Adobe Commerce 2.4.8 (including Magento Open Source) dropped on April 9, 2025, bringing meaningful improvements across performance, APIs, payments, and security. But more than a version bump, this release signals a push toward cleaner architecture, modernized dependencies, and faster headless support.

If you’re a Magento dev, here's what you actually need to know about what changed, what broke, and how to upgrade with confidence.

⚙️ Under-the-Hood Magento Improvements

First, let’s explore the core-level improvements and what they mean for your daily work with Magento.

PHP 8.4 Support (and 8.1 Deprecation)

Magento 2.4.8 is now compatible with PHP 8.4, a major shift, as 8.1 reaches end-of-life. Here’s what it means for your codebase:

  • Removed deprecated PHP functions and interfaces. Any legacy patterns relying on outdated PHP 8.1+ methods are now gone. This can affect both your code and vendor packages.
  • Stricter type checking. PHP 8.4 enforces type signature and return type consistency more aggressively. Mismatches that were warnings or notices before may now result in fatal errors.
  • Third-party module instability. Many older extensions, especially ones not updated recently, may no longer be compatible out of the box.

Sounds grim, but it’s all for the better cause of a leaner codebase. To adapt to 2.4.8, here’s what the Amasty team recommends:

  • Run static analysis early to catch type mismatches, return inconsistencies, and deprecated calls.
  • Review your CI pipeline and adjust composer constraints. Make sure all dependencies support ^8.4.
  • Test custom modules in isolation before merging into your upgrade branch. Just because Magento boots doesn't mean everything works.

📌 Tip: Don’t wait for runtime errors. Use automated static tools and integration tests as your first line of defense.

Default Indexing Mode Changed

Indexers now default to “Update on Schedule” instead of “Update on Save.” This shift improves overall system performance and scalability, especially under high-load conditions. Still, it may catch you off guard if you’re used to immediate reindexing during local development or manual data changes.

📌 Tip: This setting is configurable. Always verify indexer modes in staging and dev environments to avoid confusion or delayed data updates.

Inventory Indexer Decoupled

The InventoryIndexer component is now decoupled from legacy modules like cataloginventory. What it means is that:

Before we had:

private CatalogInventory\Stock\Indexer $stockIndexer;

And now we have:

private Magento\InventoryIndexer\Model\Indexer\StockIndexerInterface $stockIndexer;

Basically, instead of hard dependencies, Magento now relies on service contracts. This change:

  • Reduces unnecessary object instantiation
  • Shortens dependency injection (DI) chains
  • Makes indexers easier to mock in tests (see example below): 
$stockIndexerMock = $this->createMock(StockIndexerInterface::class);
$stockIndexerMock->method('execute')->willReturn(true);

If you’re building or customizing indexers (especially in modular or multi-indexer environments), this improvement will help you get cleaner, more maintainable code.

🧬 API & GraphQL Changes

Magento's GraphQL API continues to mature, especially for PWA use cases. The 2.4.8 release brings several enhancements that are aimed at improving flexibility, error handling, and checkout experiences. Let’s take a look.

New Mutations Introduced

We now have access to a couple of useful mutations that fill long-standing gaps in functionality:

  • Resend customer account confirmation emails — helpful for onboarding flows and account recovery.
  • Fetch customer group data — enables dynamic display or rules based on pricing tiers or customer segments.
  • Paginated customer address book — necessary for merchants serving customers with large or complex address data.
  • Submit return requests (RMAs) — including full support for guest users, making it easier to implement flexible return flows in headless environments.

Improved Checkout Experience

Frontend behavior during checkout has been fine-tuned as well:

  • Orders with a $0 total now automatically select the “Free” payment method. This reduces clicks and improves conversion for gift orders or full-discount carts.
  • Terms & Conditions are now pulled dynamically using storeConfig. Even without manual updates, your storefront now always reflects the latest legal copy.

More Structured Error Handling

A welcome addition for frontend teams: Magento now returns more specific GraphQL error types, such as:

InsufficientStockError
InvalidCouponCodeError

These pinpointed responses help developers create more intuitive and user-friendly error messages — no more vague "Something went wrong" messages for shoppers.

