Search
Contact Us

Adobe Commerce 2.4.8: A Planning Guide for Merchants Who Haven’t Upgraded Yet

Adobe Commerce 2.4.8 Upgrade Guide
Atwix Team Avatar
Atwix Team

The support deadlines are here. Here’s what deserves your attention.

Adobe Commerce 2.4.8 has been out since April 2025. It is now four security patches deep, with 2.4.8-p4 released in March 2026. Adobe Commerce 2.4.9 is already on the schedule for May 2026.

If your store is still running 2.4.4, 2.4.5, 2.4.6, or even 2.4.7 and you have not started planning, the window for a comfortable upgrade is getting narrow.

We went through the full release notes so you don’t have to. Here’s what changed, what was removed, and what deserves coordination across your engineering, infrastructure, and business teams.

Where You Stand

Current VersionSupport EndsWhat to Do
2.4.4April 2026Support ends in weeks. If you have not started an upgrade, this needs immediate attention.
2.4.5August 2026About 5 months remaining. Upgrade planning should be underway.
2.4.6August 2026Same timeline as 2.4.5. Apply the latest security patch and begin scoping the move.
2.4.7April 2027More flexibility. Worth evaluating alongside 2.4.9 plans.

Running an unsupported version means no security patches, no bug fixes, and no official support. For stores handling payments and customer data, that is a measurable business risk  –  not a theoretical one.

As the #1 global Adobe Commerce code contributor, Atwix has been working through 2.4.8 upgrades with B2B and enterprise merchants since the release. Here is what we have seen matter most.

What This Means for Your Business

An unsupported version means no security patches, no bug fixes, and no official support. For stores processing payments and handling customer data, that exposure compounds every month. And the longer you delay, the more migrations stack up – PHP, database, search engine, message queue, and caching layer may all need to change at once.

On the other side: 2.4.8 is supported until April 2028 and aligns with Adobe’s direction – Edge Delivery Services, composable commerce through GraphQL, and Adobe Commerce as a Cloud Service. Upgrading now buys you a stable foundation for the next three years

What Was Removed

Worth paying closer attention to what was removed – these changes will affect your upgrade path more than the new features will.

  • PHP 8.1  –  fully removed. Not deprecated. Gone from all libraries, extensions, and dependencies. You need PHP 8.3 minimum to run 2.4.8. If your hosting environment is still on PHP 8.1, that has to change before anything else.
  • Elasticsearch  –  deprecated. Adobe Commerce is now optimized for OpenSearch 2.19. Elasticsearch 7 and 8 modules are deprecated in the codebase, and selecting Elasticsearch in the Admin panel now shows a deprecation notice. If Elasticsearch is still in your environment, that deserves roadmap time now  –  not later.
  • Encryption key management via Admin UI  –  removed. Key rotation is now CLI-only. This is more secure, but it is a real workflow change for store operators who previously handled this through the Admin panel.
  • TinyMCE 5  –  removed. The platform moved to TinyMCE 6, and as of the latest patches, Adobe is already migrating to the open-source HugeRTE editor. Custom editor plugins and content workflows may need review.
  • Sofort and Giropay  –  removed from Braintree. If customers used these payment methods, alternatives need to be communicated.
  • Data Collector support tool  –  removed for security reasons.

If you are reading this and realizing your version is approaching end of support, we can help you scope the upgrade.

What Deserves Roadmap Time

For teams ready to dig into the details, here is what we would pay attention to from an infrastructure, technical, and strategic perspective.

Infrastructure and Compatibility

Database, PHP, queueing, cache, and search all need a close look before upgrading.

  • PHP 8.4 compatibility added alongside continued PHP 8.3 support. PHP 8.2 is only maintained for upgrade transition.
  • MariaDB 11.4 LTS (supported until 2029) and MySQL 8.4 LTS (supported until 2032) replace versions hitting end-of-life in 2026. Note that MySQL 8.4 introduces stricter foreign key validation, which may require configuration adjustments.
  • RabbitMQ 4.x support added, but classic mirrored queues must be migrated to quorum queues before upgrading. This is a required prerequisite.
  • Valkey 8.x cache support added as a Redis alternative.
  • Composer 2.9.x compatibility (as of p4) and PHPUnit 10 as the new testing standard. Custom modules and extensions need validation.

Search Migration

Adobe is clearly steering the ecosystem toward OpenSearch. The deprecation notices, the optimization for OpenSearch 2.19, and the removal of Elasticsearch compatibility all point in one direction. For on-premises deployments where search infrastructure is managed independently, this migration deserves early planning.

Security

  • Duo Security 2FA updated to Web SDK v4  –  new Client ID and Secret required in Admin settings.
  • New ACL permissions no longer auto-grant to existing admin roles. Better for security, but requires attention during module deployments.
  • 2.4.8-p4 includes vulnerability fixes per Adobe Security Bulletin APSB26-05, plus DHL MyDHL REST API support as DHL phases out older APIs.

GraphQL and Headless Readiness

If a headless or API-driven storefront is part of your plan, 2.4.8 significantly expanded GraphQL coverage for cart, checkout, orders, customers, and product data. Error handling improved across the board, guest order management was added, and pricing fields were expanded for more accurate storefront rendering. These changes are tied to Adobe’s push toward the Adobe Commerce Storefront powered by Edge Delivery Services.

B2B Improvements

Shared catalog visibility and admin access inconsistencies were resolved. Purchase order quotes are no longer accidentally deleted by cron jobs. Category permissions UI was redesigned to handle large permission sets. Sitemap generation now correctly respects shared catalog and category permission rules.

Payments

Braintree received a significant update: shipping methods now display inside PayPal and Google Pay modals for fewer checkout steps, cart line items are visible in Apple Pay and Google Pay modals, and package tracking syncs to PayPal automatically  –  reducing disputes and speeding up fund releases.

Performance

Default indexer mode changed to Update by Schedule. Bulk tier price API updates no longer cause site slowdowns. Large cart performance improved. Configurable product editing no longer causes timeouts for stores with many attribute options.

Next Steps

  1. Confirm your current version and PHP environment. Know exactly where you stand.
  2. Apply the latest security patch for your current version  –  regardless of upgrade timeline.
  3. Scope the upgrade with your development team. Identify extension compatibility, infrastructure requirements, and testing needs early.
  4. Plan your search engine migration if Elasticsearch is still in your stack.
  5. Factor in the RabbitMQ queue migration if moving to RabbitMQ 4.x.

How Atwix Can Help

Atwix has been guiding Adobe Commerce merchants through upgrades like this for over a decade  –  including complex B2B environments, multi-store setups, and heavy customizations.

Here’s what it looks like when you reach out: we review your current version and infrastructure, flag the highest-risk areas specific to your store, and give you a realistic timeline and scope for the upgrade. No surprises.

Let’s talk about your upgrade path →

Sources: Adobe Commerce 2.4.8 Release Notes, 2.4.8 Security Patch Notes, Released Versions  –  Adobe Experience League

Share post: