Update Feed

Magento 2.4.8-p1

1 July 2025

Magento version 2.4.8-p1 is now available (security release).

Upgrading to Magento 2.4.8-p1

Magento 2.4.8-p1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.4.8-p1 upgrade prior to applying it live. Get started managing your Magento installations with Installatron

What's New in Magento 2.4.8-p1

The Adobe Commerce 2.4.8-p1 security release provides security bug fixes for vulnerabilities identified in previous releases of 2.4.8.

IMPORTANT

After installing this security patch, Adobe Commerce B2B merchants must also update to the latest compatible B2B security patch release. See B2B release notes.

Security

Fix for CVE-2025-47110—Resolves an email templates vulnerability.
Fix for VULN-31547—Resolves a category canonical link vulnerability.

Highlights

This release includes the following highlights:
API performance enhancement—Resolves performance degradation in bulk asynchronous web API endpoints that were introduced after the previous security patch.
CMS Blocks access fix—Resolves an issue where Admin users with restricted permissions (such as merchandising-only access) were unable to view the CMS Blocks listing page.
Previously, these users encountered an error due to missing configuration parameters after installing previous security patches.
Cookie limit compatibility—Resolves a backward-incompatible change involving the MAX_NUM_COOKIES constant in the framework. This update restores expected behavior and ensures compatibility for extensions or customizations that interact with cookie limits.
Async operations—Restricted async operations for overriding previous customers orders.