Magento 2.4.9: Everything You Need to Know About the Latest Release 

Magento 2.4.9 is the latest release of the Adobe Commerce platform, officially launched on May 12, 2026, and the first release under Adobe’s restructured annual release cadence. Available for both Magento Open Source and Adobe Commerce, this is not a feature-heavy update. There is no sweeping new storefront functionality or merchant-facing headline tool. What 2.4.9 delivers is something more consequential: a deep platform modernization that replaces legacy components, raises infrastructure standards, and future-proofs the architecture for years ahead. 

This makes 2.4.9 the largest architectural shift in the 2.4.x line since version 2.4.4. Three core framework components have been replaced. System requirements have been raised across PHP, database, search, and caching. With 501 fixed issues in Magento Open Source and 560 in Adobe Commerce, this release also carries the largest bug-fix count in any 2.4.x release to date. 

Merchants who treat this as a routine patch and approach it without adequate preparation will encounter problems. Those who plan ahead will find themselves on a stable, modernized platform with a three-year support window stretching to May 2029. 

Official GA Release Date 

Magento 2.4.9 reached General Availability on May 12, 2026, for both Magento Open Source and Adobe Commerce. Companion security patches were released the same day for all supported lines: 2.4.8-p4, 2.4.7-p9, and 2.4.6-p14. If you are not ready to upgrade, applying your version’s companion patch is the immediate priority. 

Full Release Timeline 

Release	Date
Alpha 1	June 17, 2025
Alpha 2	December 10, 2025
Beta 1	March 10, 2026
General Availability (GA)	May 12, 2026
2.4.9-p1 (security patch)	~November 2026

Adobe’s New Annual Release Cadence 

Starting with 2.4.9, Adobe has locked the release schedule to a predictable annual pattern: one major version every May, monthly isolated security fixes across all supported lines, and two aggregated security patches per year, in May and November. For merchants, this removes the guesswork from upgrade planning. You now know exactly when the next major release arrives and can schedule infrastructure preparation well in advance. 

Updated System Requirements & Technology Stack 

The infrastructure changes in 2.4.9 are significant. Stores that do not meet the new requirements cannot upgrade until their environment is updated first. 

Component	Requirement in 2.4.9
PHP	8.3, 8.4, 8.5 (8.2 dropped)
MySQL	8.4 LTS only (8.0 dropped)
MariaDB	11.4 only (10.6 dropped)
Search	OpenSearch 3.x (2.x backward compatible)
Cache	Valkey 8.x (official); Redis still wire-compatible
Message Queue	RabbitMQ 4.1 + Apache ActiveMQ Artemis 2
Composer	2.9.3+
Web Server	Varnish 7.7, Nginx 1.28, Apache 2.4

PHP 8.5 receives first-day support, a first for any Magento release. PHP 8.2 is gone entirely. MySQL 8.0, which reached the end of life on April 30, 2026, is also dropped. Valkey 8, an open-source, Linux Foundation–maintained fork of Redis, becomes the official caching backend following Redis’s 2024 licensing change. 

Core Framework Modernization 

Three foundational components have been replaced in 2.4.9: 

Laminas MVC → Native PHP MVC. The most impactful change for developers. Any extension or custom module that hooks into Laminas MVC classes requires updates before it functions on 2.4.9. 

Zend Cache → Symfony Cache. The legacy caching library is replaced with the Symfony Cache component, aligning Magento’s caching layer with its broader Symfony dependency stack. 

Symfony dependencies updated to 7.4 LTS. All Symfony packages now target the current LTS line, removing constraints tied to older versions and reducing long-term technical debt. 

Additionally, the third-party OAuth library has been replaced with native PHP OAuth functions, modernizing authentication handling for API integrations. 

TinyMCE Replaced by HugeRTE (WYSIWYG Editor) 

TinyMCE 5 and 6 reached end of life, and TinyMCE 7 introduced licensing terms incompatible with Magento’s open-source model. Adobe selected HugeRTE, an open-source, MIT-licensed fork, as the replacement. Basic editing behavior is familiar, and simple toolbar configurations run without changes. Custom TinyMCE plugins and complex editor integrations must be tested before upgrading. 

