Magento Open Source introduces improvements to platform quality, payment methods, GraphQL caching performance, and accessibility. It includes updates to integrated Google modules.
This release includes over 290 quality fixes and enhancements.
Releases may contain backward-incompatible changes (BIC). Magento Open Source 2.4.5 contains backward-incompatible changes. To review these backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)
Other release information
Although code for these features is bundled with quarterly releases of the Magento Open Source core code, several of these projects are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.
Magento Open Source 2.4.5 highlights
Look for the following highlights in this release.
This release includes 20 security fix and platform security improvements. This security fix has been backported to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:
- IP allowlisting
- two-factor authentication
- use of a VPN
- use of a unique location rather than
- good password hygiene
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Additional security enhancements
Security improvements for this release improve compliance with the latest security best practices, including:
reCAPTCHA support has been added to the Wish List Sharing, Create New Customer Account, and Gift Card forms.
ACL resources have been added to Inventory.
Inventory template security has been enhanced.
MaliciousCodefilter has been upgraded to use the
Magento Open Source 2.4.5 now supports
PHPStan(^1.5.7 with constraint) GitHub-35315
The DHL Integration schema has been updated from v6.0 to v6.2. This upgrade will not result in a change in product behavior.
Composer dependency updates
The following Composer dependencies have been updated to the latest versions with constraint:
laminas/laminas-captcha(updated with a constraint ^2.12)
laminas/laminas-view dependencies have been removed.
Other upgrades and replacements
The DHL Integration schema has been updated from v6.0 to v6.2.
The default Gateway URL for USPS shipping has been updated to use
Froogalooplibrary has been replaced with the Vimeo
grunt-eslint(NPM) library has been upgraded to the latest version.
jQuery Storagelibraries have been replaced with
phpcsstatic code analysis tools are now compatible with PHP 8.x.
glob.jsdependency (upgraded with constraint to ~7.2.0)
serve-static.jsdependency (upgraded with constraint ~1.14.2)
underscore.jsdependency (NPM) (1.14.2)
jquery/jquery-cookiehas been replaced with
jaralax-video.jslibraries have been updated to use the latest version of the Vimeo REST API.
The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:
- Search results summary information is now announced to screen reader users
- Screen readers are now informed when a new page view loads
- Contrast and keyboard accessibility have been improved
Google has updated the tracking and integration mechanisms of AdWords and Analytics in web applications through integration with GTag. This integration of Google functionality into website pages extends opportunities to track and manage content through Google Services. Adobe Commerce has a set of built-in modules including Google AdWords, Analytics, Optimizer, and TagManager that leverage the former API for integration with Google services. In this release, we have re-implemented this integration using the GTag approach. See Migrate from analytics.js to gtag.js (Universal Analytics).
GraphQL performance enhancements include:
Developers and administrators experience faster rebuilding of the unified storefront GraphQL schema on deployment or when changing attributes in production. Shoppers also experience significantly faster page load speeds when the GraphQL schema must be rebuilt for any reason.
Added capability to consume the expiration date/time of the authorization token through the use of JSON Web Tokens (JWT) in the GraphQL API.
bin/magento config:set graphql/session/disable 1command allows merchants to completely disable the creation of session cookies for all GraphQL operations. By default, Magento Open Source creates these cookies and relies on them for authorization, which affects performance. Going forward, we recommend using tokens as the only form of authorization for GraphQL requests. We do not recommend using session cookies alone or in conjunction with authorization tokens. See GraphQL Authorization.
Session cookies are now launched in GraphQL operations using class proxies only when needed.
Session usage has been removed from
httpheader processors in GraphQL such as store, customer, or currency.
See the GraphQL Developer Guide for details on these enhancements.
Inventory template security has been enhanced.
Page Builder v.1.7.2 is compatible with Magento Open Source 2.4.5.
Page Builder column layout includes these enhancements:
Columns are now exposed, permitting users to control column settings on the storefront.
Column resizing now supports wrapping triggered by user actions.
Apple Pay is now available to all merchants running deployments with Payment Services enabled. This payment method does not require shoppers to enter their credit or debit card details. Apple Pay is available on the product details page, mini cart, shopping cart, and checkout workflow. Merchants can toggle on this feature.
Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers.
Previews of the PayPal, Credit and Pay Later buttons are now available in the Admin for the checkout, minicart, cart, and product pages. Previews reveal how these buttons will look when they are enabled and rendered on the storefront.
Braintree has discontinued the KOUNT fraud protection integration. It has been removed from the Magento Open Source codebase.
The Always request 3DS option has been added to the Admin.
PWA Studio v.12.5.x is compatible with Magento Open Source 2.4.5.
New features for this release include:
Shopper behavior data is collected on PWA Studio storefront for web analytics services. Merchants can now subscribe and extend these events as needed.
Merchants can now select a service to deploy from the Admin (Google Tag Manager).
We have fixed hundreds of issues in the Magento Open Source 2.4.5 core code.
