Magento 2.4.9 Is Here: Everything You Need to Know About the New Magento 2.4.9 Release

If you run an online store powered by Magento, you've probably been keeping a close eye on what Adobe has been building toward this year. Well, the wait is over. On May 12, 2026, Magento 2.4.9 was officially released, and it's shaping up to be one of the most consequential updates the platform has seen in recent memory.

Whether you're a store owner, a developer managing multiple client sites, or a hosting team planning infrastructure upgrades, this new Magento 2.4.9 release touches virtually every part of the platform. It's not just a routine security patch or a small quality-of-life update this is a meaningful architectural shift that demands attention.

Let's walk through everything that matters, from what changed under the hood to what it means for your day-to-day store operations.

Why Magento 2.4.9 Is More Than Just Another Update

Before we get into specifics, it's worth understanding the scale of this release. Magento Open Source 2.4.9 officially arrived on May 12, 2026. Following strategic alpha and beta releases earlier this year, this General Availability (GA) update modernizes the platform's core dependencies, patches critical security gaps, and introduces massive feature expansions.

Three core framework components were replaced, MySQL 8.0 and MariaDB 10.6 were dropped, and 560 issues were fixed. This is the largest architectural change since Magento 2.4.4.

If you've been on older versions of Magento and wondering whether it's time to upgrade, this release answers that question loudly and clearly: yes, and sooner rather than later.

Updated System Requirements: What Your Server Needs Now

One of the first things you need to know about Magento 2.4.9 is that your hosting environment may need to change before you can upgrade. This release focuses mostly on the platform's technical foundation: newer system requirements, updated framework components, security and API improvements, payment updates, and a long list of bug fixes.

Here's a breakdown of the updated stack requirements:

PHP Support Changes

Magento 2.4.9 raises several platform requirements. The most important change is PHP support: PHP 8.5 was added, while PHP 8.2 is no longer supported. Stores that still run on PHP 8.2 need to update their hosting environment before moving to 2.4.9.

Database Requirements

The release also updates other parts of the stack: MySQL 8.4 LTS and MariaDB 11.4 are the target database versions. If your server is still running MySQL 8.0 or MariaDB 10.6, you'll need to perform database migrations before the Magento upgrade itself can begin.

Search, Cache, and Message Queue

OpenSearch 3.x is supported, with backward compatibility for OpenSearch 2.x. Valkey 8.x is supported for cache and session storage. RabbitMQ 4.1 remains supported, and Apache ActiveMQ Artemis is added as another message queue option. Composer support moves to the 2.9 line. Varnish 7.7, Nginx 1.28, and Apache 2.4 are part of the updated stack.

These changes may feel like a lot to absorb, but they're all pointing in the same direction: a faster, more secure, and more future-ready platform.

Core Framework Modernization: Out With the Old

The most technically significant part of the new Magento 2.4.9 release is the replacement of several legacy framework dependencies. Magento 2.4.9 also replaces several older framework dependencies. These updates are mostly technical, but they can affect custom code, third-party extensions, and admin tools.

Here's what changed:

Laminas MVC → Native PHP MVC

Laminas MVC was replaced with a native PHP MVC implementation. This is a deep architectural change that improves maintainability and reduces reliance on a third-party framework that had become a bottleneck.

Zend_Cache → Symfony Cache

The deprecated Zend_Cache component has been replaced with the Symfony Cache component, improving cache performance and maintainability and ensuring PHP 8.x long-term compatibility.

Symfony Dependencies Updated

As part of the Adobe Commerce 2.4.9 platform updates, all Symfony dependencies used by the magento/composer package have been updated to the latest Symfony LTS 7.4 versions. This aligns Commerce's Composer tooling with the current Symfony LTS line and removes previous dependency constraints related to older Symfony versions.

TinyMCE → HugeRTE

Another visible change is the WYSIWYG editor. TinyMCE was replaced with HugeRTE, an open-source fork designed to keep familiar editing behavior while moving away from older TinyMCE versions. Basic content editing should feel similar, but custom TinyMCE plugins and admin customizations should be tested before production use.

Native PHP OAuth

Native PHP OAuth replaced the third-party carlos-mg89/oauth library to improve security and reduce external dependencies.

Security Improvements in Magento 2.4.9

Security was clearly a priority in this release, and the improvements span everything from API validation to admin authentication.

