On Tap
search
menu
Magento 2.4.9
Magento

Magento 2.4.9 Is Here: Everything Merchants Need to Know Before Upgrading

11 min read

Magento 2.4.6 and earlier are now operating without ongoing security coverage following MySQL 8.0 reaching End of Support on 30 April 2026. For many merchants, upgrading is no longer optional. It is becoming a business-critical requirement.

Magento 2.4.9 is also far more than a routine update. The release introduces major infrastructure, performance, and security changes, including PHP 8.4 support, Valkey compatibility, and PCI DSS 4.0 improvements. In this guide, we break down what has changed, the biggest risks to watch for, and how merchants should approach the upgrade safely.

Why 2.4.9 matters

Magento 2.4.9 is not a routine patch release. It is the platform’s most substantial update in years. Early beta releases alone addressed more than 500 issues across Magento Open Source and Adobe Commerce, with improvements focused on infrastructure modernisation, PHP support, performance, and security hardening.

The scale of the release has real operational implications for merchants. From PHP 8.4 compatibility and Valkey support to PCI DSS 4.0 improvements, 2.4.9 introduces changes that directly affect hosting environments, extension compatibility, and long-term platform stability.

PHP 8.4 and 8.5 support

Magento 2.4.9 officially supports PHP 8.4 and introduces forward compatibility with PHP 8.5. This is the most consequential infrastructure change in the release. PHP 8.4 brings meaningful performance improvements in JIT compilation and memory handling, which translate directly into faster page loads and more efficient server utilisation. For merchants still on PHP 8.1 or 8.2, this release marks the end of the road for those versions within the Magento ecosystem.

What you should do

Before scheduling your upgrade, confirm your hosting environment is ready for PHP 8.4 or above. If you are on managed hosting, check with your provider that PHP 8.4 is available and fully supported on your plan. If you are self-hosted, set up a staging environment running PHP 8.4 and test all custom modules against it before touching production. Any extension that has not been updated for modern PHP will break, so this check is non-negotiable.

Valkey caching support

Magento 2.4.9 introduces official support for Valkey, the open-source community fork of Redis that emerged after Redis Labs changed its licensing terms. This is one of the quieter additions in the release, but it carries significant operational weight. By making Valkey a first-class citizen in the Magento stack, Adobe is signalling a clear direction: the ecosystem is moving towards a fully open-source caching layer and hedging against ongoing Redis licensing uncertainty.

What you should do

If you are currently running Redis, there is no immediate pressure to switch. Your existing setup will continue to work. However, if you are evaluating infrastructure costs, planning a hosting migration, or have concerns about Redis licensing for commercial use, now is the right time to assess Valkey as a like-for-like replacement. Set up a staging environment with Valkey, benchmark it against your current Redis configuration, and review whether the switch makes sense for your business before committing to a change in production.

Security improvements

Security hardening is a core focus of 2.4.9, and the timing is deliberate. PCI DSS 4.0 compliance became mandatory in April 2025, introducing stricter requirements around payment page security, authentication, and script management. Previous Magento versions addressed some of these requirements through third-party patches or manual workarounds. With 2.4.9, several of these gaps are resolved at the platform level, reducing the compliance burden for merchants who process payments directly through their storefront.

What you should do

If your store handles payments and you are running Magento 2.4.6 or earlier, the security improvements in 2.4.9 are a primary reason to prioritise this upgrade. Review the official PCI DSS 4.0 requirements against your current setup to identify any outstanding gaps before upgrading. If you are unsure where your store stands on PCI DSS 4.0 compliance, consult your payment provider or a qualified security assessor before scheduling the migration.

Third-party compatibility: themes and extensions

Upgrading the core platform is rarely where things go wrong. The real risk lies in your third-party ecosystem: the themes, extensions, and integrations that your store depends on daily. With 2.4.9 introducing PHP 8.4 support, any theme or extension that has not been updated for modern PHP will break. This audit step is the one most merchants underestimate, and it deserves dedicated time before you touch your production environment.

Hyvä themes

For merchants running Hyvä, compatibility with 2.4.9 is a critical checkpoint before proceeding. Hyvä is trusted by over 7,000 online stores, and its recent releases, including Checkout 1.3.10 published on 23 April 2026, have been building towards 2.4.9 support. Before upgrading, check the Hyvä compatibility module tracker at gitlab.hyva.io and confirm that your specific Hyvä version and any associated compatibility modules have been verified against 2.4.9. Rushing an upgrade without confirming theme compatibility is a reliable way to break your checkout flow.

Extensions

Create a full inventory of every installed extension and check each vendor's 2.4.9 compatibility status before proceeding. Pay particular attention to the following categories, as these carry the highest risk of causing breakage:

  • Payment gateways, which sit directly in the checkout path and have the greatest impact on revenue if they fail

  • Search integrations, particularly if you are running ElasticSuite or a third-party search provider with deep indexing hooks

  • ERP and PIM connectors, which often integrate tightly with core Magento processes and are slower to receive vendor updates

Contact vendors directly if their public documentation does not confirm 2.4.9 compatibility. Do not assume silence means compatibility.

The upgrade timeline

Do not upgrade on day one. 2.4.9 is a substantial release, and a rushed migration carries real risk. The following timeline is designed to give your team enough runway to test thoroughly, resolve compatibility issues, and execute the production upgrade with confidence.

Week 1 (12 to 18 May) - Discovery and audit: Review the full GA release notes, complete your extension and theme compatibility inventory, and identify any third parties that have not yet confirmed 2.4.9 support. Flag vendors that require direct follow-up.

Weeks 2 to 3 - Staging and compatibility testing: Set up a staging environment running 2.4.9 and PHP 8.4. Run your full extension suite against it, resolve any issues with vendors, and document any workarounds required. Do not proceed to production until this environment is stable.

Week 4 - Performance testing: Test the staging environment against your current production baseline. Look specifically for regressions in page load times, checkout completion rates, and indexer performance. Any unexplained slowdown at this stage is cheaper to fix than after go-live.

Week 5 onwards - Production upgrade: Schedule the production upgrade during your lowest-traffic window. Ensure your rollback plan has been tested and is ready to execute, not just documented. Have your development team on standby for the first 48 hours post-upgrade.

On Tap's take

On Tap is a Magento specialist agency with experience delivering complex Adobe Commerce upgrades across multiple industries. Here is our honest assessment of 2.4.9.

This release is Adobe's most confident statement about the platform's long-term future in years. The shift to annual major releases, PHP 8.5 forward compatibility, official Valkey support, and platform-level PCI DSS 4.0 improvements collectively make a stronger case for staying on Magento than at any point in the past two years. For merchants weighing up whether to upgrade or replatform, 2.4.9 removes several of the most common technical arguments for leaving.

That said, the quality of your upgrade experience will depend almost entirely on how well you plan it. The risk, as always, lies in your third-party ecosystem.

Ready to upgrade?

On Tap offers a structured compatibility assessment covering your extension stack, hosting environment, and theme compatibility. Get in touch with our team to receive a prioritised action list and a realistic upgrade roadmap tailored to your store.

The Consumer Spending Paradox: Why Healthy Toplines Are Masking a Structural Shift in eCommerce Previous Post
Dirty Frag Linux Kernel Vulnerability: What Magento and Adobe Commerce Merchants Need to Do Right Now Next Post
Vertical_banner

On Tap Wins Big at the 2025 eCommerce Awards

Blog_Post_Promo_Badge_1 Blog_Post_Promo_Badge_2 Find out more
Livechat