Installation, upgrade, deployment
- You can now rename a data patch and add the old class name as an alias in the
patch_listdatabase table. now checks whether data patch aliases already existed in the database before applying the patch. Previously, Magento Open Source threw an error under these conditions.
- Magento Open Source no longer throws an exception when you try to change the Admin URL to a custom URL from the Admin. Previously, after changing the Admin URL, you could not log in. GitHub-35416
- Merchants can now successfully upgrade from an Magento Open Source 2.4.2 deployment with Klarna to Magento Open Source 2.4.3. GitHub-33760
- The path to Magento Open Source Analytics is no longer hardcoded. Previously, this hardcoded path resulted in conflicts when multiple Magento Open Source instances were installed on one server. GitHub-29373
- The Shopping bag button now provides a programmatic or textual indication of its state. Screen reader users are informed that clicking this button will expand other content, or that the associated content is expanded or collapsed. Previously, this button did not provide a programmatic or textual indication of its state.
- Payment Information credit card option text elements or images of text now meet the WCAG 2.0 required minimum color contrast ratio of 4.5:1 for standard text of 18pt (24px) or 14pt (19px) if bolded. Previously, they did not meet the expected contrast ratio.
- Address book > Communication > Account information custom focus indicators now provide a contrast ratio of at least 3:1 against the background color.
- Filter and Sort button text now meet the WCAG 2.0 required minimum color contrast ratio of 4.5:1 for standard text of 18pt (24px) or 14pt (19px) if bolded. Previously, navigation buttons for carousels did not meet these minimum contrast requirements.
- Screen readers announce the word “Venia” only once when navigating to Venia headers and footers. Previously, the same word was announced twice consecutively.
- Buttons that trigger dropdowns now provide information to screen readers that indicate their expanded or collapsed state and accessible names.
- Screen reader users are informed when a new page view is rendered. Previously, when a page title changed, the title change was not announced.
- Users can now successfully sign out of Adobe Stock.
- You can now use the
PUT /V1/productsendpoint to update product price attributes for a specific website. Previously, if some product attributes were overridden for a specific store view, you could not update a price attribute for that product in that same store view.
- Magento Open Source now correctly calculates the cart total for a bundle product when the Product Subselect rule is applied.
- Full page cache is no longer shown as disabled in the Admin when the Magento Open Source cache is flushed and
- New Relic deployment markers now work as expected when cache is flushed. GitHub-32649
Cart and checkout
- The address search pop-up on the billing step of the checkout workflow no longer causes DOM errors.
addProductsToCartmutation now works correctly with multiple products. Previously, this query returned the first product with an accurate subtotal, but returned a subtotal of 0 for other products.
- Permission exceptions are now handled for restricted products that are added by SKU. Shoppers are now given an appropriate message on the storefront, and the quantity field in the error table is disabled. Previously, Magento Open Source threw an exception like this:
There has been an error processing your request.
- The SQL query that updates affected quotes after disabling a cart price rule has been optimized to avoid locking the entire quote table.
- Shoppers with global account sharing are no longer required to log in again to a secondary website in a multi-site deployment when guest checkout is disabled. Customer data is now loaded when the shopper navigates to the subdomain. The shopper is no longer asked to log in again, and the previous cart contents are displayed.
- Address dropdown values in the checkout workflow no longer change for the remaining items in a quote when a single quantity address item is removed in a multi-address checkout. Previously, when a product was removed from a quote during multi-address checkout, the address dropdown value changed to default for all products.
cartquery no longer return null responses when a product is out of stock. A new
errorselement containing the error message was introduced to the response. Previously, when you ran a query with an out-of-stock product, Magento Open Source displayed a
nullvalue under the
itemssection in the response. See cart query.
- Shipping methods are now available as expected when a guest shopper creates an account after adding a product to their cart before proceeding to checkout. Previously, when a guest added a product the cart before creating an account, no shipping methods were available during checkout. After adding other products to the cart, shipping methods became available.
- Shoppers can now add products to their carts when no options in the Allow Countries field have been selected.
- Cart contents and login status are now reloaded as expected after a session times out when Enable Persistence is set to Yes. GitHub-35182
- Mini cart subtotals are now updated correctly when a shopper navigates from the shipping page to the cart page in the checkout workflow for an order with multiple shipping addresses. Previously, the subtotal was doubled.
- The mini cart now displays previously added products after a session timeout when Enable Persistence is enabled . GitHub-35183
- Merchants can now create a credit memo in which Refund Shipping (Incl. Tax) is set to -0.01 and can now set this amount to 0. Previously, the credit memo could not be created under these conditions.
Cart price rule
Parent Onlyattribute scope is now used properly in the Cart Rule condition.
- Product URL keys now remain unchanged when updating product name via
PUT /V1/products/for a store view. Previously, a new URL key was generated based on the new product name and assigned to the product, which overrode the URL key in that store view.
- Adding a product to a category from the Page Builder product widget set to carousel mode no longer triggers a page reload.
