Magento/Adobe Commerce 2.4.3
…and the long-awaited release of Page Builder for Magento Open Source
This release includes over 370 fixes to Magento’s core and 33 security enhancements. It addresses almost 290 issues that were being tracked in GitHub.
The most important and exciting feature is, by far, Page Builder being added to Magento Open Source as a core bundled extension. Page Builder is now the default content editing tool and promises to allow a more user-friendly experience for creating and editing content via CMS Pages, CMS Blocks, Category Descriptions, and Product Descriptions.
Other notable improvements include ReCAPTCHA coverage for the Place Order storefront page and payment-related Web APIs. When enabled via the Magento admin, this should add an additional layer of protection against carding attacks, one of the many ways bots cause trouble for eCommerce sites.
Access the full details on Magento Open Source 2.4.3 at https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-3.html
Or, the details on Adobe Commerce 2.4.3 at https://devdocs.magento.com/guides/v2.4/release-notes/commerce-2-4-3.html
Magento/Adobe Commerce 2.4.2-p2 AND 2.3.7-p1
These security-only patches address a mix of important and critical security issues. If you’re not yet ready to upgrade to 2.4.3, then your best bet is to bring your site up to date with security-only patching as a stopgap measure.
You can also get more specific information about each respective patch at:
Magento 2.3.7-p1: https://devdocs.magento.com/guides/v2.3/release-notes/2-3-7-p1.html
Magento 2.4.2-p2: https://devdocs.magento.com/guides/v2.4/release-notes/2-4-2-p2.html
Magento 2-Performance-Fixes From The Community
First up, a solution to resolve an issue in which Redis caching overtaxes resources unnecessarily. In essence, this fix locks the caching process until it’s complete so that new requests to build the cache don’t start while an existing process to build the cache is already underway: https://github.com/maritos/magento2-performance-fixes
Shout out to Alessando Ronchi, who added this to his list of useful Magento resources at https://github.com/aleron75/mageres, where we came upon it.
We also noticed a solution to make existing Magento themes like Luma and Hyvä a PWA by adding a service worker to Magento 2 to enable PWA features: https://github.com/monsoonconsulting/magento2-pwa
Note: As with all code, please review and test thoroughly before deploying to your production environment.
PWA Studio 11
This latest version of PWA Studio includes new wishlist features, initial work to support virtual product types, the ability to add new editable payment methods, accessibility updates, improvements to layered navigation, and more. These updates help to make the Venia theme more polished for merchants that want to invest in a PWA frontend.
Learn more about this latest PWA Studio release at: https://github.com/magento/pwa-studio/releases
Adobe/Magento partners with Walmart
Walmart has developed some of the most advanced omnichannel software in the world, helping their business service customers across online and in-store sales channels. They have announced that they’re going to be opening up this software for use by Adobe Commerce and Magento Open Source merchants, in partnership with Adobe.
For merchants, this may feel like something they’re used to seeing from Amazon, which has opened its data centers (via AWS), payment processing (via Amazon Payments), and fulfillment services (via FBA), just to name a few initiatives that commercialized what were once internal Amazon resources.
While these SaaS solutions won’t be officially available to merchants until an undisclosed date in early 2022, we do have insights into what will be offered. For instance, there are expected to be solutions to assist with in-store and curbside pickup, as well as advanced delivery options. Merchants are also expected to have additional options for connecting to Walmart’s marketplace and for warehousing goods in Walmart’s fulfillment centers.
To quote Suresh Kumar, Chief Technology Officers and Chief Development Officer of Walmart, “The core mission of helping people save money and live better is at the heart of every idea including Scan & Go and checkout technologies, AI-powered smart substitutions and pickup and delivery…”.
Getting even more specific, here are some of the features mentioned in the Adobe blog post on this topic:
Pricing for these new offerings is also a big unknown, so it’s not advisable to wait on these solutions to evolve your Magento operations.
In the meantime, you can still benefit from a wide range of tried and tested solutions that integrate with Magento. For instance, you can work with 3PLs and fulfillment centers like RubyHas, ShipBob, and ShipMonk that are dedicated to the success of merchants like you. You can use checkout tech like ShipperHQ to offer advanced store/curbside pickup options, and Quivers to add advanced omnichannel experiences to your business operations. You can work with solutions like GoDataFeed or M2EPro to integrate with Walmart’s marketplace.
Mage-One Patches 50 through 59
For those using Magento 1, the team at Mage-One has released their next 10 patches. We’ve reported on the first 48 in our article about Magento 1 Security after June 2020. If you have questions about the Mage-One service, please ask your JetRails account representative for more information. In the meantime, here are details on these fresh patches:
Patch MO-50: Improves PHP5.6 compatibility for unserialization.
Note: This is not a recommendation to use PHP5.6. Merchants should be running at least PHP7.3. At the time of the writing of this article, only PHP7.3 and up are being supported. PHP 5.6 went end of life at the end of 2019.
Patch MO-51: Updates phpseclib to version 2.0.32 to fix CVE-2021-30130
Patch MO-52: Fixes a persisted XSS vulnerability
Patch MO-53: Restores missing .htaccess files from core automatically.
Patch MO-54: Improves PHP8 compatibility
Note: PHP8 was released at the end of 2020. It’s foreseeable that some Magento extensions and other customizations will need adjustments in order to be compatible. Your JetRails account manager can help make sure that your JetRails account is ready for appropriate testing to ensure that your site is compatible before you switch to PHP8 for your production environment.
Patch MO-55: Prevents DoS attack via passwords larger than 4k
Patch MO-56: Stops an admin with permission to import/export data from being able to edit cms pages by injecting an executable file on the server via layout XML.
Patch MO-57: Addresses arbitrary command execution in Custom Layout Update via block method.
Patch MO-58: Solves a vulnerability in which arbitrary file deletion in customer media allows remote code execution.
Patch MO-59: This patch adds brute force attack prevention to the customer login via Frontend and API as well as the admin panel login.