub-34380

Magento Open Source no longer triggers a trim(): Passing null to parameter #1 ($string) of type string is deprecated error when the AMPQ connection is configured without SSL configuration.

Corrected the longblog database definition to long blob. GitHub-35108

Knockout text containing single quotes is now translatable. GitHub-34319

A TypeError in magento2/app/code/Magento/Security/Model/AdminSessionsManager.php has been corrected from int to string. GitHub-34415

.htpasswd has been added to banned locations in the nginx configuration file. GitHub-35150

Load time of category product list pages have been improved by adding Magento_Ui/js/core/app as a deps to app/code/Magento/Ui/view/frontend/requirejs-config.js. GitHub-34847

The ProductRepository.php:get method now returns cache keys once. Previously, they were returned twice. GitHub-34958

Added an error message to a new exception that was created in the exception handler for cron jobs. GitHub-34941

The ReadMe files for the GraphQl-GroupedProductGraphQl modules have been updated. GitHub-34951

The storefront print order/invoice/credit memo pages no longer display the default Luma logo instead of the logo that has been specified for display on the website. GitHub-34942

General fixes

Setting the maximum session size to 0 (Admin Store > Settings > Configuration - Advanced) no longer logs out the administrator. GitHub-35312

Customer address attributes configuration settings are now loaded correctly based the website the customer is assigned to when you add a new customer address from the Admin that is assigned to a non-default website.

Magento Open Source no longer throws an exception when you add a bundle product through Page Builder.

You can now create a customer account on an iOS device with the inclined apostrophe (') in the first, middle, or last name. Previously, only the straight apostrophe was allowed, and using iOS 11+ default inclined apostrophe resulted in a Name is not valid! error.

The products query now returns product information that accurately reflects the “Show Related Products” configuration. The related_products, upsell_products, and crosssell_products fields in the GraphQL ProductInterface are now resolved according to Show Related Products, Show Upsell Products, and Show Cross-Sell Products configuration respectively.

The Set Product as New From Date attribute now displays the correct date when the Set Product as New attribute is set through a mass product bulk update. Previously, Set Product as New From Date was displayed as Jan 1, 1970.

Users with restricted roles are no longer automatically granted access to new modules.

Related product rule conditions now work as expected with products that contain multiselect attributes.

Merchants can now add a tier price attribute (tier_price) to product comparisons. Previously, the product comparisons page crashed when the Comparable on storefront setting for this attribute was enabled. GitHub-35244

Magento Open Source now displays an error message when you set an invalid cookie domain (Store > Configurations > Web > Default Cookie Settings Cookie Domain). Previously, the website crashed. GitHub-35048

Magento Open Source no longer throws an error when an administrator with roles scoped to a single website adds product to Content Elements using PageBuilder. Previously, the applicationOpen Source threw an SQL error.

Validation has been added to the second line of the street address on the edit and add address pages. The minimum and maximum text lengths that are specified on the second are now enforced.

Magento Open Source no longer throws the following error during the creation of a catalog rule in the Admin after upgrade: A technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later.

Magento Open Source no longer throws an error when you activate the Check here to link an RSS feed to your Wish List checkbox before clicking on Share Wish list. GitHub-34998

The title of the Show Password checkbox (Customer Login, Customer Registration, Customer Edit (Change Password section), and Customer Set New Password forms) is now translatable. GitHub-34857

Updated the labels and comment descriptions in app/code/Magento/NewRelicReporting/etc/adminhtml/system.xml. GitHub-31947

Removed unneeded csp_whitelist.xml files. GitHub-30607

GraphQL

A missing price_range attribute has been added to the GraphQL BundleItemOption type. GitHub-35010

The products query no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318

A price_including_tax field has been added to CartItemPrices. GitHub-29057

The new_from_data and new_to_datefields in ProductInterface are no longer deprecated. GitHub-34783

The categories query no longer throws an exception when fetching a list of categories one of which contains an image that cannot be found on the filesystem. Previously, the applicationOpen Source threw this exception: Category image not found. GitHub-34266

The products query now returns category_uid as an aggregation as expected. GitHub-32557

