Magento 2.4.7-p6
1 July 2025
Magento version 2.4.7-p6 is now available (security release).
Upgrading to Magento 2.4.7-p6
Magento 2.4.7-p6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.4.7-p6 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.4.7-p6
2.4.7-p6
The Adobe Commerce 2.4.7-p6 security release provides security bug fixes for vulnerabilities identified in previous releases of 2.4.7.
NOTE
- After installing this security patch, Adobe Commerce B2B merchants must also update to the latest compatible B2B security patch release.
Highlights
- MariaDB support—Added support for MariaDB 10.11.
- API performance enhancement—Resolves performance degradation in bulk asynchronous web API endpoints that were introduced after the previous security patch.
- CMS Blocks access fix—Resolves an issue where Admin users with restricted permissions (such as merchandising-only access) were unable to view the CMS Blocks listing page.
- Previously, these users encountered an error due to missing configuration parameters after installing previous security patches.
- Cookie limit compatibility—Resolves a backward-incompatible change involving the MAX_NUM_COOKIES constant in the framework. This update restores expected behavior and ensures compatibility for extensions or customizations that interact with cookie limits.
- Async operations—Restricted async operations for overriding previous customers orders.
2.4.7-p5
Known Issues
- Issue: When installing 2.4.7-p5 with PHP 8.2 or higher, the system installs paypal/module-braintree version 4.7.0, which is intended for 2.4.8 and newer. For PHP 8.1, the correct Braintree version 4.6.1-p5 is used. This mismatch is due to the loose dependency on adobe-commerce/extensions-metapackage: ~2.0 in the metapackage. This impacts the compatibility and supported feature set for PHP 8.2+ deployments.
- Additionally, for versions 2.4.7-p3, 2.4.7-p4, and 2.4.7-p5, the Braintree extension version 4.6.1-p5 may be installed, while some users expect 4.6.1-p3 or p4, due to prior stricter dependencies having been relaxed to allow for extension upgrades within a release line.
- Workaround: To ensure that you have the correct Braintree version for your PHP version, run composer update to install the appropriate version as dictated by the adobe-commerce/extensions-metapackage:2.0.0 dependency.
2.4.7-p4
Security
- Fix for CVE-2025-24434—Resolves an authorization vulnerability.
Highlights
- Managing encryption keys and re-encrypting data—Redesigned managing encryption keys to improve usability and eliminate previous limitations and bugs.
- New CLI commands are now available for changing keys and re-encrypting certain system configuration, payment, and custom field data. Changing keys in the Admin UI is no longer supported in this release. You must use the CLI commands.