Introduction
Magento 2.4.9 went live on 12 May 2026, and it is a bigger release than the version number suggests. This is not a small patch with a few bug fixes tacked on. Adobe has replaced three core framework components, raised the minimum PHP version, and shipped the largest bug-fix count of any 2.4.x release to date.
If you run a Magento or Adobe Commerce store, this guide covers what has actually changed, who needs to upgrade now, and what to check before you do. Our Adobe Commerce Certified team has handled upgrades like this for years, and 2.4.9 is one where preparation matters more than usual.
What's Actually New in Magento 2.4.9
Adobe describes this as a platform modernisation release rather than a features release. There is no flashy new storefront tool. What you get instead is a more stable, more secure, better-performing core which matters more in the long run than another admin widget.
PHP 8.5 support, PHP 8.2 dropped
Magento 2.4.9 supports PHP 8.4 and PHP 8.5. PHP 8.2 is no longer supported at all. PHP 8.3 will technically run during the upgrade process, but it is not meant for production use afterwards. If your hosting still runs PHP 8.2, that needs sorting before you go anywhere near this upgrade.
Three core framework components replaced
This is the part that affects custom code and extensions most.
Zend_Cache has been replaced with Symfony Cache. This should improve cache performance and keep Magento compatible with modern PHP versions going forward. Any custom module that hooks directly into Zend_Cache classes will need updating.
Laminas MVC has been swapped for a native PHP implementation. This is a big architectural change. Custom code that extends Laminas MVC classes directly will break unless it is updated to match.
TinyMCE has been replaced by HugeRTE, an open-source fork built to the same basic API. TinyMCE reached end of life, and its newer version came with licensing terms that did not suit Magento. HugeRTE keeps most things working without changes for simple use, but custom TinyMCE plugins or deep editor customisations will need testing.
None of these three changes affects what customers see on your storefront. All three affect whether your existing code keeps working after the upgrade.
Database and search requirements raised
Magento 2.4.9 targets MySQL 8.4 LTS or MariaDB 11.4. Both MySQL 8.0 and MariaDB 10.6 have been dropped from support. On the search side, OpenSearch 3.x is the target version. For caching, Valkey is now fully supported as the Redis-compatible backend, which matters because Redis itself has shifted licensing direction in recent years.
Security improvements
Admin two-factor authentication has been simplified. You now only need to configure one enabled 2FA provider to log in, rather than every enabled provider a small change that removes a genuine point of friction for admin teams.
CAPTCHA and reCAPTCHA enforcement on customer account creation has been tightened for both REST and GraphQL APIs, closing a gap that previously allowed account creation to bypass CAPTCHA checks through the API. If your store relies on API-based account creation flows for B2B portals or ERP integrations, this is worth testing specifically, since it can break unauthenticated registration if you are not prepared for it.
The OAuth library has moved from a third-party dependency to native PHP OAuth functions, and JWT handling has been upgraded to the latest major version. Both changes reduce dependency risk and tighten security around API authentication.
Payment and checkout improvements (Adobe Commerce / Braintree)
This section applies to Adobe Commerce stores using Braintree rather than Magento Open Source. New local payment methods have been added, including BLIK for Polish shoppers and Pay Upon Invoice for German buyers. Apple Pay support now extends to Chrome and Firefox through a QR code flow, not just Safari. Google Pay cards can now be vaulted from the customer account area, and saved cards update automatically when they expire or get reissued, which should reduce failed subscription renewals.
More than 500 fixes
Adobe lists 501 fixed issues in Magento Open Source 2.4.9, and 560+ in Adobe Commerce. These span checkout, cart behaviour, inventory, search, GraphQL, and admin workflows. Several long-standing edge-case bugs that developers have worked around for years are addressed in this release, which on its own makes the upgrade worth planning for.
Who Should Upgrade Now (and Who Should Wait)
Not every store needs to move to 2.4.9 immediately. The right timing depends on which version you are running today.