The updateCartItems mutation now removes products as expected when the product stock has reached the maximum stock amount. GitHub-30220

The urlResolver query now resolves the path delimiter (/) correctly when multiple homepages have the same identifier. Previously, the query did not resolve the delimiter and returned null. GitHub-33615

customer queries now fetch bundle product multi-select options as expected when querying orders. GitHub-34717

Magento Open Source sessions no longer end after a GraphQL request is made. Previously, the ClearCustomerSessionAfterRequest plugin logged out the shopper. GitHub-34550

Configurable product price range in products query responses are now correctly calculated when the Display Out of Stock Products configuration setting is enabled. Previously, disabled options were taken into account in the minimum and maximum price calculation.

The products query now returns correctly filtered multiple categories when sorting by position.

setShippingAddressesOnCart requests now successfully validate region IDs. Previously, the applicationOpen Source threw an error when you used region ID instead of region code.

products queries now return only the categories associated with the store passed in the request.

The categoryList query now returns results that reflect the queried store’s root category when the store is specified in the header. Previously, categories from the default root category were included in results even though another store was specified in the header.

The products query no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318

The cart query now returns only one payment methods for free orders. Previously, all active payment methods were returned in the query response. GitHub-34036

products queries no longer returns price_range values for configurable products that are affected by disabled variants. GitHub-33629

Added a plugin before the collectQuoteTotals call to ensure store credits are not applied multiple times.

The generateCustomerTokenAsAdmin mutation now retrieves customer tokens as expected. Previously, tokens were not returned, and this error was returned: Customer email provided does not exist.

GraphQL schema is now valid when a custom type product attribute is defined. Previously, the schema was invalid because the type attribute on products types was overwritten by the custom type attribute. GitHub-34929

Customers added or updated with the createCustomer, createCustomerV2, updateCustomer, or updateCustomerV2 mutation are now added with active newsletter subscriptions. Previously, customers were unsubscribed from newsletters even when the request contained proper input parameters. GitHub-33599

The products query for a specific store view now returns only categories that are in the specific website’s root category in multi-site deployment. Previously, the query returned categories from the root categories of other websites. GitHub-34570

The products query now returns only the subcategory of provided category ID. Previously, it returned all categories. GitHub-35220

The customerOrders query now responds as expected when the gift_message object is specified in the response but no gift message exists. Previously, the query returned this message: Can't load gift message for order is returned. GitHub-28957

Fixed a bug with the catalog_category_product indexer that caused the products query to return categories from another store. GitHub-31253

The generateCustomerToken mutation now creates an entry in the customer_log as expected after generating a customer token. GitHub-33378

Google Analytics

The Google Tag module has been added to the codebase, which supports the transition to Google Analytics 4 in July 2023. You can currently use and collect new data in your Google Universal Analytics properties, but Google Universal will reach end-of-life in July 2023. GitHub-35204, GitHub-35376

Image

Images on product details pages no longer flicker, and images remain centered as expected. Previously, after a product detail page completed loading an image, the image visibly shifted downwards.

Import/export

Related, upsell, and cross-sell product position in the export CSV is now correct after the deletion of a cross-sell product from the Admin before regenerating the CSV file. Previously, cross-sell product positions were not re-calculated after a cross-sell product was removed, and product position order was incorrect.

Magento Open Source now checks for a custom view before filtering columns when exporting reports. Previously, exported reports did not take into account custom views, and exported columns were incorrect.

Magento Open Source now successfully imports images with long file names. Previously, the applicationOpen Source did not import the image and threw this error: Imported resource (image) could not be downloaded from external resource due to timeout or access permissions in row(s):.

Category ID attributes are now available in scheduled export filters.

Bundle products that contain a question mark (?) in the option title can now be imported successfully because of improvements to the query builder inside populateExistingOptions method. The option title is also displayed correctly. Previously, after the initial import, successive imports resulted in corrupted behavior and doubled options. Shoppers could not add the product to the cart, either.

Added validation for category names during import. Previously, the applicationOpen Source did not validate category names, which lead to errors when category names exceeded 255 characters.

