Magento 2.4.8-p1
1 July 2025
Magento version 2.4.8-p1 is now available (security release).
Upgrading to Magento 2.4.8-p1
Magento 2.4.8-p1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.4.8-p1 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.4.8-p1
The Adobe Commerce 2.4.8-p1 security release provides security bug fixes for vulnerabilities identified in previous releases of 2.4.8.
IMPORTANT
- After installing this security patch, Adobe Commerce B2B merchants must also update to the latest compatible B2B security patch release. See B2B release notes.
Security
- Fix for CVE-2025-47110—Resolves an email templates vulnerability.
- Fix for VULN-31547—Resolves a category canonical link vulnerability.
Highlights
- This release includes the following highlights:
- API performance enhancement—Resolves performance degradation in bulk asynchronous web API endpoints that were introduced after the previous security patch.
- CMS Blocks access fix—Resolves an issue where Admin users with restricted permissions (such as merchandising-only access) were unable to view the CMS Blocks listing page.
- Previously, these users encountered an error due to missing configuration parameters after installing previous security patches.
- Cookie limit compatibility—Resolves a backward-incompatible change involving the MAX_NUM_COOKIES constant in the framework. This update restores expected behavior and ensures compatibility for extensions or customizations that interact with cookie limits.
- Async operations—Restricted async operations for overriding previous customers orders.