- Products set to Not Visible Individually no longer appear in catalog Advanced Search results.
- Dynamic bundle attributes are now updated correctly on the Mass Attribute Update page. Previously, the Dynamic SKU attribute remained set to Yes even though they were disabled on the Mass Update page.
- Catalog rules are now correctly applied using incremental indexers rather than a full re-index.
- You can now successfully switch between list and grid views of multi-page product lists. Previously, when you navigated to the last page of a multi-page product list view before switching to the grid view, Magento Open Source displayed this error:
Unfortunately there are no products in this category on our website currently.
- Admin Action Log reports now display updated product IDs and updated status information as expected.
- Triggers are now restored as expected to the
catalogrule_product_pricetable after a full re-index. Previously, triggers were removed from the
catalogrule_product_pricetable after a
- Category rules that are used to assign products to categories no longer randomly change.
- Categories can no longer be updated globally by an administrator with scope-restricted access. Previously, when multiple websites used the same category but different products, and an administrator with permission restricted to one store changed products in the category, the product selection also changed for other stores.
- The product details page now displays the correct price when a non-default currency for a specified locale is used. Previously, numbers were not localized as expected on the storefront.
- The same error message is now displayed by the API and on the storefront when trying to retrieve the tier prices of a product with duplicate records. Previously,
PUT /V1/products/tier-pricesreturned an incorrect error message.
- Magento Open Source now provides validation error messages when you try to add a product URL key with a trailing hyphen. Informative tooltip text is also available.
- The new
ConfigurableWishlistItem.configured_variantfield has replaced the
ConfigurableWishlistItem.child_skufield. The latter field triggered an internal error when a customer wish list contained an un-configured configurable product.
- URL rewrites are now generated only for the selected stores during the mass attribute update to change product visibility. Previously, the mass attribute update created a URL rewrite for the wrong store.
- When the
Synchronize widget products with backend storagesetting is enabled, Magento Open Source adds recently view product data into the
catalog_product_frontend_actiondatabase table. It includes the customer or visitor ID when adding records. The
recently_viewed_productsection in the response is now empty if customer ID and visitor ID are null. As a result, when the
customer/section/loadAjax request is sent, Magento Open Source can correctly filter recently viewed products based on customer or visitor ID. Previously, the response included all the data available in the
catalog_product_frontend_actiondatabase table because there was no check for an empty customer or visitor ID.
- Administrators can now change configurable product options in a shopper’s cart from the Admin slide panel. Previously, the slide panel did not work correctly.
- Page cache is now cleared as expected for the configurable product parent when changes to a child product are saved. Previously, because the cache was not cleared, changes were not selected on the storefront configuration product page. GitHub-34508
- Product lists are now rendered correctly in the Admin. Previously, the product list did not render, and Magento Open Source displayed this error:
Item (Magento\Catalog\Model\Product\Interceptor) with the same ID "<ID>" already exists. GitHub-33145
- Product prices are now the same on the product detail page and in storefront search in multi-store deployments after Catalogue Price Scope changes from website to global. Previously, the Catalog Search Results page displayed the global price, and the product details page displayed the website price. GitHub-34074
- Layered navigation now displays products with the highest prices as expected when Price Navigation Step Calculation is set to Manual.
- You can now change the per-page product limit displayed within a category when Remember Category Pagination is enabled. Previously, the cookie
form_keydiffered, and Magento Open Source displayed this error:
Invalid Form Key. Please refresh the page.
- The EAV indexer now processes product IDs as type
intto prevent possible performance issues.
- A new product cache is now successfully generated after you add a new image with a name that contains ‘.’ to a product, then save the product and clean the image cache. GitHub-32699
Magento Open Source now displays an error message as expected when you try to create an attribute from the product page without completing the Admin field. GitHub-33099
Product ratings are now correct on all catalog product lists when the home page contains multiple catalog lists. GitHub-33867
- Magento Open Source now displays the correct product price for a configurable product with a selected option after changing its quantity on product details page. Previously, the price was reset to the initial value after the quantity changed.
productsquery now retrieves prices for configurable products that accurately reflect the Display Out Of Stock configuration setting. Previously, the query did not return accurate prices.
- Configurable options are now linked to configurable products that are created in the Admin using
- Multi-select attributes are now saved correctly during product edit. Previously, Magento Open Source saved the default option for non-selected attributes as well as selected attributes when saving a product.
- Magento Open Source now displays configurable attributes as expected during the creation of global
selectattributes via a patch script. Previously, eligible global attributes were hidden.
addConfigurableProductsToCartmutation can now be used to add configurable products with custom options. Previously, Magento Open Source threw this error:
Magento 2.3.4 graphql Notice: Undefined index: option_value in /var/www/html/mg234/vendor/magento/module-configurable-product-graph-ql/Model/Resolver/ConfigurableCartItemOptions.php on line 62. GitHub-28860
You can now re-order configurable products with optional custom options. Previously, re-order attempts failed, and meant displayed this error:
Some of the selected options are not currently available. GitHub-35409
addConfigurableProductsToCartmutation now works as expected with multiple products. Previously, incorrect product information was returned, or an invalid error message was returned. GitHub-30948
- Magento Open Source now displays predefined EAV system attributes correctly according to the website setting on the storefront. Previously, website-level customer attributes that were enabled for one website and disabled for another were displayed as enabled for both websites.
