Skip to main content Skip to footer

Magento 2.4 Release Notes

Magento OS 2.4.0 Beta Release Notes

Highlighted are the main improvements introduced in the beta version of the Magento Open Source 2.4.0.

As usual, the new upgrade brings numerous platform upgrades, security changes, and performance enhancements, including 100+ fixes to core code. Since quarterly releases usually contain backward-incompatibility changes, 2.4.0 is not an exception. However, the new platform version contains only minor adjustments. (You can find all of them here: Backward Incompatible Changes.)

Skinny Security Patches for 2.4

Note that Magento 2.4.0 is the first quarterly release that provides the ability to install security patches without any need to apply other functional fixes. The new version of the platform offers patch (Composer package 2.3.4-p2) that delivers all hot fixes applied to the 2.3.5 release.

Inventory Management and PWA Studio are released and documented independently.

Now, let’s take a look at the core areas Magento 2.4.0 upgrades.

Magento Security Improvements

Magento 2.4.0 delivers 30+ security improvements. The new platform addresses remote code execution and cross-site scripting vulnerabilities. The new version introduces the following upgrades:

  • The Magento admin area now enables two-factor authentication by default. The feature cannot be disabled.
  • The system enables the template filter strict mode for Magento components to eliminate RCE.
  • To eliminate arbitrary JavaScript execution, Magento disables data rendering for UI data providers.
  • Content Security Policy improvements include the whitelisting of inline style and script tags in .phtml templates.

Magento 2.4 Platform Enhancements

  • PHP 7.4 – 7.1 and 7.2 has been deprecated;
  • PHPUnit 9.x – 6.5 has been deprecated;
  • Elasticsearch 7.x;
  • MySQL 8.0;
  • MySQL catalog search engine has been replaced with Elasticsearch;
  • MariaDB 10.4 – 10.0 and 10.1 are no longer supported;
  • Zend Framework dependencies are now a part of the Laminas project;
  • The Signifyd fraud protection code has been removed from the core;
  • The core Braintree module is no longer there as well.

2.4 Infrastructure Improvements

  • No third-party payment methods in the core: Authorize.Net, eWay, CyberSource, and Worldpay has been removed;
  • Partial-word search introduced by Elasticsearch;
  • PayPal JavaScript SDK now contains the PayPal Express Checkout integration;
  • Web Set Up Wizard is no longer available – use the command line instead;
  • Better updates with the Composer plugin.

Performance Improvements

  • Customer data section invalidation logic has been revamped, addressing a known issue with local storage;
  • Redis performance optimizations: smaller network data transfers, less CPU cycles consumption; more efficient race conditions for write operations;
  • Improved caching for SQL queries: a single SQL query to the inventory_stock_sales_channel (as well as inventory_stock) table is used instead of 16;
  • Better Quick Order add-to-cart performance (up to 30% enhancement).

Magento Adobe Stock Image Previews

Magento 2.4 provides the ability to license stock image previews right from the Media Gallery, simplifying the initial procedure. Besides, the Media Gallery itself introduces a brand-new, searchable interface, where you can search, filter, and sort images up to 30x faster than in the previous Magento versions.

Inventory Management

Magento 2.4.0 enhances the Inventory Management functionality with in-store pickup and bundle product support.


GraphQL has also been improved in Magento 2.4.0. For instance, the pickupLocations query now supports the Inventory In-store pickup feature. Besides, you can leverage the categories query to return a list of categories that match a specified filter. And due to the reorderItems mutation, a logged-in user can add all the products from a previous order into the cart.

PWA Studio

Magento 2.4.0 supports PWA Studio 6.0.0 and 6.0.1.

Time Limit for Admin Accounts 020214#]

There is a community contribution that will probably become a part of MAgento 2.4.0. As a store administrator, you will get an opportunity to limit backend accounts. After the specified interval, accounts can be automatically deactivated. It is a security measure aimed at third-party specialists who may need access to your backend.

Magento Functional Testing Framework

With MFTF v3.0.0, you get MFTF helpers developed to create custom actions beyond the framework. Besides, it includes schema updates for test entities, sub-folders in test modules, and nested assertion syntax. You can also leverage static checks to monitor deprecated test entities.

Web Payments

There is also unofficial information regarding Web Payments. The feature supposedly allows customers to order and pay faster and more easily, using data stored in their browser.

Vendor-developed Extensions

  • Dotdigital: customer attribute values are synced as data fields; cart insight data is properly sent for active quotes; website name, store name, and store view name are syncable via individual data fields; transactional data sync limit improvements affect Wishlist, Review, and Order syncs; logging output from the Client class is now consistent across all the API wrapper methods; configurable products have finally got a stock figure; stock updates performed by third-party code are fully detectable.
  • Amazon Pay: CSP whitelists have been updated; multi-item orders support multiple authorizations; Japanese addresses are now supported.
  • Braintree Payments: merchants should now use Braintree Payments instead of the core Braintree integration
  • Klarna: on-site messaging tools for credit and financing options; enhanced refunds, APIs, unit tests, discounts, etc.
  • Vertex: better Admin configuration and user experience due to the use of XML schema files and patches
  • Yotpo: Ratings and Reviews are built into Page Builder.

New 2.4 API Rumours

There are also rumors that Magento 2.4 will introduce new APIs, opening the 2.4-develop branch in the Magento2 project repository. As a result, everyone will get the access to Magento Community.

This means that community pull requests will be redirected to the new branch. It opens new possibilities for the community members to impact every new release of Magento.

About the author

Caylen Ho Chung

Caylen is our Magento stock/product specialist.

He spends some of his after-hours time learning more about Magento, which he loves!