It feels like just yesterday we were getting comfortable with the latest updates, and already, there's a new wave of changes rolling in with Adobe Commerce and Magento Open Source 2.4.8. For those of us building and maintaining e-commerce platforms, keeping up with these shifts, especially the backward-incompatible ones, can feel like a constant juggling act. But that's precisely why we dive into these updates – to make sure our sites stay secure, performant, and, well, working!
One of the most significant changes this time around is a boost to security around sales entity comments. You know, those little notes on invoices, shipments, and credit memos? Now, only the admin who originally created a comment can edit it. This is a smart move to prevent unauthorized tinkering, and thankfully, it’s one of those enhancements that just… works. No action needed from merchants or partners here; it’s a built-in security upgrade for the Magento_Sales module.
Then there's the database side of things, specifically with MySQL 8.4. If you're upgrading to this version, you'll notice stricter foreign key validation by default. The restrict_fk_on_non_standard_key setting is now on, meaning non-unique or partial keys can't be used as foreign keys without explicit configuration. This could be a bit of a snag if your database has some older, non-standard setups. The fix? Either switch that setting off in your MySQL config or use a specific server option when starting MySQL. It’s a bit technical, but the Adobe Commerce Upgrade Guide has the details.
Security is clearly a big theme, and the updates to Two-Factor Authentication (2FA) reinforce that. New system parameters have been introduced to help manage retry attempts and lockout times for OTP validation. Think of it as adding more robust guardrails against brute-force attacks. You’ll find these reflected in the Admin under Stores > Configuration > Security > Two-Factor Authentication. The Magento_TwoFactorAuth module is where these changes live.
Another interesting tweak is the addition of a unique key on the (option_id, store_id) pair in the eav_attribute_option_value table. This might sound like a small detail, but for the Magento_EAV module, it’s about ensuring data integrity and potentially improving performance. It’s one of those behind-the-scenes improvements that keeps things running smoothly.
And for those who love their wishlists, good news! reCAPTCHA is now available for the wishlist sharing form. Previously a feature more exclusive to Adobe Commerce, the ReCaptchaMultiwishlist module has been moved and renamed to ReCaptchaWishlist, making it accessible in Magento Open Source too. So, those shared wishlists will be a bit more secure going forward. You can find the configuration under Stores > Configuration > Security > Google reCAPTCHA Storefront.
Finally, the Duo two-factor authentication implementation gets an upgrade to the latest Web SDK v4. This is all about making the transition to Duo Universal Prompt smoother for merchants. If you’re using Duo for 2FA, it’s worth checking your Admin configuration to ensure everything aligns with the new SDK.
These updates, while sometimes requiring a bit of attention, are all geared towards making Adobe Commerce and Magento Open Source more secure, robust, and user-friendly. It’s a continuous evolution, and staying informed is key to leveraging these advancements effectively.
