Update Your Magento Store to Version 2.4.7
Addresses Comic String Vulnerability and Adding New Features
Latest Version of Magento: 2.4.7 p4 Oldest Supported Version of Magento: 2.4.5
End of Life: August 9, 2025
NOTE: Support for Magento 2.4.4 and 2.4.5 is ending on 25th of Nov.
Latest Security Patch for Supported Version
Date of Release: 11th Feb 2025
Versions
Magento 2.4.7 (p4)
Magento 2.4.6 (p9)
Magento 2.4.5 (p11)
Magento 2.4.4 (p12) *
Critical Issues Addressed
1. Authorization Vulnerability (CVE-2025-24434):
This issue allowed unauthorized users to access restricted areas or data without access to admin authorization. The patch ensures that only authorized users can access these sections, enhancing overall security.
2. Path Traversal Vulnerability (CVE-2025-24406):
Attackers could exploit this to gain unauthorized access to sensitive files on the server.
3. Stored Cross-Site Scripting (XSS) (CVE-2025-24410):
Malicious scripts could be injected into web pages, potentially compromising user data and site integrity.
Additionally, the patch introduces a redesigned system for managing encryption keys, enhancing usability and addressing previous limitations. New command-line interface (CLI) commands are now available for changing keys and re-encrypting specific data.
About the Comic String Vulnerability
The Comic String vulnerability is a critical security issue identified across multiple versions of Magento. It is one of the biggest vulnerabilities in the history of the platform, it exposes Magento stores to potential attacks, allowing hackers to exploit unprotected endpoints, inject malicious code, or gain unauthorised access to sensitive data.
To safeguard your store, Adobe has released various patches that mitigate this vulnerability across supported versions of Magento. Each supported version of Magento now has dedicated security patches addressing this issue:
- Magento 2.4.7 (Recommended): Fully patched with release 2.4.7 itself, which also brings many security and performance enhancements.
- Magento 2.4.6-p5: Patch version `p5` resolves this vulnerability with additional security improvements.
- Magento 2.4.5-p7: Patch version `p7` ensures robust protection against the vulnerability.
- Magento 2.4.4-p8: Addressed with patch version `p8` to safeguard your platform.
By upgrading to Magento 2.4.7 or applying these patches, you can protect your store from this and other security risks.
Latest Security Patches for Supported Magento Versions
To keep your store secure, the following are the most recent patches released by Adobe for Magento’s supported versions:
- Magento 2.4.7-p3
- Magento 2.4.6-p8
- Magento 2.4.5-p10
- Magento 2.4.4-p11
What’s New in Magento 2.4.7?
Magento 2.4.7 introduces significant improvements in security, performance, and functionality. Here are the highlights:
Security Enhancements
- Over 13 security fixes including enhanced validations, token management, and stricter permissions handling.
- Improved security for payment information when using GraphQL and REST API.
- Robust protection measures, addressing known vulnerabilities.
Improved Performance
- Faster page loads due to optimized GraphQL caching and enhanced indexing capabilities.
- Updated support for PHP 8.3, ensuring compatibility with the latest technology stacks.
- Streamlined catalog search performance.
Developer Experience
- Enhanced GraphQL coverage for custom attributes.
- A new Open Source Extension Metapackage, simplifying extension management.
- Continued enhancements to PWA Studio, allowing for faster and more engaging mobile experiences.
System Requirements for Magento 2.4.7
To run Magento 2.4.7 efficiently, make sure your environment meets the following requirements:
- PHP: Version 8.3
- Database: MySQL 8.0
- Elasticsearch: Version 8.11 or OpenSearch 2.12
- Varnish Cache: Version 7.4
- Redis: Version 7.2
- Composer: 2.7 & 2.2
Legacy Features and Updates in Previous Versions
If you’re upgrading from an earlier version, here’s a quick look at what’s new in recent versions:
Magento 2.4.6
- Over 150 bug fixes and quality improvements.
- Security enhancements like refined admin token validation.
- Support for PHP 8.2.
Magento 2.4.5
- Introduction of asynchronous bulk APIs for efficient data management.
- Enhanced B2B capabilities including better quote and order management.
- Expanded GraphQL support for inventory and B2B functionalities.
Magento 2.4.4:
- Improved support for MySQL 8.0.
- Enhanced UI/UX in Page Builder.
- Support for Elasticsearch 7.16 and OpenSearch.
Why Upgrade?
Upgrading your Magento store is essential to maintaining security, performance, and compatibility with the latest technologies. With the Comic String vulnerability patched, enhanced GraphQL caching, and new developer tools, Magento 2.4.7 delivers a faster, safer, and more seamless shopping experience.