- You can now remove sample links and files from a downloadable product. GitHub-31887
- System-issued emails are now successfully sent to recipients with “.-“ in their email address.
- Customers now get email reminders about their abandoned carts on the correct schedule. The new
TIMESTAMPDIFF(DAY, ,)SQL function has replaced the
TO_DAYS()function and calculates the difference in the timestamps on the basis of date and time. Previously, email reminders were not sent per schedule because of the incorrect calculation of two date-time values of cart abandonment (any timezone) and server time (UTC).
- Magento Open Source now displays an error message on the Shipping page when a shopper enters an invalid email format after the shopper clicks Place Order. Previously, the error message was displayed on the Payment page. [GitHub-33590](https://github.com/magento/magento2/issues/33590
bin/magento setup:config:setcommand no longer overrides already set cache ID prefixes in
bin/magento setup:static-content:deploy -s compactcommand now includes styles from child themes as expected. Previously, theme CSS files were not present on the storefront after deployment.
- A new sniff has been added to check if closing slashes are used in
- Magento Open Source no longer throws an SQL error after assigning a new source to a product and changing its quantity. GitHub-35262
- Attribute sort order now works as specified in the
di.xmlfile after update.
updateCartCurrencyfunction now sets string instead of an object inside the cart object. Previously, Magento Open Source did not load a quote using
updateCartCurrencyfunction set an object instead of a string inside the cart object. GitHub-34199
- Deprecation notices no longer occur in unit tests due to
\DateTimeFormatter::formatObject(). This method now works as expected with numeric values for
- Magento Open Source no longer displays a
preg_replace()error on the Admin. The third argument (
$subject) is now of type
isFreeShippingmethod now returns an integer rather than a Boolean.GitHub-35164
- Magento Open Source no longer throws the following error when you create a plugin for any method of class
Error: Call to undefined method ReflectionUnionType::getName(). GitHub-35292
- Magento Open Source now returns a 404 error instead of a 500 error when you navigate to
/checkout/sidebar/updateItemQty/?item_qty=erroron the storefront. Previously, this error was thrown:
Warning: A non-numeric value encountered in /vendor/magento/module-checkout/Controller/Sidebar/UpdateItemQty.php on line 69. GitHub-34380
- Magento Open Source no longer triggers a
trim(): Passing null to parameter #1 ($string) of type string is deprecatederror when the AMPQ connection is configured without SSL configuration.
- Corrected the
longblogdatabase definition to
long blob. GitHub-35108
- Knockout text containing single quotes is now translatable. GitHub-34319
magento2/app/code/Magento/Security/Model/AdminSessionsManager.phphas been corrected from
.htpasswdhas been added to banned locations in the
nginxconfiguration file. GitHub-35150
- Load time of category product list pages have been improved by adding
ProductRepository.php:getmethod now returns cache keys once. Previously, they were returned twice. GitHub-34958
- Added an error message to a new exception that was created in the exception handler for cron jobs. GitHub-34941
- The ReadMe files for the
GraphQl-GroupedProductGraphQlmodules have been updated. GitHub-34951
- The storefront print order/invoice/credit memo pages no longer display the default Luma logo instead of the logo that has been specified for display on the website. GitHub-34942
- Setting the maximum session size to 0 (Admin Store > Settings > Configuration - Advanced) no longer logs out the administrator. GitHub-35312
- Customer address attributes configuration settings are now loaded correctly based the website the customer is assigned to when you add a new customer address from the Admin that is assigned to a non-default website.
- Magento Open Source no longer throws an exception when you add a bundle product through Page Builder.
- You can now create a customer account on an iOS device with the inclined apostrophe (’) in the first, middle, or last name. Previously, only the straight apostrophe was allowed, and using iOS 11+ default inclined apostrophe resulted in a
Name is not valid!error.
productsquery now returns product information that accurately reflects the “Show Related Products” configuration. The
crosssell_productsfields in the GraphQL ProductInterface are now resolved according to Show Related Products, Show Upsell Products, and Show Cross-Sell Products configuration respectively.
- The Set Product as New From Date attribute now displays the correct date when the Set Product as New attribute is set through a mass product bulk update. Previously, Set Product as New From Date was displayed as Jan 1, 1970.
- Users with restricted roles are no longer automatically granted access to new modules.
