Magento 2.4.2: All you need to know

Technical Overview Upgrade to 2.4.2

Magento Open Source 2.4.2 introduces enhancements to performance and security plus significant platform improvements. Security enhancements include expansion of support for the SameSite attribute for all cookies. Elasticsearch 7.9 and Redis 6 are now supported.

This release includes over 280 new fixes to core code, and over 30 security enhancements. It includes the resolution of almost 290 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in GraphQL.

All known issues identified in Magento 2.4.1 have been fixed in this release.

Infrastructure improvements

This release contains enhancements to core quality, which improve the quality of the Framework and these functional areas: Customer Account, Catalog, CMS, OMS, Import/Export, Promotions and Targeting, Cart and Checkout, and Staging and Preview.

Platform enhancements

  • Elasticsearch 7.9.x is now supported. Although we recommend running Elasticsearch 7.9.x, Magento 2.4.x remains compatible with Elasticsearch 7.4.x.
  • Magento 2.4.2 has been tested with Varnish 6.4. Magento 2.4.x remains compatible with Varnish 6.x.
  • Redis 6.x is now supported. Magento 2.4.x remains compatible with Redis 5.x.
  • Magento 2.4.2 is now compatible with Composer 2.x. We recommend that merchants migrate to Composer 2.x. Although you can install this release using Composer 1.x, Composer 1.x will soon reach end-of-life. For an overview of Composer 2.x features, see Composer 2.0 is now available!

The ability to configure a Magento installation to use a split database has been deprecated in this release. Merchants who currently use split database should start planning to revert to or migrate to a single database or use an alternative approach.

Performance enhancements

This release includes code enhancements that boost API performance and Admin response time for deployments with large catalogs. Multiple scalability enhancements enable Magento 2.4.2 to natively support complex catalogs up to 20x larger than in previous releases.

Security Patch only 2.4.1-p1

We can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. This release includes over 35 security fixes and platform security improvements. All security fixes have been backported to Magento 2.4.1-p1 and Magento 2.3.6-p1.

Additional security enhancements

Security improvements for this release include:

  • All core cookies now support the SameSite attribute.
  • Magento now displays messages that identify potentially malicious content in product and category description fields when the user tries to save values in these fields.
  • File system operations across Magento components have been standardized and hardened to prevent malicious uploads.
  • Core Content Security Policy (CSP) violations have been fixed.



Depending on budget and also pending a Magento developers assessment of your store. The merchant has a choice of whether to opt for the full upgrade to 2.4.2 or to just patch the site (eg. Only receive the security updates). Although all of the fixes, improvements and enhancements are “under the hood” in Magento 2.4.2. The benefits of a client receiving the full upgrade rather than just the security patch is that Magento have fixed over 280 issues raised by the community since 2.4.1 which is better to have than not. Plus an upgrade to 2.4.2 will also include all of the security enhancements too.

For those merchants who we can only apply a security patch to (2.4.1-p1) will receive over 35 security enhancements to their store. As always at very least your site should be patched to the latest secure version.

Do you need more information or support? Contact us at 

Want better?
Let’s talk