Adobe released version 2.4.9 today for both Magento Open Source and Adobe Commerce. It is a large release - hundreds of fixes and improvements across the board.
Rather than listing every change, here is what matters if you run a store.
Payments: the changes your customers will notice first
Apple Pay now works on any browser
Until now, Apple Pay at checkout only appeared for customers browsing in Safari. Starting with 2.4.9, Apple Pay works in Chrome and Firefox as well. If you already have Apple Pay enabled, more of your customers will see it automatically - no changes needed on your end.
Promo codes now work inside Apple Pay and Google Pay checkout
Customers paying with Apple Pay or Google Pay through the express checkout flow can now apply discount codes directly inside the payment screen. Previously, shoppers using those methods missed out on promotions unless they switched to standard checkout. That is fixed.
New payment options for European markets
- BLIK for Poland: BLIK is the dominant bank payment method in Poland. Stores using Braintree can now enable it directly, without extra setup.
- Pay Upon Invoice for Germany: A buy-now-pay-later option for German customers through PayPal and Ratepay. The shopper receives the order first and pays the invoice within 30 days, no PayPal account needed.
Saved cards update themselves
For stores that allow customers to save payment cards through Braintree (Visa, Mastercard, Discover), expired or replaced cards now update automatically in the background. When a customer’s bank issues a new card, the stored details update on their own. Fewer failed payments due to outdated card information.
Admin improvements you will use every day
Delete multiple tax rates at once
You can now select multiple tax rates in the grid and delete them all in one action. Previously this had to be done one by one.
Order graph in the dashboard loads instantly
The orders chart on the admin dashboard had an unnecessary animation that delayed the display. It now loads immediately.
Date filters on grids now respect your store timezone
Filtering orders, credit memos, or other records by date was showing inconsistent results depending on timezone. The filters now apply correctly based on the timezone configured for your store.
CSV exports now display currency symbols correctly
Exporting the abandoned cart report to CSV was showing garbled characters for certain currency symbols (like the Indian Rupee). That is fixed - the exported files now display correctly in Excel and other tools.
Page Builder fixes for mobile content
A JavaScript error prevented saving content in Page Builder when working in mobile preview mode. That is resolved. Mobile banner saving, product widget display, and product carousel behavior are all corrected in this release.
Fixes that affect store operations
Checkout was broken for cities with special characters in their name
If a customer lived in a city with a number, an ampersand, or parentheses in the name, checkout would fail at the address step. Fixed.
Color swatches were showing wrong prices on configurable products
Some configurable products with color swatches were displaying incorrect prices or broken layouts when customers switched between options. Fixed.
Store switcher was broken when category paths were enabled in URLs
If your store had category paths included in product URLs (for example /shirts/blue-polo.html), the store language/region switcher would stop working. Fixed.
Full page cache was not working for logged-in customers
A regression caused the full page cache to be bypassed for customers who were logged into their accounts, slowing down the storefront for your registered buyers. Fixed.
Email with TLS encryption was not sending
Stores using SMTP with TLS for transactional email were experiencing delivery failures. Fixed.
Fastly cache broken after upgrading from 2.4.8
Stores using Fastly as their CDN who upgraded from version 2.4.8 were experiencing caching failures. A fix is included in this release.
UPS was charging residential rates for commercial addresses
A bug in the UPS shipping integration was incorrectly flagging commercial delivery addresses as residential, adding extra fees to shipping quotes. Fixed - the residential surcharge now only applies when it actually should.
Security improvements
Admin password length is now configurable
You can now set a minimum password length for admin users from the configuration panel. This is relevant for stores that need to meet PCI DSS 4.0 requirements, which specify a minimum of 12 characters.
API account creation now requires CAPTCHA validation
The CAPTCHA protection configured for your storefront now also applies to API-based account creation requests. This closes a gap that could be used for automated account registration.
Wishlist sharing vulnerability patched
A vulnerability in the wishlist sharing form allowed malicious content to be injected into the outgoing email. The input is now validated correctly.
One thing that changes in the editor
The content editor switches from TinyMCE to HugeRTE
The rich text editor used in CMS pages, product descriptions, and Page Builder migrates from TinyMCE to HugeRTE. The look and behavior are equivalent from a user perspective. The change was made because TinyMCE had licensing issues and known security vulnerabilities. If you edit content in the admin, you may notice the editor looks slightly different - but it works the same way.
The short version
If you manage a Magento or Adobe Commerce store, the highlights of 2.4.9 are:
- Apple Pay works for all browsers now, not just Safari
- Discount codes apply correctly in Apple Pay and Google Pay express checkout
- New payment options for stores selling in Poland and Germany
- Saved cards update automatically when they expire or get replaced
- Multiple admin date and grid fixes that affect daily reporting
- Checkout restored for customers with special characters in their city name
- UPS shipping rates corrected for commercial addresses
- Security improvements for admin passwords and API access
As always, test in a staging environment before updating your live store.
MageCopilot helps you stay on top of what is happening in your Magento or Adobe Commerce store - before customers notice. Get started for free.