- Related product rule conditions now work as expected with products that contain
- Merchants can now add a tier price attribute (
tier_price) to product comparisons. Previously, the product comparisons page crashed when the Comparable on storefront setting for this attribute was enabled. GitHub-35244
- Magento Open Source now displays an error message when you set an invalid cookie domain (Store > Configurations > Web > Default Cookie Settings Cookie Domain). Previously, the website crashed. GitHub-35048
- Magento Open Source no longer throws an error when an administrator with roles scoped to a single website adds product to Content Elements using PageBuilder. Previously, Magento Open Source threw an SQL error.
- Validation has been added to the second line of the street address on the edit and add address pages. The minimum and maximum text lengths that are specified on the second are now enforced.
- Magento Open Source no longer throws the following error during the creation of a catalog rule in the Admin after upgrade:
A technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later.
- Magento Open Source no longer throws an error when you activate the Check here to link an RSS feed to your Wish List checkbox before clicking on Share Wish list. GitHub-34998
- The title of the Show Password checkbox (Customer Login, Customer Registration, Customer Edit (Change Password section), and Customer Set New Password forms) is now translatable. GitHub-34857
- Updated the labels and comment descriptions in
- Removed unneeded
- A missing
price_rangeattribute has been added to the GraphQL
productsquery no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318
price_including_taxfield has been added to
ProductInterfaceare no longer deprecated. GitHub-34783
categoriesquery no longer throws an exception when fetching a list of categories one of which contains an image that cannot be found on the filesystem. Previously, Magento Open Source threw this exception:
Category image not found. GitHub-34266
productsquery now returns
category_uidas an aggregation as expected. GitHub-32557
updateCartItemsmutation now removes products as expected when the product stock has reached the maximum stock amount. GitHub-30220
urlResolverquery now resolves the path delimiter (/) correctly when multiple homepages have the same identifier. Previously, the query did not resolve the delimiter and returned null. GitHub-33615
customerqueries now fetch bundle product multi-select options as expected when querying orders. GitHub-34717
- Magento Open Source sessions no longer end after a GraphQL request is made. Previously, the
ClearCustomerSessionAfterRequestplugin logged out the shopper. GitHub-34550
- Configurable product price range in
productsquery responses are now correctly calculated when the Display Out of Stock Products configuration setting is enabled. Previously, disabled options were taken into account in the minimum and maximum price calculation.
productsquery now returns correctly filtered multiple categories when sorting by position.
setShippingAddressesOnCartrequests now successfully validate region IDs. Previously, Magento Open Source threw an error when you used region ID instead of region code.
productsqueries now return only the categories associated with the store passed in the request.
categoryListquery now returns results that reflect the queried store’s root category when the store is specified in the header. Previously, categories from the default root category were included in results even though another store was specified in the header.
productsquery no longer returns attributes as an aggregation when the Use in Search Results Layered Navigation setting is disabled. GitHub-33318
cartquery now returns only one payment methods for free orders. Previously, all active payment methods were returned in the query response. GitHub-34036
productsqueries no longer returns
price_rangevalues for configurable products that are affected by disabled variants. GitHub-33629
- Added a plugin before the
collectQuoteTotalscall to ensure store credits are not applied multiple times.
generateCustomerTokenAsAdminmutation now retrieves customer tokens as expected. Previously, tokens were not returned, and this error was returned:
Customer email provided does not exist.
- GraphQL schema is now valid when a custom
typeproduct attribute is defined. Previously, the schema was invalid because the
typeattribute on products types was overwritten by the custom
- Customers added or updated with the
updateCustomerV2mutation are now added with active newsletter subscriptions. Previously, customers were unsubscribed from newsletters even when the request contained proper input parameters. GitHub-33599
productsquery for a specific store view now returns only categories that are in the specific website’s root category in multi-site deployment. Previously, the query returned categories from the root categories of other websites. GitHub-34570
productsquery now returns only the subcategory of provided category ID. Previously, it returned all categories. GitHub-35220
customerOrdersquery now responds as expected when the
gift_messageobject is specified in the response but no gift message exists. Previously, the query returned this message:
Can't load gift message for order is returned. GitHub-28957
- Fixed a bug with the
catalog_category_productindexer that caused the
productsquery to return categories from another store. GitHub-31253
generateCustomerTokenmutation now creates an entry in the
customer_logas expected after generating a customer token. GitHub-33378
- The Google Tag module has been added to the codebase, which supports the transition to Google Analytics 4 in July 2023. You can currently use and collect new data in your Google Universal Analytics properties, but Google Universal will reach end-of-life in July 2023. GitHub-35204, GitHub-35376
- Images on product details pages no longer flicker, and images remain centered as expected. Previously, after a product detail page completed loading an image, the image visibly shifted downwards.
- Related, upsell, and cross-sell product position in the export CSV is now correct after the deletion of a cross-sell product from the Admin before regenerating the CSV file. Previously, cross-sell product positions were not re-calculated after a cross-sell product was removed, and product position order was incorrect.
- Magento Open Source now checks for a custom view before filtering columns when exporting reports. Previously, exported reports did not take into account custom views, and exported columns were incorrect.
