Magento Open Source 2.4.7-beta1 includes over 140 quality fixes and enhancements. Core Composer dependencies and third-party libraries have been upgraded to the latest available versions. Support for Composer 2.5 has been added, while Composer 2.2.x remains supported.
Magento Open Source 2.4.7-beta1 has been tested against the following component versions:
- Composer 2.5
- Elasticsearch 8.5
- MariaDB 10.6
- MySQL 8.0
- OpenSearch 2.5
- PHP 8.2 and 8.1
- RabbitMQ 3.11
- Redis 7.0
- Varnish 7.3
Our technology stack is built on PHP and MySQL. See System Requirements.
Magento Open Source 2.4.7-beta1 highlights
Look for the following highlights in this release.
Security enhancements
This release includes 13 security fix and platform security improvements.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:
- IP allowlisting
- two-factor authentication
- use of a VPN
- use of a unique location rather than
/admin - good password hygiene
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Additional security enhancements
Security improvements for this release improve compliance with the latest security best practices, including this change, which introduces a change in the default behavior of an existing REST endpoint:
Native rate limiting for payment information transmitted through REST and GraphQL APIs. Merchants can now configure rate limiting for the payment information transmitted using REST and GraphQL. This added layer of protection supports prevention of carding attacks and potentially decreases the volume of carding attacks that test many credit card numbers at once. See Rate limiting.
The default behavior of the isEmailAvailable GraphQL query and (V1/customers/isEmailAvailable) REST endpoint has changed. By default, the API now always returns true. Merchants can enable the original behavior, which is to return true if the email does not exist in the database and false if it exists.
Platform enhancements
Platform upgrades for this release improve compliance with the latest security best practices. Magento Open Source 2.4.7-beta1 introduces:
- Composer 2.5.x. Compatibility with Composer 2.2.x remains.
- Varnish cache 7.3 support. This release is compatible with the latest version of Varnish Cache 7.3. Compatibility remains with the 6.0.x and 7.2.x versions, but we recommended using Magento Open Source 2.4.7-beta1 only with Varnish Cache version 7.3 or version 6.0 LTS.
- RabbitMQ 3.11 support. This release is compatible with the latest version of RabbitMQ 3.11. Compatibility remains with RabbitMQ 3.9, which is supported through August 2023, but we recommended using Magento Open Source 2.4.7-beta1 only with RabbitMQ 3.11.
Other upgrades and replacements
Outdated JavaScript libraries have been upgraded to their latest versions, including:
moment.jslibrary (v2.29.4)jQuery UIlibrary (v1.13.2)jQueryvalidation plugin library (v1.19.5)
Leave a Reply