Security Improvements 

Security hardening is a headline priority in this release, beyond the 17 CVEs patched in the APSB26-05 bulletin (7 critical, 9 important, 1 moderate): 

• CAPTCHA extended to REST and GraphQL account creation endpoints – bots can no longer bypass registration protection through APIs 
• Two-factor authentication simplified – admins configure one enabled provider instead of all configured methods 
• GraphQL alias limits – prevents abusive or computationally expensive queries 
• Modernized authentication via native PHP OAuth, reducing dependency surface area 
• Bulk async web API performance restored – fixes degradation introduced by the APSB25-08 security patch 

API & GraphQL Improvements 

Bulk async operations are faster and more reliable for high-volume catalogs and order updates. The GraphQL MediaGallery request now includes a “types” field for product image types, useful for headless and PWA implementations. Additional fixes address CMS block access for restricted admin users, Wishlist scoping websites in multi-store setups, and pick-in-store shipping behavior on checkout navigation. 

Payment Updates 

Braintree receives the most significant payment upgrade in the 2.4.x cycle: Apple Pay now works on Chrome and Firefox (not just Safari), Google Pay supports card vaulting from the customer account, and promo codes now apply inside both Apple Pay and Google Pay express checkout sheets. New regional payment methods include BLIK (Poland), Pay Upon Invoice (Germany), and ELO card support. 

The USPS shipping integration has also been migrated to the new RESTful USPS APIs, the legacy Web Tools APIs were retired in January 2026. Stores using USPS shipping must apply this update. 

Performance & Search Improvements 

OpenSearch 3.x delivers improved indexing stability and faster query execution for large catalogs. A fixed “illegal_argument_exception” on categories with same-price products resolves a long-standing search edge case. Message queue processing improvements reduce delays during high-traffic periods. jQuery UI is updated to 1.14.1 and jQuery Validate to 1.21.0, keeping frontend libraries current with modern browser requirements. 

Area	Magento 2.4.8	Magento 2.4.9
PHP Support	8.3, 8.4	8.3, 8.4, 8.5
MySQL	8.0 and 8.4	8.4 LTS only
MariaDB	10.6 and 11.4	11.4 only
Cache Backend	Redis 7.2 (official)	Valkey 8.x (official)
MVC Layer	Laminas MVC	Native PHP MVC
WYSIWYG Editor	TinyMCE	HugeRTE
Caching Library	Zend_Cache	Symfony Cache
Symfony Version	6.x	7.4 LTS
Message Broker	RabbitMQ	RabbitMQ 4.1 + ActiveMQ Artemis 2
Search	OpenSearch 2.x	OpenSearch 3.x
Bug Fixes (Open Source)	497	501
Bug Fixes (Adobe Commerce)	~497	560
Apple Pay	Safari only	Safari, Chrome, Firefox
Google Pay Vault	Not available	Full vaulting support
CAPTCHA on APIs	No	Yes
Support Window	Through April 2028	Through ~May 2029

Magento 2.4.8 was a focused stability release – GraphQL improvements, PHP 8.4 support, MariaDB 11.4. 

Magento 2.4.9 is a platform modernization. The difference is not incremental; it is structural. 

Version	Release Date	End of Regular Support
2.4.5	August 2022	August 2026
2.4.6	March 2023	August 2026
2.4.7	April 2024	April 2027
2.4.8	April 2025	April 2028
2.4.9	May 2026	~May 2029

Each 2.4.x release carries a three-year support window. After end of support, Adobe issues no further security patches or bug fixes for that line. 

If you are on 2.4.5 or 2.4.6: Support ends August 2026, fewer than three months away. After that date, your store runs without security coverage. This is not a planning horizon; it is a hard deadline. You need an active upgrade plan in place today. 

If you are on 2.4.7 or 2.4.8: You have more runway, but beginning your 2.4.9 readiness assessment now, while extension vendors are actively releasing compatible versions, is the right move. 

Magento 2.4.9 carries a ~May 2029 support window, making it the right platform to plan your next three years around. 

Upgrade Now If You Are… 

• On 2.4.5 or 2.4.6 – support ends August 2026, and the upgrade path from 2.4.6 requires a two-step process through 2.4.8 first 
• Already running PHP 8.4 or 8.5 – your server is already aligned with 2.4.9 requirements 
• On a B2B store dependent on the latest API security patches – the CAPTCHA-on-API changes in 2.4.9 are directly relevant 
• Using OpenSearch and ready to move to 3.x 

Wait for 2.4.9-p1 If You Are… 

• On a stable 2.4.8 installation with heavy customizations – you have time, and the first patch (~November 2026) will resolve post-GA edge cases 
• Dependent on third-party extensions not yet confirmed compatible with 2.4.9 
• Running a complex multi-store setup requiring extended staging and regression testing 

Do NOT Upgrade Directly If You Are On… 

• 2.4.6 or 2.4.7 – a direct jump to 2.4.9 is not a supported upgrade path. You must upgrade to 2.4.8 first. 
• Stores on 2.4.8 can upgrade directly to 2.4.9.