- Magento Open Source now successfully imports images with long file names. Previously, Magento Open Source did not import the image and threw this error:
Imported resource (image) could not be downloaded from external resource due to timeout or access permissions in row(s):.
- Category ID attributes are now available in scheduled export filters.
- Bundle products that contain a question mark (?) in the option title can now be imported successfully because of improvements to the query builder inside
populateExistingOptionsmethod. The option title is also displayed correctly. Previously, after the initial import, successive imports resulted in corrupted behavior and doubled options. Shoppers could not add the product to the cart, either.
- Added validation for category names during import. Previously, Magento Open Source did not validate category names, which lead to errors when category names exceeded 255 characters.
- Existing records in the
catalog_url_rewrite_product_categorytable are now deleted before inserting new ones. Previously, the following error occurred during multi-store product import:
SQLSTATE: Integrity constraint violation. GitHub-34210
- A deprecated Context Menu plugin has been removed from plugins list.
- The TinyMCE editor toolbar-related logic in the Page Builder module has been updated as a result of introducing
delayedRenderlogic for the toolbar in TinyMCE.
- Race conditions no longer interrupt the creation of the
contentUpdatedevent listener. GitHub-32068
getTypeIDfunction now returns product type ID not product ID. GitHub-35458
jQuery UI slider and
SelectMenumapping has been corrected in
Observers placed on
sales_order_state_change_beforenow support the retrieval of data from the order object. The
eventargument has been updated. GitHub-26789
indexer:resethas been refactored to call
- You can now use use the colon symbol in an
htmlClassattribute value, which supports the use of additional components such as the Tailwind UI. GitHub-34430
- Customer, customer address, and order actions are now logged correctly in the Admin action report. Previously, Magento Open Source did not log actions if the
postDispatchhandler had not been specified in configuration settings.
Repetitive actions have been replaced with action groups in these tests:
- Logged-in customers are no longer marked as guests in Admin > Marketing > Newsletter Subscribers.
- The newsletter subscription confirmation email now has the correct, store-specific email address in the From field if the customer is assigned to a non-default store and subscribed or unsubscribed from the Admin. Previously, the customer received an email with default email in From header. GitHub-34963
- The unsubscribe URL in the newsletter email template now works as expected. GitHub-33310
- Guest customer details are now saved successfully after an order is edited. Previously, some customer details were lost, including
- Merchants can no longer create a credit memo with a decimal total quantity when Decimal qty is disabled on a product or global setting level. Previously, merchants could create a credit memo for decimal total quantity where it was not applicable.
- Filter by date now works properly for Invoices, shipments, credit memos, CMS pages, and CMS block grids when the timezone set in preferences differs from the timezone set on a local computer. Previously, the date was incorrectly parsed and the filtered results included data outside of the set date range.
- Magento Open Source no longer changes custom email addresses that are assigned to orders when you change the main email address assigned to the customer on the Admin account edit page. Previously, when you edited the main email address for a customer, the new email address was assigned to every order created for that customer. GitHub-34397
- Magento Open Source now displays records from the requested store on the credit memos grid page in deployments running PHP 7.4. Previously, Magento Open Source threw the following error after you created a credit memo and tried to view it:
The store that was requested wasn't found. Verify the store and try again.
- Magento Open Source now displays credit memos on the credit memo grid page for orders created from store views whose name is prepended with numbers. Previously, Magento Open Source displayed the error:
The store that was requested wasn't found. Verify the store and try again. Exception in /var/www/html/vendor/magento/module-store/Model/StoreRepository.php:75. GitHub-35122
- Magento Open Source now displays the free shipping cost (0) on the Admin and storefront invoice page totals. Previously, when shipping was zero for an order, Magento Open Source did not display the shipping amount in total on the invoice page shipping total.
increment_idcolumn in the
sales_ordertable has been increased. Previously, third-party modules that assumed that
sales_order.increment_idhad a length of 50 characters saved only the first 32 characters of an
- Administrators can now place an order on the Admin using the PayPal PayflowPro payment method. Previously, Magento Open Source displayed this error:
No such entity with cartId = 0.
- Payment Review page in the checkout workflow now displays the correct payment method name when payment is made with Venmo, PayPal Later, or PayPal.
cartquery no longer returns all active payment methods for free orders. GitHub-34036
- Merchants can now submit a partial refund for orders paid with Apple Pay through Braintree. This was a known issue in Magento Open Source 2.4.4.
- Magento Open Source now shows the correct customer name in a guest order paid for with PayPal. Previously, the customer name was displayed as Guest.
- The resolver for the createPaypalExpressToken mutation has been updated to correctly use the value specified in the use_paypal_credit input field. Previously, it attempted to use an invalid
- Redis cache management has been improved by the addition of TTL (expiration date) for configurable products’ associated product data caches. Previously, these caches were not evicted due to missing TTL values if Redis key eviction policy was configured to a volatile eviction policy.