🚨 Heads-Up: Promotion Rule Leak

A major gotcha in 2.4.8: All Cart Price Rules and Catalog Price Rules are now publicly enumerable via GraphQL even if they haven’t gone live yet.

curl --location 'yourstore/graphql' \
--header 'Content-Type: application/json' \
--data '{"query":"query {\n allCartRules {\n name\n }\n}"}'

If your rule names contain promo codes, those codes are now easily discoverable, even by bots or coupon aggregators. In other words:

  • Competitors or users can see upcoming deals.
  • Internal testing codes (e.g., TESTFREEORDER) can leak.
  • Discount strategies may be reverse-engineered.

Damien Retzinger, a Magento engineer and the whistleblower who reported the issue, recommends the following fix:

bin/magento config:set promo/graphql/share_all_sales_rule 0
bin/magento config:set catalog/rule/share_all_catalog_rules 0

Then flush cache and redeploy.

💳 Payment Updates

Magento 2.4.8 makes solid upgrades to how payments work behind the scenes. The Braintree integration gets a nice refresh for better performance and smoother checkout flows:

  • SDKs updated to PHP 6.21.0 and JavaScript 3.112.0 for enhanced security and performance.
  • Express Checkout modals for PayPal and Google Pay now display line items and shipping address selectors, reducing checkout friction.
  • Tracking numbers are now automatically synced from Magento to PayPal, giving customers real-time visibility post-purchase and reducing support overhead.

🚨 Heads-Up: Bad news for merchants in the DACH region: Sofort and Giropay have been officially removed from Magento in this release. If you previously relied on these payment methods, you now need to look into supported alternatives or vetted third-party modules.

🎨 LESS Compilation and Frontend Adjustments

Magento’s LESS pipeline introduces breaking changes that may silently affect your theme layer:

  • Deprecated mixins like lib-css(…), lib-font(…), and outdated grid variables may no longer compile or behave as expected.
  • Variable removals (e.g., @indent__base, @button__line-height) can cause layout misalignments or button distortion.
  • Layout shifts may appear if your theme overrides older templates or uses legacy spacing helpers.

For frontend developers, these changes mean the need to:

  • Audit your custom themes for deprecated variables and mixins
  • Patch or update third-party themes and CSS overrides
  • Use Magento’s bin/magento dev:source-theme:deploy to identify compile-time issues early

📌 Tip: Amasty devs have already patched many frontend modules according to this strategy, so check for official updates before fixing by hand.

🔐 Security and Compliance

Magento 2.4.8 focuses on tightening up existing security controls and reducing potential attack surfaces. Here’s what’s new:

Two-Factor Authentication (2FA) Updates

  • The Duo 2FA integration now uses Web SDK v4 and introduces the universal prompt. This helps to offer a more consistent MFA experience across devices.
  • The OTP window has been widened to 29, which should drastically cut down on failed logins caused by network lag.

Encryption & Integrity Controls

  • Encryption key management is now CLI-only — the admin toggle has been removed to minimize attack surfaces.
  • Subresource Integrity (SRI) hashes are now preserved in pub/static. The change ensures that assets maintain their integrity even after cache flushes or deployments.

Small changes with big impact. These updates quietly raise the bar for Magento security.

🐞 Bug Fixes & Performance Improvements

Magento 2.4.8 resolves a wide range of issues — 582 bug fixes in total — spanning across storefront, admin, and backend services. While many are under-the-hood and not severe unlike this one in 2.4.7, here are the main areas that have received enhancements:

  • GraphQL & REST API. More consistent responses and error handling, especially around cart, checkout, and customer data endpoints.
  • Admin Panel UI. Visual bugs (like mislabeled order comment buttons) have been corrected for a cleaner merchant experience.
  • Product & Navigation Rendering. Fixes applied to layered navigation and product display logic, particularly for configurable products.
  • B2B Features. Shared catalog behavior and approval workflow glitches are now resolved.
  • General Performance. Cart and checkout flow optimizations lead to snappier responses in high-traffic scenarios.

For dev teams that struggled with admin oddities or API unpredictability, 2.4.8 should feel smoother across the board.

