— Technical

Magento Open Source 2.4.9: what actually changed and whether to upgrade

18 May 2026 · 6 min read

magento upgrade release-notes php

Adobe released Magento Open Source 2.4.9 on May 12, 2026. It’s a substantial release — PHP 8.5 support, Symfony 7.4 LTS, the replacement of Zend_Cache with Symfony Cache, new infrastructure options, and 500+ bug fixes. Here’s what’s actually in it and what to think about before scheduling an upgrade.

PHP support changes

2.4.9 adds full support for PHP 8.5 and PHP 8.4, and drops PHP 8.2 support entirely. PHP 8.3 is still supported for upgrade scenarios but PHP 8.4 or 8.5 is the recommended target.

If your environment is on PHP 8.2, you cannot stay there. That’s the most operationally significant change in this release for most teams.

PHP 8.5 brings fibers improvements, better enum handling, and performance gains in the JIT compiler. The practical impact on Magento performance at the application level will vary — the gains are most visible in CPU-intensive operations like reindexing and GraphQL query resolution.

Symfony 7.4 LTS

Magento has upgraded all Symfony dependencies to 7.4 LTS:

  • symfony/cache
  • symfony/console
  • symfony/intl
  • symfony/mailer
  • symfony/mime
  • symfony/process
  • symfony/string

Symfony 7.4 is a long-term support release with maintenance until November 2027. This is a meaningful upgrade from earlier Symfony 6.x components — it resolves a class of deprecation warnings that have been accumulating in the codebase and aligns Magento with the current PHP ecosystem.

For most merchants this is transparent. For developers who have custom code that extends or overrides Symfony-dependent classes, review your implementations against the Symfony 7.4 migration guide — some method signatures changed.

Zend_Cache is gone

The deprecated Zend_Cache component has been replaced by Symfony Cache. This has been coming for several major versions and it’s finally done.

Practical implications:

  • Custom modules that instantiate Zend_Cache adapters directly will break. Check for Zend\Cache or Zend_Cache references in your codebase.
  • Magento’s cache frontend interfaces (\Magento\Framework\Cache\FrontendInterface) remain stable — if you’ve been using the framework-level abstractions you’re fine.
  • Third-party extensions that haven’t been updated for 2.4.9 compatibility may have issues here specifically. Test against your full extension list in staging.

Infrastructure additions

Valkey 8.x support. Valkey is a Redis-compatible open-source cache store that forked from Redis when Redis changed its licence in 2024. Adobe has added explicit Valkey 8.x support as an alternative to Redis. If you’re on a managed Redis provider and have been watching the licence situation, this gives you a migration path.

Apache ActiveMQ Artemis support. Artemis is now a supported alternative to RabbitMQ for the message queue backend. This matters for teams running on infrastructure where RabbitMQ isn’t available or is being replaced. Artemis is the current actively-maintained ActiveMQ implementation — the older ActiveMQ Classic is a separate project and is not mentioned in this release.

Security changes in 2.4.9

This release includes the fixes from APSB26-49 (the May 2026 security bulletin) baked in. Key changes:

  • JWT framework updated to the latest major version — affects token generation and validation for Web API integrations.
  • CAPTCHA/reCAPTCHA enforcement now applies to customer account creation via REST and GraphQL APIs, not just the storefront. If you have automated account creation flows (onboarding scripts, integration tests that create customers via API), they will now hit CAPTCHA gates unless you disable them in the admin for specific contexts.
  • Two-factor authentication simplified — only one enabled 2FA provider is now required rather than all configured providers needing to pass.
  • CSP policy updated for Cardinal 3-D Secure integration.

Notable bug fixes

500+ fixes is a lot to enumerate, but a few categories worth flagging:

  • Race condition on concurrent product saves — a long-standing issue where simultaneous product updates could corrupt attribute values is resolved.
  • Inventory API pagination — the stock salable quantity export API now paginates correctly on large catalogues.
  • GraphQL improvements — multiple query and mutation fixes across cart, checkout, and product operations.
  • Braintree — updated for PHP 8.4/8.5 compatibility.

System requirements for 2.4.9

ComponentRequirement
PHP8.4 or 8.5 (8.2 no longer supported)
Composer2.9
MySQL8.0+
Elasticsearch/OpenSearchCurrent supported versions

Before you upgrade

A few things to do before scheduling this:

Audit for Zend_Cache usage. Run grep -r "Zend_Cache\|Zend\\Cache" app/ vendor/ excluding vendor/magento/ — anything that comes back from your own code or third-party extensions needs to be resolved.

Check PHP 8.5 compatibility for all extensions. The extension ecosystem isn’t always fast. Get confirmation of 8.5 support from your critical extension vendors before committing to the upgrade timeline.

Test CAPTCHA enforcement against your integrations. If any automated processes create customer accounts via API, verify how they’ll behave with CAPTCHA enabled.

Stage first. This is a major release with breaking changes at the PHP version and framework level. Don’t run this directly to production.

Official release notes: Adobe Experience League — Magento Open Source 2.4.9

Savan Padaliya

Savan Padaliya

Senior Engineering Consultant

← Back to writing