- The new
Grid Filter Condition Typecustomer/customer address attribute controls how an attribute filter is matched against the attribute values in the database, Options include
Prefix Match, and
- The Catalog Search fulltext indexer has been relocated outside the stores loop, which streamlines re-indexing. GitHub-33984
- Fixed issue with
array_mergein loops. GitHub-33929
- Price attributes that have no value in the default scope (but that are defined at the store-view level) are now indexed properly. Previously, the SQL expressions that retrieves price attributes values from EAV table did not take into account the scenario in which the value was not defined in the default scope.
- The price listed on the product detail page is now the same as the price listed in the checkout workflow for tier prices that differ by quantity selected (for example, a product priced differently based on buying 2 items versus 5 items). Previously, the checkout price reflected the price for the lowest product quantity.
- The Submit button on the Login and Create an Account pages is now inactive until ReCaptcha is fully loaded.
- The Store > Configuration > Services page now displays Magento Open Source Web API information as expected when Resource Access is set to Custom on the Role Resources tab. GitHub-35506
- Filtering products by color swatch on the layered navigation displays the correct image for the products after the fix.
- Elasticsearch queries now work as expected when
intis configured as a searchable backend
typeattribute. Previously, Magento Open Source threw an
- You can now use search synonyms together with the Minimum Terms to Match parameter In Elasticsearch queries. Previously, if this parameter was specified in settings and search terms were added for specific keywords, the search returned no results.
- Magento Open Source now displays an accurate search results suggestion count on the storefront in deployments where Search Suggestions and the Show Results Count for Each Suggestion setting are enabled. Previously, the count displayed next to the keywords was zero.
- Products sorted by custom attributes on the Catalog page are now displayed in the expected order. Previously, products were sorted by their attribute option value ID, which reflects the order in which they they were added to the attribute. GitHub-33810
- Filtering products by color swatch in the layered navigation now displays the correct product images. Previously, the layered navigation
PageCachekey did not include filter parameters for configurable products.
- Fixed PHP errors on the
catalogsearch/advanced/indexpages. Previously, Magento Open Source displayed this error when an array was passed in any advanced search string :
Warning: trim() expects parameter 1 to be string, array given | magento/module-catalog-search. GitHub-33586
- Magento Open Source no longer throws an error when loading UPS shipping rates if no allowed shipping methods are selected. Previously, when a shopper entered a shipping address in the checkout workflow under these conditions, no other shipping methods were displayed, and Magento Open Source displayed an error on the storefront. GitHub-34411
- Virtual product prices are now excluded in calculation table rate shipping amount. Previously, shipping costs for these products were not calculated correctly.GitHub-35185
- Table rate shipping rates with zero price are now displayed correctly in the checkout workflow Order Summary block for orders that have had a discount coupon applied. Previously, the shipping method was not displayed.
- Fixed Product Tax (FPT) is now correctly displayed for products in the shopping cart. Previously, if multiple products in the shopping cart have Fixed Product Tax (FPT) and Apply Tax To FPT were enabled, all FPTs were assigned to the last product in the shopping cart and reset for other products.
- The Fixed Product Tax (FPT) total for the order summary section of the checkout workflow is now calculated correctly.
- Magento Open Source now updates the Excluding Tax tier price for a simple product on the product page as expected after the quantity of the simple product has changed.
- Validation has been added to the store configuration page to verify if the selected country from the dropdown list is on the EU country list. The Validate VAT Number button is now visible only for EU countries. Previously, the button was visible for all countries, including the U.K.
- Tier price are now calculated correctly when Display Product Prices In Catalog is set to either Excluding Tax or Including and Excluding Tax. Previously, the product details page displayed tier prices with taxes despite the setting.
- Taxes are now applied correctly for orders to any valid address in storefronts using the Portuguese locale. GitHub-34271
cartquery no longer includes tax when returning
- Web API requests for order data (
GET /V1/orders/) no longer returns negative values for row totals.
- Corrected errors with
Magento.GraphQl.CatalogGraphQl.ProductSearchTest.testSearchSuggestionswhen run with AWS Elasticsearch configuration.
testCreateProductOnStoreLevelintegration test no longer causes a nested transaction on the database.
The following exception no longer occurs when running WebAPI tests for the Send Friend feature when product image has not set on PHP 8.1:
exception main.ERROR: /var/www/html/lib/internal/Magento/Framework/DataObject.php:131 strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated. GitHub-34864
Translations and locales
- You can now use the Translate inline tool to edit the same element more that once. Previously, only the first change made using this tool was included.
- The store view selector no longer blocks the translation pane when you edit Admin text or labels. You can now edit these features from the translation pane, and the interface displays these changes when you click Submit.
- The Admin date-time format for Brazilian Portuguese and French locales is now valid.
- Added a grave accent [ ` ] character to the name validator so that customer account can be created for first or last names that include this accent.
translate_strategy=embedded. Previously, the text reverted to English after the product was added to the cart.
- Search Synonyms now respect their assigned store scope. Previously, a synonym assigned to a specific store was searchable on any other store.