Existing records in the catalog_url_rewrite_product_category table are now deleted before inserting new ones. Previously, the following error occurred during multi-store product import: SQLSTATE[23000]: Integrity constraint violation. GitHub-34210

Infrastructure

A deprecated Context Menu plugin has been removed from plugins list.

The TinyMCE editor toolbar-related logic in the Page Builder module has been updated as a result of introducing delayedRender logic for the toolbar in TinyMCE.

Race conditions no longer interrupt the creation of the contentUpdated event listener. GitHub-32068

The getTypeID function now returns product type ID not product ID. GitHub-35458

jQuery UI slider and SelectMenu mapping has been corrected in vendor/magento/module-theme/view/base/requirejs-config.js.
Observers placed on sales_order_state_change_before now support the retrieval of data from the order object. The sales_order_state_change_before event argument has been updated. GitHub-26789

indexer:reset has been refactored to call $indexer->invalidate(). GitHub-34988

You can now use use the colon symbol in an htmlClass attribute value, which supports the use of additional components such as the Tailwind UI. GitHub-34430

Logging

Customer, customer address, and order actions are now logged correctly in the Admin action report. Previously, the applicationOpen Source did not log actions if the postDispatch handler had not been specified in configuration settings.

MFTF

Action groups

Repetitive actions have been replaced with action groups in these tests:

AdminConfigurableProductChildrenOutOfStockTest GitHub-32378
AdminCreateStoreViewTest GitHub-34631

New tests

AdminUnlockAdminUserEntityTest GitHub-34836

StorefrontNewsletterSubscriptionWithEnabledNeedToConfirmConfigTest GitHub-33344

Refactored tests

AdminCancelTheCreatedOrderWithCashOnDeliveryPaymentMethodTest GitHub-33692

Logged-in customers are no longer marked as guests in Admin > Marketing > Newsletter Subscribers.

The newsletter subscription confirmation email now has the correct, store-specific email address in the From field if the customer is assigned to a non-default store and subscribed or unsubscribed from the Admin. Previously, the customer received an email with default email in From header. GitHub-34963

The unsubscribe URL in the newsletter email template now works as expected. GitHub-33310

Order

Guest customer details are now saved successfully after an order is edited. Previously, some customer details were lost, including customer_firstname and customer_lastname, x_forwarded_for.

Merchants can no longer create a credit memo with a decimal total quantity when Decimal qty is disabled on a product or global setting level. Previously, merchants could create a credit memo for decimal total quantity where it was not applicable.

Filter by date now works properly for Invoices, shipments, credit memos, CMS pages, and CMS block grids when the timezone set in preferences differs from the timezone set on a local computer. Previously, the date was incorrectly parsed and the filtered results included data outside of the set date range.

Magento Open Source no longer changes custom email addresses that are assigned to orders when you change the main email address assigned to the customer on the Admin account edit page. Previously, when you edited the main email address for a customer, the new email address was assigned to every order created for that customer. GitHub-34397

Magento Open Source now displays records from the requested store on the credit memos grid page in deployments running PHP 7.4. Previously, the applicationOpen Source threw the following error after you created a credit memo and tried to view it: The store that was requested wasn't found. Verify the store and try again.

Magento Open Source now displays credit memos on the credit memo grid page for orders created from store views whose name is prepended with numbers. Previously, the applicationOpen Source displayed the error: The store that was requested wasn't found. Verify the store and try again. Exception in /var/www/html/vendor/magento/module-store/Model/StoreRepository.php:75. GitHub-35122

Magento Open Source now displays the free shipping cost (0) on the Admin and storefront invoice page totals. Previously, when shipping was zero for an order, the application Open Source did not display the shipping amount in total on the invoice page shipping total.

The increment_id column in the sales_order table has been increased. Previously, third-party modules that assumed that sales_order.increment_id had a length of 50 characters saved only the first 32 characters of an increment_id. GitHub-34521

Payment methods

Administrators can now place an order on the Admin using the PayPal PayflowPro payment method. Previously, the applicationOpen Source displayed this error: No such entity with cartId = 0.

Payment Review page in the checkout workflow now displays the correct payment method name when payment is made with Venmo, PayPal Later, or PayPal.