🚨 Heads-Up: Amasty’s 2.4.8 Fix Patch

To fix some major bugs in Magento 2.4.8, the Amasty team released the Magento 2.4.8 Issues Fix pack on GitHub. It tackles two specific bugs:

  • Responsive styles ignored – Magento 2.4.8 overlooks .less styles using min-width: (@screen__l), which can break layouts on larger screens.
  • Store switcher glitch – Switching stores may serve cached content instead of fresh pages, which leads to outdated or incorrect displays.

These bugs can interfere with core UX and mess with the performance of many third-party integrations. So if you're on Magento 2.4.8, installing the pack will help you avoid disruptions within key Amasty modules, such as Improved Layered Navigation, One Step Checkout, Free Gift, GDPR tools, and more.

How to Install

Option 1: Composer (Recommended)

composer require amasty/module-mage-248-fix -W  
php bin/magento setup:upgrade  
php bin/magento setup:di:compile  
php bin/magento cache:flush

Option 2: Manual Install
Drop the files from here into app/code/Amasty/Mage248Fix
Then run:

composer require wikimedia/less.php:^5.3.1  
php bin/magento setup:upgrade  
php bin/magento setup:di:compile  
php bin/magento cache:flush

Requirements

  • Magento 2.4.8
  • Amasty Base module
  • wikimedia/less.php:^5.3.1 No setup needed after install, the fix runs automatically.

📦 Magento 2.4.8 Stack Compatibility (Spring 2025)

Magento 2.4.8 aligns with modern development stacks and drops support for several legacy versions. So if you’re upgrading, here’s what your environment needs to look like:

PHP: 8.4 ✅ (8.1 officially deprecated)
MariaDB: 11.4 LTS
MySQL: 8.4 LTS
RabbitMQ: 4.x (quorum queues are default)
PHPUnit: 10
Composer: 2.8.x
Valkey: 8.x (Redis-compatible drop-in)
Bootstrap: 5.3.3
TinyMCE: 6.8.5 (v5 deprecated)
Varnish: 7.6.x
Search: OpenSearch 2.19 ✅ (Elasticsearch deprecated as the default search engine)

📌 Heads-Up for Elasticsearch users: OpenSearch is now the officially recommended engine. If you’re still clinging to Elasticsearch, start planning your migration now since Adobe is phasing it out fast.

🛠 Upgrade Planning Tips

Magento 2.4.8 focuses on backend modernization rather than big new features, but don’t underestimate its under-the-radar changes. Here’s where to pay close attention when upgrading with any of the 3 methods:

  • PHP 8.4 Compatibility – Scan your custom modules and third-party extensions for deprecated function calls and syntax issues. PHP 8.4 enforces stricter typing and behavior.
  • Theme Layer Adjustments – LESS compilation errors may emerge, especially if your theme relies on outdated variables or mixins. Audit custom styles before go-live.
  • Search Engine Migration – Magento now prioritizes OpenSearch. If you're still on Elasticsearch, migration isn’t optional anymore — it’s foundational.
  • Deprecated Code Cleanup – Adobe continues to remove legacy admin routes, JavaScript components, and PHP interfaces. Check for hard-coded admin routes, deprecated UI components, and PHP classes/interfaces marked as @deprecated in 2.4.7+.

Keeping things clean now means fewer headaches when 2.5.x or Adobe’s next big shift rolls around. Treat 2.4.8 as a foundation for the next few years.

🧑‍💻 Final Thoughts for Magento Dev Teams

Magento 2.4.8 doesn’t bring dramatic new features — and that’s the point. This release is all about foundational stability and future-proofing as it:

  • Aligns with PHP 8.4 and a more modern open-source stack
  • Hardens GraphQL and storefront security
  • Cleans up legacy code that blocks modernization

If your roadmap stretches into 2025 or beyond, 2.4.8 is a smart base to build on. It’s stable, forward-compatible, and built for the long haul. To nudge you into action, here’s a quick look at how fast end-of-support is approaching for older Magento versions:

2.4.4 → April 2025
2.4.5 → August 2025
2.4.6 → August 2026

🚨 Heads-Up: If you’re upgrading from 2.4.6 or earlier, be extremely wary of the impact of PHP 8.4. Deprecated functions, type strictness, and removed interfaces can break custom or third-party modules. Audit early, especially if you’re maintaining older codebases.

Need help cleaning up old codebases or tackling upgrade issues? Feel free to reach out to the Amasty team for professional Magento upgrade services.