CAPTCHA Now Covers APIs

In Adobe Commerce 2.4.9, when CAPTCHA or reCAPTCHA is enabled for the Create Account form, the same CAPTCHA validation is now enforced for customer account creation via REST and GraphQL APIs. This closes a significant loophole that bad actors could previously exploit.

Simplified Two-Factor Authentication (2FA)

Admin users are now required to configure only one of the merchant's enabled 2FA providers (for example, Google Authenticator or U2F) to access the Admin panel. Additional enabled providers can be configured later as needed. Previously, when multiple 2FA providers were enabled, every Admin user was required to configure all enabled providers before they could sign in. This created friction for users who did not have access to all factors.

PCI DSS 4.0 Compliance

The admin password policy now complies with PCI DSS 4.0 requirements. Admins can choose a minimum password length. The system checks passwords in forms and when saving settings.

CVE Patches

A patch for CVE-2025-47110 fixes a security issue in email templates. This helps stop the misuse of template processing.

Braintree Payment Enhancements

For merchants using Adobe Commerce with the Braintree payment integration, this release is particularly exciting. Adobe Commerce 2.4.9 includes a substantial Braintree update.

Google Pay Vaulting

In Adobe Commerce 2.4.9, customers can now vault their Google Pay cards via the account area when Google Pay Vault is enabled in Braintree. Vaulted cards appear under stored payment methods, can be used for future purchases at checkout, and can be deleted by the customer. This extends vaulting support beyond Cards and PayPal to Google Pay.

Real-Time Account Updater (RTAU)

The Real Time Account Updater (RTAU) feature in Adobe Commerce 2.4.9 for Braintree ensures that vaulted Visa, Mastercard, and Discover card details are automatically updated. This minimizes failed payments, keeps Magento Vault current, and skips unsupported types (prepaid, Apple Pay, Google Pay) without errors.

ELO Card Support

In Adobe Commerce 2.4.9, support for the ELO card type has been added to Braintree Payments. Admins can now enable ELO in the credit card configuration, and customers can successfully place orders using ELO cards at checkout, ensuring seamless transactions through Braintree.

Pay Upon Invoice for Germany

For Adobe Commerce 2.4.9 (Braintree extension), a new local payment method "Pay Upon Invoice" has been added for German buyers. Pay Upon Invoice is a Buy Now, Pay Later (BNPL) option powered by PayPal + Ratepay that lets customers receive goods first and pay the invoice within 30 days, without needing a PayPal account.

Promo Codes on Express Checkout

For the Braintree extension in Adobe Commerce 2.4.9, the Google Pay Express Pay Sheet now supports promo/offer codes. Shoppers can apply, view, and remove Magento cart promotions directly within the Google Pay sheet, ensuring express checkout customers receive the same discounts and incentives as standard checkout flows.

For the Braintree extension in Adobe Commerce 2.4.9, the Apple Pay Express Pay Sheet now supports promo/offer codes. Shoppers can apply a coupon directly within the Apple Pay sheet, so express checkout users benefit from the same discounts and campaigns as standard checkout flows.

Apple Pay on Chrome and Firefox

For the Braintree extension in Adobe Commerce 2.4.9, Apple Pay can now be used on Chrome and Firefox, not just Safari. When Apple Pay Express is enabled, Apple Pay buttons are available across supported storefront locations, and customers complete payment by scanning a code with their iPhone.

GraphQL Improvements for Developers

Developers building headless storefronts or API-driven experiences will appreciate some long-overdue GraphQL enhancements.

clearCart Now Available to All Open Source Users

With Adobe Commerce 2.4.9, the clearCart GraphQL mutation is now available to all Open Source users. Previously, this mutation was only accessible in Adobe Commerce, but it is now part of the standard GraphQL cart functionality for Open Source as well.

clearWishlist Mutation

A clearWishlist mutation was added that removes all items from a wishlist in a single call.

Better Gift Card Error Handling

Enhanced error handling for the applyGiftCardToCart mutation means the mutation now returns specific error messages for cases such as expired or zero-balance gift cards, improving the shopper experience. Additionally, the backend prevents applying extra gift cards to orders that are already free.

Performance Improvements and Bug Fixes

In total, 581 issues have been fixed in the Magento Open Source 2.4.9 core code. That's a significant number, and it touches almost every part of the platform.

