magento download

Magento 2.4.5. has been launched in August 2022 with over 290 quality enhancements and fixes. It features improvements in GraphQL, performance, quality and many other features. Since then there has been 14 patches released to improve the stability and performance of Magento 2.4.5.

So, today we'll focus on the Magento 2.4.5 release notes to guide you through all these versions. You'll discover all important features in this version before you download Magento and update it to the latest version.

Magento 2.4.5 Release Notes

There have been plenty of features added in this release. However, we'd like to highlight only the most important features worth your attention.

Platform

A lot of focus is on platform improvements in this release.

  • Composer 2.2. support
  • TincMCE 5.10.2 support
  • Query 1.13.1 support
  • DHL integration schema updated to v6.2
  • Updated outdated JS libraries
  • Removed outdated dependencies

Security

Magento 2.4.5 includes 20 security fixes and platform security improvements.

  • Google reCAPTCHA for Wish List Sharing, Gift Card forms and Create New Accounts
  • Improved inventory templates security
  • Added Access Control List resources to the inventory
  • Updated MaliciousCode filter to use the HtmlPurifier library

Accessibility

Magento 2.4.5 is focused on more operable, perceivable and understandable Venia (PWA) frontend experience. 

  • Now screen readers get informed when a new pages view loads
  • Screen readers get informed about search results summary information
  • Improved contrast and keyboard accessibility

Google Analytics

Not only did Magento developers focus on platform improvements and security. They've also paid attention to SEO.

They reimplemented the integration with Google Services to include all updates introduced by Google, especially to support the transition to Google Analytics 4 in July 2023. 

Payments

The Magento team added a few changes to the Braintree and PayPal payment options and introduced App Pay as a new payment option. 

  • Added Apple Pay as a payment option
  • Added availability of PayPal Pay Later payment method for Italy and Spain
  • Preview of PayPal credit card and Pay Later buttons in the admin panel
  • Removed Braintree KOUNT fraud protection from the codebase
  • Added "Always request 3DS" options in Braintree payments.

Page Builder

Pagebuilder v1.7.2 has been made compatible with Magento 2.4.5 which allows users to manage column settings on the storefront. 

GraphQL

Those working with GraphQL will appreciate the improvements in Magento 2.4.5. 

  • GraphQL API can now consume the authorization token expiration date
  • Session usage has been removed from the HTTP header processor
  • Unified storefront GraphQL schema is rebuilt faster on deployment
  • Added the ability to disable the session cookies for all GraphQL operations completely
  • Session cookies are launched in GraphQL operation using class proxies when needed

PWA Studio 

Magento added the compatibility of PWA Studio v1.2.5 with Magento 2.4.5. 

  • Added ability to collect customer behaviour data on the PWA studio storefront to extend web analytics
  • Ability to choose a service, such as Google Tag Manager, to deploy from the admin panel

Magento 2.4.5-p1 Release Notes

This release is dedicated to fixing the security bug related to the creation of a new configuration setting. The Require email confirmation if email has been changed option allows admins to require email confirmation when the admin changes their address.

Magento 2.4.5-p2 Release Notes

Magento 2.4.5-p2 offers you three security fixes for vulnerabilities identified in the previous releases. Check Adobe Security Bulletin for more details.

Magento 2.4.5-p3 and 2.4.5-p4 Release Notes

These two releases have been released in September 2023, almost half a year after the 2.4.5.-p2 release and contains 13 security fixes and platform updates. Mainly they've changed the default behaviour of the isEmailAvailable GraphQL query and REST endpoint. Now the API returns true.

Besides, this release is compatible with the latest version of Varnish Cache 7.3 and RabbitMQ 3.11. Finally, the js library (v2.29.4), jQuery UI library (v1.13.2), and jQuery validation plugin library (v1.19.5) has been upgraded to the latest minor patch versions.

Magento 2.4.5-p5 Release Notes

It's the final release of Magento 2.4.5 which brings 10 security fixes. A new full-page cache configuration setting that helps to decrease the risks related to the {BASE-URL}/page_cache/block/esi HTTP endpoint. 