The cart query no longer returns all active payment methods for free orders. GitHub-34036

Braintree

Merchants can now submit a partial refund for orders paid with Apple Pay through Braintree. This was a known issue in Magento Open Source 2.4.4.

PayPal

Magento Open Source now shows the correct customer name in a guest order paid for with PayPal. Previously, the customer name was displayed as Guest.

The resolver for the createPaypalExpressToken mutation has been updated to correctly use the value specified in the use_paypal_credit input field. Previously, it attempted to use an invalid paypal_credit field. GitHub-35180

Performance

Redis cache management has been improved by the addition of TTL (expiration date) for configurable products’ associated product data caches. Previously, these caches were not evicted due to missing TTL values if Redis key eviction policy was configured to a volatile eviction policy.

The new Grid Filter Condition Type customer/customer address attribute controls how an attribute filter is matched against the attribute values in the database, Options include Partial Match, Prefix Match, and Full Match.

The Catalog Search fulltext indexer has been relocated outside the stores loop, which streamlines re-indexing. GitHub-33984

Fixed issue with array_merge in loops. GitHub-33929

Pricing

Price attributes that have no value in the default scope (but that are defined at the store-view level) are now indexed properly. Previously, the SQL expressions that retrieves price attributes values from EAV table did not take into account the scenario in which the value was not defined in the default scope.

The price listed on the product detail page is now the same as the price listed in the checkout workflow for tier prices that differ by quantity selected (for example, a product priced differently based on buying 2 items versus 5 items). Previously, the checkout price reflected the price for the lowest product quantity.

ReCAPTCHA

The Submit button on the Login and Create an Account pages is now inactive until ReCaptcha is fully loaded.

Roles

The Store > Configuration > Services page now displays Magento Open Source Web API information as expected when Resource Access is set to Custom on the Role Resources tab. GitHub-35506

Search search-heading

Filtering products by color swatch on the layered navigation displays the correct image for the products after the fix.

Elasticsearch queries now work as expected when int is configured as a searchable backend type attribute. Previously, the applicationOpen Source threw an Elasticsearch\Common\Exceptions\BadRequest400Exception exception.

You can now use search synonyms together with the Minimum Terms to Match parameter In Elasticsearch queries. Previously, if this parameter was specified in settings and search terms were added for specific keywords, the search returned no results.

Magento Open Source now displays an accurate search results suggestion count on the storefront in deployments where Search Suggestions and the Show Results Count for Each Suggestion setting are enabled. Previously, the count displayed next to the keywords was zero.

Products sorted by custom attributes on the Catalog page are now displayed in the expected order. Previously, products were sorted by their attribute option value ID, which reflects the order in which they they were added to the attribute. GitHub-33810

Filtering products by color swatch in the layered navigation now displays the correct product images. Previously, the layered navigation PageCache key did not include filter parameters for configurable products.

Fixed PHP errors on the catalogsearch/advanced/result and catalogsearch/advanced/index pages. Previously, Magento Open Source displayed this error when an array was passed in any advanced search string : Warning: trim() expects parameter 1 to be string, array given | magento/module-catalog-search. GitHub-33586

Shipping

Magento Open Source no longer throws an error when loading UPS shipping rates if no allowed shipping methods are selected. Previously, when a shopper entered a shipping address in the checkout workflow under these conditions, no other shipping methods were displayed, and Magento Open Source displayed an error on the storefront. GitHub-34411

Virtual product prices are now excluded in calculation table rate shipping amount. Previously, shipping costs for these products were not calculated correctly.GitHub-35185

Table rate shipping rates with zero price are now displayed correctly in the checkout workflow Order Summary block for orders that have had a discount coupon applied. Previously, the shipping method was not displayed.

Tax

Fixed Product Tax (FPT) is now correctly displayed for products in the shopping cart. Previously, if multiple products in the shopping cart have Fixed Product Tax (FPT) and Apply Tax To FPT were enabled, all FPTs were assigned to the last product in the shopping cart and reset for other products.

The Fixed Product Tax (FPT) total for the order summary section of the checkout workflow is now calculated correctly.

Magento Open Source now updates the Excluding Tax tier price for a simple product on the product page as expected after the quantity of the simple product has changed.

