magento download

Magento 2.4.6 has been launched on March 2023. It features scalability and performance enhancements, over 300 quality fixes and updated core composer dependencies and third-party libraries. 

In this guide, you'll learn how to download Magento 2.4.6 and what important changes it offer before you update your Magento version.

Download Magento 2.4.6

Version Release Date Link
2.4.6-p8 October 8, 2024 Download Magento 2.4.6-p8.zip
2.4.6-p7 August 2024 Download Magento 2.4.6-p7.zip
2.4.6-p6 June 2024 Download Magento 2.4.6-p6.zip
2.4.6-p5 April 2024 Download Magento 2.4.6-p5.zip
2.4.6-p4 February 2024 Download Magento 2.4.6-p4.zip
2.4.6-p3 October 2023 Download Magento 2.4.6-p3.zip
2.4.6-p2 August 2023 Download Magento 2.4.6-p2.zip
2.4.6-p1 June 2023 Download Magento 2.4.6-p1.zip
2.4.6 March 2023 Download Magento 2.4.6.zip

Magento 2 Download using Composer

Alternatively, you can download Magento using the following composer commands. But note that this could take a while and requires a composer. Please make sure that you use the proper composer version, check Magento 2 System Requirements.

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition magento XXX
cd magento
composer install

Replace XXX in the example with the Magento version you would like to install, for example:

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition magento 2.4.6-p3

Note: all our Magento extensions are already compatible with Magento 2.4.6.

Magento 2.4.6 Release Notes

Magento gets better with each version. So 2.4.6. definitely has a lot to offer. Let's dive into the most important platform updates.

Platform

For high performance Magento 2.4.6 introduces support for PHP 8.2 (PHP 8.1 will continue to be supported).

  • Composer 2.2.x support
  • OpenSearch 2.x support
  • Redis 7.0.x support
  • Compatibility with ElasticSearch 8.x and MariaDB 10.6
  • Updated outdated JS libraries and removed outdated dependencies

Security

This release contains 8 security fixes, even though there are no confirmed attacks to date. Most of them are related to the admin panel since it's the first thing the attacker would target. So the following was improved: 

  • Use on VPN
  • Two-facto authentication
  • IP allow listing
  • Password hygiene

Performance

Magento 2.4.6 is optimized to support your growing business requirements. There are plenty of improvements to the performance and scalability of your store. 

  • Improved product grid performance through a limited number of products displayed in a grid
  • Improved order processing on cloud infrastructure customers
  • Added options to improve operations performance if 100+ customer segments are involved
  • Improved import data performance through new PEST API endpoint (+100 000 reports/minute)

Payments

The Magento 2.4.6 release focuses on improving Braintree payments.

  • Added Braintree Pay Layer button and messages for Italy and Spain
  • Added Fraud protection and ACH webhooks to the Braintree payment method
  • Enabled Pay Later messaging with PayPal Vault

Page Builder

The biggest update is that you can use drag and drop to bulk import images into the gallery. This version of Magento is also compatible with Page Builder v1.7.3. 

Additionally, the dropdown, text field, and text area attributes are now available in the Page Builder product attribute list.

GraphQL

In the 2.4.6 release, Magento continues working on improving the Magento GraphQL experience.

  • Improved GraphQL category tree rendering performance
  • Improved response time of the bulk cart operations through GraphQL
  • Improves response time of some Magento APIs related to querying product categories with category permissions enabled
  • Customer queries now support order sorting

Magento 2.4.6-p1 Release Notes

Magento 2.4.6-p1 was released not so long after 2.4.6 and presents you with security fixes and platform improvements that make your store better.

Platform

In this release Adobe improved the compliance of the platform with the latest security best practices. 

  • Added compatibility with Varnish cache 7.3 support
  • Added compatibility with the latest RabiitMQ 3.11
  • Updated outdated JavaScript libraries to the latest minor or patch versions

Security

The patch contains 13 important fixes, the main dealing with:

  • Incorrect authorization
  • Server-side request forgery
  • Improper Input validation

Magento 2.4.6-p2 Release Notes

Magento 2.4.6.-p2 is mainly a security release that focuses on providing three major security fixes for vulnerabilities discovered in Magento Commerce and Open Source previous releases.

In particular, the value of fastcgi_pass in the nginx.sample file has been returned to the previous value of fastcgi_backend. Besides, the security vulnerability of the jQuery-UI library version 1.13.1 has been taken care of in this release.

Looking forward to using the latest version of Magento? Update Magento 2 and benefit from better security, performance, scalability and payments.

Magento 2.4.6-p3 Release Notes

Same as in the case of the 2.4.6-p2 release, Magento 2.4.6-p3 includes mainly security fixes aimed at improving Magento deployment.

Besides, the release includes new settings for full-page cache. It helps to mitigate the risks associated with the {BASE-URL}/page_cache/block/esi HTTP endpoint.

Magento 2.4.6-p4 Release Notes

The focus of the Magento 2.4.6.-p4 is on two major security enhancements.

Adobe made changes to the non-generated cache keys. They now include prefixes different from the ones in keys generated automatically. Besides, the keys for blocks must contain letters, digits, hyphens and underscores characters from now on.

Adobe has imposed a limitation on the number of auto-generated coupon codes in the Commerce edition. The default maximum is 250,000. But merchants can control that limit in Configuration > Customers> Promotions

Magento 2.4.6-p5 Release Notes

This patch release contains three security fixes identified in the previous releases. You can find more in the Magento Security Bulletin.

Magento 2.4.6-p6 Release Notes

Magento 2.4.6-p6 security release concerns Adobe Commerce. The Subresource Integrity (SRI) support has been added to provide integrity hashes for all JavaScript assets. 

The default SRI feature is implemented for the admin and storefront only on the payment pages.

There also have been updates and enhancements to Adobe Commerce Content Security Policies (CSPs)  to comply with the  PCI 4.0 requirements.

  • The execution of inline scripts in a CSP is now allowed due to the added nonce provider.
  • The default CSP configuration for payment pages is now set to restrict mode and report-only mode for all other pages.
  • Options to configure custom URIs to report CSP violations on order creation pages in the admin and checkout pages on the frontend.

Magento 2.4.6-p7 Release Notes

The Magento 2.4.6-p7 includes a number of fixes for security vulnerabilities identified in the previous versions. In particular:

  • Rate limiting for one-time passwords (2F authentication retry attempt limit and lockout time (seconds)).
  • CLI command for the encryption key rotation.
  • Resolved Prototype.js security vulnerability. 
  • Fixed remote code execution vulnerability.
  • Resolved JavaScript error that caused Google Maps to render improperly in the PageBuilder.
  • JSON web token validation issue.

Magento 2.4.6-p8 Release Notes

This Magento patch includes fixes for the TinyMCE, Require.js and Braintree payment gateway. The TinyMCE dependency was updated to the 7.3 version to provide more efficiency and better user experience. 

Require.js was updated to the 2.3.7 version and new fields were added to the Braintree payment gateway to comply with the latest VISA requirements.