Additionally, Adobe provides a workaround for the wrong checksum error that appears during the download by Composer from repo.magento.com. If you've encountered this error, you should delete the /vendor directory inside the project if it exists then run the bin/magento composer update magento/module-page-cache command. It will update only the page cache package. 

However, if the issue persists, they recommend removing the composer.lock file before running the command.

Each Magento release makes the platform stronger, more reliable and more secure. If you're still using some outdated version, it's better to update Magento 2 and benefit from all the new features.

Magento 2.4.5-p6 Release Notes

Magento 2.4.5.-p6 focuses on two major security improvements.

The non-generated cache keys now include prefixes that are different from the prefixes in keys generated automatically. Besides, they must contain letters, digits, underscores and hyphens now.

There is a limit on the number of auto-generated coupon codes in Adobe Commerce. The default maximum is 250 000 which can be changed in Configuration > Customers> Promotions. 

Magento 2.4.5-p7 Release Note

This patch release contains three security fixes which have been identified in the previous releases. You can find more about them in the Magento Security Bulletin.

Magento 2.4.5-p8 Release Notes 

In Magento 2.4.5-p8 release Adobe added the Subresource Integrity (SRI) support to provide integrity hashes for all JavaScript assets. 

The default SRI feature is implemented only for payment pages for the admin and storefront.

Additionally, there were added updates and enhancements to Adobe Commerce Content Security Policies (CSPs). So it now complies with the  PCI 4.0 requirements.

  • The inline scripts can now be executed in a CSP with the nonce provider added in this release.
  • The default CSP configuration is now set to restrict mode for payment pages and report-only mode for all other pages.
  • There are added options to configure custom URIs to report CSP violations on Create Order pages in the admin and checkout pages on the frontend.

Magento 2.4.5-p9 Release Notes

The Magento 2.4.5-p9 includes a number of security fixes, in particular:

  • Rate limiting for one-time passwords (retry attempt limit for 2F authentication and 2F authentication lockout time (seconds)).
  • Encryption key rotation by a CLI command.
  • Fixed Prototype.js security vulnerability. 
  • Fixed remote code execution security vulnerability.
  • Resolved JavaScript error with Google Maps rendering improperly in the PageBuilder.
  • JSON web token validation issue fix.

Magento 2.4.5-p10 Release Notes

The Magento 2.4.5-p10 includes the following highlights:

  • Updated the TinyMCE dependency to the latest version (7.3) for enhanced user experience and increased efficiency.
  • Updated the Require.js to the latest version (2.3.7)
  • Fixed issues with the Braintree payment gateway so now it includes fields required to comply with the latest VISA mandate security requirements.

Magento 2.4.5-p11 Release Notes

No significant changes in Magento 2.4.5-p11. The main highlight is improved encryption key management. It's been redesigned to eliminate bugs and previous limitations. There are a few new CLI commands available for changing the keys, which you must use instead of the Admin UI.

Magento 2.4.5-p12 Release Notes

The 2.4.5-p12 addresses the issues with the System > Support > Data Collector support tool. It's been removed to prevent unauthorised access.

Magento 2.4.5-p13 Release Notes

The highlights of this release are:

  • Optimisation of the bulk asynchronous web API endpoints, which performance degraded after the previous release.
  • Restored compatibility for cooking limits by reverting the change made to MAX_NUM_COOKIES in earlier releases.
  • Fixed an issue with restricted admin users that prevented them from accessing CMS blocks.
  • Restricted async processes from overriding previous customer orders.

Magento 2.4.5-p14 Release Notes

Magento 2.4.5-p14 is a critical security release that addresses severe security issues related to improper input validation, cross-site request forgery and incorrect authorisation.

Update Magento To The Latest Version

If you want to maintain a safe environment, you have to follow Magento security best practices and install all security patches as soon as they are released. But if you want to benefit from the latest improvements and features too, it's recommended to update Magento to the latest version which is 2.4.8 now.