Validation has been added to the store configuration page to verify if the selected country from the dropdown list is on the EU country list. The Validate VAT Number button is now visible only for EU countries. Previously, the button was visible for all countries, including the U.K.

Tier price are now calculated correctly when Display Product Prices In Catalog is set to either Excluding Tax or Including and Excluding Tax. Previously, the product details page displayed tier prices with taxes despite the setting.

Taxes are now applied correctly for orders to any valid address in storefronts using the Portuguese locale. GitHub-34271

The cart query no longer includes tax when returning subtotal_with_discount_excluding_tax. GitHub-33905

Web API requests for order data (GET /V1/orders/) no longer returns negative values for row totals.

Test

Corrected errors with Magento.GraphQl.CatalogGraphQl.ProductSearchTest.testSearchSuggestions when run with AWS Elasticsearch configuration.

The testCreateProductOnStoreLevel integration test no longer causes a nested transaction on the database.
The following exception no longer occurs when running WebAPI tests for the Send Friend feature when product image has not set on PHP 8.1: exception main.ERROR: /var/www/html/lib/internal/Magento/Framework/DataObject.php:131 strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated. GitHub-34864

Translations and locales

You can now use the Translate inline tool to edit the same element more that once. Previously, only the first change made using this tool was included.

The store view selector no longer blocks the translation pane when you edit Admin text or labels. You can now edit these features from the translation pane, and the interface displays these changes when you click Submit.

The Admin date-time format for Brazilian Portuguese and French locales is now valid.

Added a grave accent [ ` ] character to the name validator so that customer account can be created for first or last names that include this accent.

The text on the Add to cart button on the Product Details page now remains translated into the language specified in the associated locale. Translation files are now converted to corresponding JavaScript files based on the areas, themes, and locales when translate_strategy=embedded. Previously, the text reverted to English after the product was added to the cart.

Search Synonyms now respect their assigned store scope. Previously, a synonym assigned to a specific store was searchable on any other store.

Problems with the Filipino (Philippines) locale has been resolved. GitHub-33996

UI

Lengthy product names in the Catalog > Products grid are now word-wrapped instead of displayed in a single line.

The minimal and maximum date-of-birth range is now saved as a correct timestamp and then converted from a valid timestamp to a valid date format.

The unavailability of magento.com no longer causes performance issues during Admin login. A timeout on the request to fetch release notification has been added.

The results of the Admin order, customer, and product grid filters now persist as expected when displayed in the Chrome browser.

You can now create a customer from the Admin when Magento_LoginAsCustomerAdminUi is enabled and Store View To Login To is set to manual selection. Previously, the applicationOpen Source threw this error: (Magento\Framework\Exception\LocalizedException): Unable to get Customer ID. GitHub-33096

The Next arrow is now disabled as expected when a shopper reaches the last thumbnail image in the product image gallery.

The Search by keyword input field now has an aria-label element instead of a placeholder on the Catalog > Product page.

The Privacy Policy link in Admin footer now links to the new Adobe Privacy Policy.

Administrators can now access Admin menu options when JavaScript bundling is enabled in production mode. GitHub-35325

Administrators can now set the current user’s expiration date higher than 2038 and save the user successfully. Previously, the user whose expiration date was changed could not log back in after logging out.

Magento Open Source now displays an informative error message when an administrator tries to save an address with excessive street lines in Admin Store > Attributes > Customer Address. The administrator can now delete the extra address information and successfully save the address. Previously, the applicationOpen Source committed the extra lines but did not save the data.

The product listing view configuration in the database and local storage has been updated. Custom grid views are now saved during page reload and view changes.

You can now switch between store views when website restrictions are enabled. Previously, problems with the store view switcher prevented switching store views.