Running 2.4.5 or 2.4.6:
This is urgent. Support for 2.4.6 ends 11 August 2026. Once that date passes, your store stops receiving security patches entirely. The upgrade path from 2.4.6 is not direct; you need to pass through 2.4.8 first. Start planning now if you have not already.
Running 2.4.7 or 2.4.8:
You have more breathing room. Support for 2.4.8 runs until April 2028. There is no need to rush, but this is a sensible time to begin a readiness assessment while extension vendors are actively shipping 2.4.9-compatible updates.
Running heavily customised stores or ERP integrations:
Budget extra time. The framework replacements in this release mean any code touching Zend_Cache, Laminas MVC, or TinyMCE plugins needs a proper compatibility audit before you set an upgrade date.
Already on 2.4.9 beta or considering an early move:
Beta releases carry no Adobe support and should never sit in production. Wait for the general availability build, which has already shipped, and ideally let the first security patch land before going live on a complex store.
As a general guide, most stores without heavy customisation should target an upgrade in the second half of 2026, once the extension ecosystem has caught up and the first post-release security patch has shipped.
How to Prepare for the Upgrade
A structured approach reduces the risk of a failed deployment. Here is what we recommend checking, in order.

-
Confirm your hosting environment.
Check your PHP version with your hosting provider and move to PHP 8.4 or 8.5 ahead of the Magento upgrade itself. Confirm your database is on MySQL 8.4 LTS or MariaDB 11.4, and that your search and cache infrastructure meet the new minimums.
-
Audit custom code and extensions.
Search your codebase for direct references to Zend_Cache, Laminas MVC classes, or TinyMCE plugin APIs. Contact your extension vendors directly and ask about their 2.4.9 compatibility timeline rather than assuming it will just work.
-
Set up a proper staging environment.
Clone production data and integrations into staging before attempting anything on a live store. This needs to include the same third-party integrations you run in production payment gateways, ERP connections, marketing tools not just a bare Magento install.
-
Test the full customer journey.
Checkout, account creation, product search, payments, and admin workflows all need to pass before you consider moving to production. Pay particular attention to API-based account creation if you run B2B portals or external integrations, given the CAPTCHA enforcement change.
-
Plan your deployment window.
Schedule the live upgrade for low-traffic hours and have a rollback plan ready. Even with thorough staging testing, a live cutover deserves a contingency plan.
-
Apply security patches regardless of timing.
If you are not ready to move to 2.4.9 yet, make sure you have applied your current version’s companion security patch. These shipped alongside 2.4.9 for all supported lines and address real vulnerabilities, independent of whether or not you upgrade the major version.
How KiwiCommerce Can Help
Magento upgrades involving framework-level changes are exactly the kind of work where having an experienced team matters. Our Adobe Commerce Certified developers have handled major version upgrades across complex, integration-heavy stores including environments connected to ERP systems, custom B2B portals, and bespoke checkout flows.
We run a structured audit first: checking your current codebase against the 2.4.9 framework changes, flagging anything that needs rework before staging even begins, and giving you a clear view of the work involved before you commit to a timeline. If you are unsure whether your store is ready, or want a second opinion before scheduling the upgrade, our Magento development team can take a look.
Key Takeaways
- Magento 2.4.9 launched 12 May 2026 and is the largest architectural shift in the 2.4.x line since 2.4.4
- PHP 8.2 support has been dropped entirely; PHP 8.4 or 8.5 is now required
- Three core components have been replaced: Zend_Cache, Laminas MVC, and TinyMCE
- Stores on 2.4.5 or 2.4.6 face a hard deadline; support ends 11 August 2026
- Stores on 2.4.7 or 2.4.8 have more time but should start a readiness audit now
- Heavily customised stores need a compatibility audit before setting an upgrade date
- Apply your current version’s security patch regardless of when you plan to upgrade