On February 9th, 2021, Adobe released new security patches and new features for Magento 2. In case you don’t have time to read through the full dev docs, we bring you the highlights so that you can stay on top of these important updates:
Magento Open Source 2.4.2
According to Builtwith, as of February 2021, there are almost 71,000 live Magento 2 Community websites, and fewer than 4,000 Magento 2 Enterprise sites. While these figures are imperfect, we recognize that the sheer majority of Magento sites use the Open Source version of the software. That’s why we’re excited to see a number of great updates and improvements for open-source users. These include:
- Support for Elasticsearch 7.9.x and Redis 6.x
- Expanded support for the SameSite attribute for all cookies
- Compatibility with Composer 2.x
- Improvements to Admin responsiveness for sites with large catalogs
- Support for catalogs up to 20x larger than previous M2 releases
- Optimization of images via the Media Gallery
- 280 fixes for Magento Core
- 35 security enhancements
- Updates to vendor-bundled extensions, such as support for transactional SMS via dotdigital.
This is only a minor update, hence there are no new major features. However, according to the Adobe team “All known issues identified in Magento 2.4.1 have been fixed in this release.”
The Amazon Pay vendor bundled extension has been deprecated. In the recent past it was included with new installations of Magento. Going forward, merchants will have to install this extension from the Magento Marketplace where it is currently available. They will also have to update this extension as they would any other Magento Extension.
*A note from the JetRails Support Team:
Magento 2.4.2 no longer flushes category cache when a merchant adds or removes disabled products to or from a category. Previously, Magento flushed the cache for related categories despite product status. Categories were also unassigned when a category was saved, which led to flushing of category cache. You may want to consider adding new products as “disabled” in order to reduce resource usage while keeping “Update On Save” enabled.
Magento Commerce 2.4.2
On top of the improvements made to the Open Source version of Magento, the Magento Commerce edition v2.4.2 includes improvements such as:
- Interactive in-Product Guidance, allowing merchants to manage advanced product content such as feature announcements, walk-through guides, onboarding information, and tooltips.
- Improvements to the B2B purchase approval experience.
- An ALPHA release of a new Upgrade Compatibility Tool, which is intended to help merchants compare their production deployments to a new release.
They’ve also deprecated support for split databases. These will be removed in Magento 2.5, so Magento Commerce on-premises users that opted to take advantage of this feature will need to migrate to a single database in the future. This is not surprising as Magento’s architects have been planning a move toward a microservices architecture.
Magento 2.4.1-p1 and Magento 2.3.6-p1 Security-Only Patches
For those that aren’t ready to upgrade to Magento 2.4.2, you now have the option of installing a security-only patch to your site. Whether you’re on Magento 2.3.6, or 2.4.1, there’s a patch available to cover the 35 security vulnerabilities that are otherwise resolved by upgrading to 2.4.2.
As always, it’s crucial to install security patches in a timely fashion. In this case, you’ll be protecting your site against several vulnerabilities that Adobe has labeled as Critical. These issues could otherwise leave you open to attacks from cross-site scripting to XML injection.
Magento 2.3 and 2.4 Backward Incompatible Change Tracking
Adobe is tracking changes that are not backward compatible. If a change is made in a release of Magento that extensions and other assets may not be compatible with, it’s being documented it is being published. This is true for Magento 2.3.x backward-incompatible changes and Magento 2.4.x backward-incompatible changes. It’s highly recommended that you look over these documents before upgrading Magento versions, in order to identify potential issues and plan accordingly.
Magento PWA Studio 9.x
PWA Studio 9 is an iterative update. As with previous updates, the goal is to make it faster and easier to use PWA Studio to launch and manage a Progressive Web Application (PWA) for the frontend user experience of your Magento store. Enhancements include support for internationalization and localization, allowing you to serve up unique content to shoppers in different regions of the world, and switch currencies as-needed. Another noteworthy update is the native support for wishlists, saved payments, address books, and order histories in the My Account area.
PHP 7.3 End of Life Is Approaching
Since PHP 7.3 is reaching end of life in December 2021, it’s important to plan to upgrade to PHP 7.4.
Magento 2.4 already supports PHP 7.4, so if you’re keeping your site up to date with Magento 2.4.x, we’re here to support you with your PHP upgrade.
If you’re still on Magento 2.3.x, you’re in great company with many of our favorite clients, but you’ll have to wait a bit longer to upgrade PHP. Adobe has shared that support for PHP 7.4 will be released with Magento 2.3.7 in May 2021.