Magento 2.4.4 released.

Magento Software
luke-peters-B6JINerWMz0-unsplash|luke-peters-B6JINerWMz0-unsplash-1

The new version of Magento contains significant changes. Many of them break compatibility, so all extensions should be checked. One of the major features is support for PHP 8.1 introduced. Adobe decided not to support PHP 8.0 because it won’t be in active support for a long time. This is not the only change in the new release.

The new versions also have a lot of security improvements, for example:

  • removed session IDs from the database;
  • tokens used by OAuth and password reset are encrypted in the database;
  • integration tokens are no longer available for API Bearer token authentification;
  • improved validation to prevent non-alpha-numeric file uploads;
  • reCAPTCHA validation is available for coupon codes;
  • Swagger is disabled in production mode;
  • HTTPS is enabled by default;
  • developers can configure the size limit for arrays accepted by RESTful endpoints per each endpoint;
  • added ability to configure the limits for the resources requested by the user through a web API.

Among the other improvements, the ability to use newer versions of ElasticSearch, OpenSearch, jQuery UI, RequireJS library, and PHPUnit is worth mentioning. Also, most of the vendor-bundled extensions (except Braintree) were removed. So, you’ll need to use the Marketplace to get official extensions for Amazon Pay, dotdigital, Klarna, Vertex, and Yotpo.