Bulk Async API Performance

Improved Async/Bulk APIs: The performance degradation in bulk asynchronous web endpoints that was causing increased execution times has been fixed.

Media Gallery Optimization

Improved Media Gallery performance was achieved by changing directory tree loading to on-demand node expansion instead of building the full tree upfront, significantly reducing initial gettree response time on large media directory structures.

REST API Validation

A fixed issue where malformed requests to the /V1/creditmemo API returned a 500 Internal Server Error means the API now properly validates the request and returns a 400 error for invalid payloads, improving error handling and stability.

Product Image Scoping

Updating a product via REST API in a store scope no longer causes product images and videos to inherit changes from global scope if the media_gallery_entries is omitted from the payload or set to NULL. Additionally, it is now possible to restore scope inheritance for product images and video via REST API by setting the corresponding field to NULL.

Updated Frontend Libraries

Upgrading the jQuery Validate library to version 1.21.0, the jQuery UI library to version 1.14.1, and the Less.js CSS preprocessor to version 4.2.2 ensures modern browser compatibility across Magento admin and frontend interface components.

SRI Performance Enhancement

Subresource Integrity (SRI) hash storage now generates separate files per area, theme, and locale instead of one massive JSON file. This drastically improves performance and reduces memory usage.

Tax Consistency Fixed

Fixed Product Tax (FPT) values and rounding errors are now consistent across the catalog, product pages, and the shopping cart, eliminating previous decimal mismatches. Also resolved was an issue where the shopping cart page entered an infinite loading loop when FPT was enabled.

New Shipping API Integrations

USPS has migrated from legacy Web Tools XML API to new RESTful APIs with OAuth 2.0 authentication. The legacy API was retired January 25, 2026. Both API modes are available during the transition. DHL now supports MyDHL RESTful APIs alongside legacy XML. These updates ensure your shipping integrations remain operational and compliant with carrier requirements going forward.

How Long Will Magento 2.4.9 Be Supported?

If you're investing time and resources into upgrading, you want to know the upgrade will pay off long-term. Good news: Adobe Commerce 2.4.9 carries a three-year support window from its GA date, meaning security patches and updates are available through approximately May 2029.

Regular support for the 2.4.9 release line ends in May, 2029. That gives merchants and development teams a solid, predictable runway to build on this version with confidence.

Should You Upgrade Now? Honest Advice

The new Magento 2.4.9 release is genuinely exciting, but it's not a simple "flip the switch" upgrade. Magento 2.4.9 is a meaningful update, but it is not a simple "install and forget" release. Stores upgrading from 2.4.8 should review PHP, database, search, cache, message queue, custom code, and extensions before moving the new version to production.

Here's a practical checklist before you begin:

• Verify your server supports PHP 8.4 or 8.5
• Confirm your database is MySQL 8.4 LTS or MariaDB 11.4
• Test all third-party extensions in a staging environment
• Review any custom TinyMCE plugins for HugeRTE compatibility
• Check any Laminas MVC dependencies in custom modules
• Run full checkout, search, payment, and API tests before going live

The fixes cover checkout, payments, APIs, catalog management, configurable products, search, wish lists, admin UI, GraphQL, and B2B workflows. The number of fixes matters, but the safer way to approach the update is to test the flows that are critical for each store. Checkout, account creation, search, product updates, payment methods, integrations, scheduled jobs, and admin actions should all be checked on staging.

Final Thoughts on Magento 2.4.9

The new Magento 2.4.9 release is, without question, the most architecturally significant version of the platform in several years. From PHP 8.5 compatibility and Symfony 7.4 LTS to Braintree payment expansions, 581+ bug fixes, and tightened security, this release lays a strong foundation for the next few years of e-commerce growth.

Magento 2.4.9 brings a significant round of under-the-hood modernization, replacing legacy dependencies with more maintainable, future-proof alternatives. And the 2.4.9 update provides better scalability and reduces the chances of downtime during peak sales periods. With faster loading times and optimized backend processes, customers will experience smoother shopping, leading to improved conversion rates.

If you've been sitting on an older version, now is the time to start planning your upgrade path. The tools are better, the documentation is thorough, and the payoff in security, performance, and long-term stability is well worth the effort.