- Problems with the Filipino (Philippines) locale has been resolved. GitHub-33996
- Lengthy product names in the Catalog > Products grid are now word-wrapped instead of displayed in a single line.
- The minimal and maximum date-of-birth range is now saved as a correct timestamp and then converted from a valid timestamp to a valid date format.
- The unavailability of
magento.comno longer causes performance issues during Admin login. A timeout on the request to fetch release notification has been added.
- The results of the Admin order, customer, and product grid filters now persist as expected when displayed in the Chrome browser.
- You can now create a customer from the Admin when
Magento_LoginAsCustomerAdminUiis enabled and Store View To Login To is set to manual selection. Previously, Magento Open Source threw this error:
(Magento\Framework\Exception\LocalizedException): Unable to get Customer ID. GitHub-33096
- The Next arrow is now disabled as expected when a shopper reaches the last thumbnail image in the product image gallery.
- The Search by keyword input field now has an
aria-labelelement instead of a placeholder on the Catalog > Product page.
- Administrators can now set the current user’s expiration date higher than 2038 and save the user successfully. Previously, the user whose expiration date was changed could not log back in after logging out.
- Magento Open Source now displays an informative error message when an administrator tries to save an address with excessive street lines in Admin Store > Attributes > Customer Address. The administrator can now delete the extra address information and successfully save the address. Previously, Magento Open Source committed the extra lines but did not save the data.
- The product listing view configuration in the database and local storage has been updated. Custom grid views are now saved during page reload and view changes.
- You can now switch between store views when website restrictions are enabled. Previously, problems with the store view switcher prevented switching store views.
- The favicon icon upload form now supports
.icofile types. Previously, when you tried to upload a favicon file with this extension type in the Admin, Magento Open Source displayed this error:
Warning: imagecreatefromstring(): one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully in /var/www/html/vendor/magento/module-media-storage/Model/File/Validator/Image.php on line 64. GitHub-34858
- Corrected display issues with the drop-down Select menu in the Admin grid. GitHub-35386
- URLs for a product in a specific store view only are now removed from the
url_rewritetable and Admin after the attribute code visibility status for the specific store view is changed to Not Visible Individually. Previously, all URLs were removed for the product in the
- You can now use YouTube URL parameters using Page Builder to add a new video. Previously, these parameters were automatically removed from the URL.
- You can now set a Vimeo video to run in the background in a
bannerelement when CSP is set to
Web API framework
- Mutex has been implemented for orders to prevent race conditions during update by concurrent requests. Previously, race conditions during concurrent REST API calls resulted in an overwrite of shipping status information in the Admin Items Ordered table.
- Product image role inheritance is now preserved unless explicitly defined in the payload when updating a product in a specific store view via the REST API.
- The Swagger schema (
/rest/schema) now uses unique operation IDs.
- Cart price rules created through the
POST /V1/salesRules/endpoint now retain existing coupon code values after changing status from disabled to enabled. GitHub-35298
- Cart price rules created through the
POST /V1/salesRules/endpoint now contain valid
- REST API bulk PUT and DELETE requests now work as expected when the
Magento_ReCaptchaWebapiRestmodule is enabled. GitHub-35348
- The Bulk Rest API now works with the
bySkuoption for configurable products. Previously, it returned a 500 error.
- Creating a new special price schedule with the
POST /V1/products/special-priceendpoint now works as expected. Previously, the endpoint returned this error:
Future Update already exists in this time range. Set a different range and try again.
/V1/products/base-pricesendpoint now works as expected with Catalog Price Mode - Website. GitHub-30132
- Updating an item quantity from the wish list page now updates the quantity on the product detail page as expected. Magento Open Source now picks up the updated value from the product URL and populates the
qtyfield of product detail page from the wishlist itself.
Issue: Admin users cannot create an order or re-order for customers from the Admin when Braintree is enabled. When the Admin user clicks either Order or Reorder, Adobe Commerce does not submit the order, and the
system.log displays this error:
report.CRITICAL: Error: Call to a member function getMethodInstance() on null in /app/vendor/paypal/module-braintree-core/Block/Form.php:174. Workaround:
BUNDLE-3137-composer.patch is now available. See the Admin can’t create order/reorder when Braintree payment enabled Knowledge Base article for a discussion of this issue and access to the patch. A fix will also be included in Adobe Commerce 2.4.5-p1.
We are grateful to the wider Magento community and would like to acknowledge their contributions to this release.
The Magento Community Engineering team Magento Contributors maintains a list of top contributing individuals and partners by month, quarter, and year. From that Contributors page, you can follow links to their merged PRs on GitHub.
The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).
Individual contributor contributions
The following table identifies contributions from our community members. This table lists the community member who contributed the pull request, the external pull request number, and the GitHub issue number associated with it (if available).
Our technology stack is built on PHP and MySQL. For more information, see System Requirements.
Installation and upgrade instructions
You can install Magento Open Source 2.4.5 using Composer.