The favicon icon upload form now supports .ico file types. Previously, when you tried to upload a favicon file with this extension type in the Admin, the application Open Source displayed this error: Warning: imagecreatefromstring(): one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully in /var/www/html/vendor/magento/module-media-storage/Model/File/Validator/Image.php on line 64. GitHub-34858

Corrected display issues with the drop-down Select menu in the Admin grid. GitHub-35386

GitHub-34430

URL rewrites

URLs for a product in a specific store view only are now removed from the url_rewrite table and Admin after the attribute code visibility status for the specific store view is changed to Not Visible Individually. Previously, all URLs were removed for the product in the url_rewrite table. GitHub-34937

Video

You can now use YouTube URL parameters using Page Builder to add a new video. Previously, these parameters were automatically removed from the URL.

You can now set a Vimeo video to run in the background in a banner element when CSP is set to restrict mode. Previously, the applicationOpen Source threw a JavaScript error.

Web API framework

Mutex has been implemented for orders to prevent race conditions during update by concurrent requests. Previously, race conditions during concurrent REST API calls resulted in an overwrite of shipping status information in the Admin Items Ordered table.

Product image role inheritance is now preserved unless explicitly defined in the payload when updating a product in a specific store view via the REST API.

The Swagger schema (/rest/schema) now uses unique operation IDs.

Cart price rules created through the POST /V1/salesRules/ endpoint now retain existing coupon code values after changing status from disabled to enabled. GitHub-35298

Cart price rules created through the POST /V1/salesRules/ endpoint now contain valid from_date and to_date values. GitHub-35265

CartItemInterface now includes customizable_options. GitHub-31180

REST API bulk PUT and DELETE requests now work as expected when the Magento_ReCaptchaWebapiRest module is enabled. GitHub-35348

The Bulk Rest API now works with the bySku option for configurable products. Previously, it returned a 500 error.

Creating a new special price schedule with the POST /V1/products/special-price endpoint now works as expected. Previously, the endpoint returned this error: Future Update already exists in this time range. Set a different range and try again.

The /V1/products/base-prices endpoint now works as expected with Catalog Price Mode - Website. GitHub-30132

Wish list

Updating an item quantity from the wish list page now updates the quantity on the product detail page as expected. The application Open Source now picks up the updated value from the product URL and populates the qty field of product detail page from the wishlist itself.

Known issue

Issue: Admin users cannot create an order or re-order for customers from the Admin when Braintree is enabled. When the Admin user clicks either Order or Reorder, Adobe Commerce does not submit the order, and the system.log displays this error: report.CRITICAL: Error: Call to a member function getMethodInstance() on null in /app/vendor/paypal/module-braintree-core/Block/Form.php:174. Workaround: BUNDLE-3137-composer.patch is now available. See the Admin can’t create order/reorder when Braintree payment enabled Knowledge Base article for a discussion of this issue and access to the patch. A fix will also be included in Adobe Commerce 2.4.5-p1.

Community contributions

We are grateful to the wider Magento Open Source community and would like to acknowledge their contributions to this release.

The Community Engineering team Magento Contributors maintains a list of top contributing individuals and partners by month, quarter, and year. From that Contributors page, you can follow links to their merged PRs on GitHub.

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).

Partner

Pull Requests

Related GitHub Issues

Fisheye

magento/magento2#35504 magento/magento2#35356 magento/magento2#35355

magento/magento2#35505 magento/magento2#35587

Atwix

magento/magento2#35421 magento/magento2#35385 magento/magento2#35118 magento/magento2#35099 magento/magento2#35040 magento/magento2#34883 magento/magento2#34862 magento/magento2#34552 magento/magento2#33795 magento/magento2#33557 magento/magento2#33536 magento/magento2#33409 magento/magento2#33342 magento/magento2#32293 magento/magento2#28958

magento/magento2#35386 magento/magento2#34631 magento/magento2#33692 magento/magento2#33344 magento/magento2#32378

Ampersand

magento/magento2#35050 magento/magento2#34582

magento/magento2#35180 magento/magento2#34988

magento/magento2#33898

Comwrap

magento/magento2#32648 magento/magento2#32371 magento/magento2#31944

magento/magento2#32649 magento/magento2#33767 magento/magento2#31947

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the community member who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).

Contributing community member

Pull Requests

Related GitHub Issues

hostep

magento/magento2#30640

magento/magento2#30607

nuzil

magento/magento2#31944

magento/magento2#31947

kate-kyzyma

magento/magento2#32293

magento/magento2#32378