On August 9th, 2022, Adobe released Magento 2.4.5. As always, we’re excited to share information that will help you plan your path forward with this new version of Magento Open Source and Adobe Commerce. We’ve also shared insights about a wide range of other important updates from across the Magento ecosystem.
This release includes 20 security fixes and improvements. According to Adobe Security Bulletin APSB22-38, all of the security vulnerabilities that were patched would require an attacker to have admin privileges and be authenticated in order to exploit them. In other words, while these need to be patched within 30 days for PCI-DSS compliance purposes, and are serious in nature, a hacker would first have to gain privileged access to your Magento admin or hosting in order to leverage these vulnerabilities.
Additional security improvements include updates such as the addition of reCAPTCHA to the Create New Customer Account and Wish List Sharing functionality.
In regards to general improvements, there are many. These include support for Composer 2.2, TinyMCE 5.10.2, jQueryUI 1.13.1, and so forth. Updates were made to integrations with services like DHL and USPS. There are hundreds of bug fixes and tweaks in this release.
Among the notable additions that were included, Magento 2.4.5 has a wide range of accessibility updates in the mix, as well as updates that should help merchants make the transition from Google’s Universal Analytics to Google Analytics 4.
For a more comprehensive and detailed list of changes that you’ll find in this new version of Magento, be sure to check out https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-5.html
If you’re using Adobe Commerce, check out this version of the release notes which includes notes about updates related to Adobe Live Search, Adobe Sign, and various other tools that are available to Adobe Commerce users.
New Magento 2.4 and 2.3 Patches
Adobe has also released patch 2.3.7-p4, the last patch for Magento 2.3. This is in addition to patches 2.4.3-p3 and 2.4.4-p1. These all address the security issues highlighted in the aforementioned security bulletin APSB22-38.
If you aren’t ready to upgrade to Magento 2.4.5 just yet, you should be patching your site for security and PCI compliance reasons.
It’s important to note that Magento 2.3.x is now reaching its end of life. It has a few more weeks of official support, but all patches and upgrades are planned for the 2.4.x branches. If you’re still on Magento 2.3.x, you should be working to upgrade to 2.4 at this time.
Magento 2.4.4, Ioncube, and Upgrade Challenges
Need to finish upgrading to Magento 2.4.4? You’re not alone. Many merchants delayed upgrading to this version of Magento because of dependency issues. Luckily, many Magento extensions have caught up with updating their sites to be compatible with Magento 2.4.4. Some were quick to finish up their upgrades after they were temporarily delisted from the Magento Marketplace for being out-of-date. Most are now compatible with Magento 2.4.4 and have been re-listed:
Note: As of August 10th, the Magento Marketplace is back up to 3,097 available extensions. This “spring cleaning” is helping merchants find up-to-date extensions. It’s also helping incentivize extension developers to update their extensions as soon as possible.
In the meantime, not all extensions are ready for PHP 8.1. For instance, extensions that are encrypted with IonCube are likely still in the process of being updated by their authors. This is because IonCube didn’t release a compatibility update for PHP 8.1 until August 5th, 2022. However, now that the new version of IonCube is out, this challenge should be short-lived.
Meet Magento New York 2022
On September 23rd, 2022, the Magento community will have its first big gathering in the United States since 2019. The team here at JetRails is extremely excited to be participating as Gold Sponsors. We hope to see you there! For tickets and information, check out https://meetmagentonyc.com/.
This is just one of many Meet Magento events happening around the world, like Meet Magento Singapore, which will take place on August 25th, 2022. So far this year, there have been Meet Magento events in India, Mexico, the Baltics, Greece, the UK, and Indonesia.
For those that will be attending, we’re hearing that there’s going to be a pre-party the night before and an afterparty when the conference wraps up, adding great networking opportunities to an already awesome event!
Magento 2 PaaS
In July, Amasty launched a Platform as a Service (PaaS) version of Magento 2. With this new service, merchants can get a Magento 2 store within 2 days. These stores come complete with a wide variety of Amasty extensions and the Amasty Jet theme. The Amasty team provides ongoing maintenance, including patching and upgrading the core Magento software and extensions. This provides merchants with the power and flexibility of Magento with a SaaS-like (no-maintenance) service with predictable costs.
The entire platform is hosted by JetRails, which you can learn about in our latest case study: https://jetrails.com/case-study/amasty/.
Still Operating a Magento 1 Store?
On July 21, 2022, Mage-One released 5 new security patches. On August 2nd, 2022, OpenMage released version 19.4.17 which included 136 changes from 38 open source contributors. They also released OpenMage version 20.0.15 with 158 changes from 38 unique contributors.
The moral of the story – if you’re continuing to operate a store on Magento 1, please be sure to update it, and make sure your host is helping with proactive firewall, vulnerability and malware scans, and other security measures to help keep your site PCI compliant, safe, and secure.
If you’re looking at options for migrating from Magento 1 to a new eCommerce platform, whether that’s Magento 2, Amasty PaaS, Shopware, or another solution, be sure to ask your JetRails account manager about resources we can make available to assist you.
Vue Storefront 2 – Magento 2 Integration
On July 20th, 2022, Vue Storefront announced a new integration between Magento 2 and the current iteration of their PWA platform. The new version, Vue Storefront 2, leverages NuxtJS and can use available Nuxt Modules, putting more resources into the hands of web developers.
For those that want a simpler experience, the Hyva theme still stands out. For those that want to build a PWA frontend with a native Magento solution, PWA Studio is certainly worth looking at. In a healthy ecosystem, it’s important to have options, and this new release from the Vue Storefront team is sure to keep them on people’s radar within the Magento community.
PWA Studio 12.6.0
Alongside the other Magento updates that were released on August 9th, 2022, PWA Studio and Venia 12.6 reached general availability as well. Aside from bug fixes, the most notable updates and improvements relate to accessibility. This release aims to make Magento sites easier to navigate for shoppers with visual and other impairments. It’s something that other open-source platforms like Drupal have been focusing on as well, and that we can only hope becomes the industry norm in the near future.
Learn more about recent PWA Studio updates at: https://github.com/magento/pwa-studio/releases
Magento Association Updates
The Magento Association is the non-profit organization that is dedicated to empowering the Magento and Adobe Commerce community by fostering collaboration, education, and thought leadership. They’ve also been rising to the occasion more and more when it comes to communications between the Magento ecosystem and the Adobe team.
The association recently held two elections: a direct election and a slate election. They also just released their financials to the community.
If you haven’t yet signed up as a member, please consider taking a moment to join. There are both free and paid memberships. Either will help you stay “in the know”, and help us all to support each other as a community.
Mage-OS is a group that was born from the Magento Open Source Community Alliance (MOSCA). They have created a new completely independent non-profit organization to support the Magento ecosystem to ensure the long-term success of the Magento Open Source eCommerce platform for the widest possible audience.
So far, they have created a backward-compatible distribution of Magento Open Source packages. Among their goals, they’d like to take steps to simplify and modernize the platform in particular ways. Their intent is to do so while keeping the platform as compatible as possible with existing Magento extensions and integrations.
Perhaps they will make dependencies like Elasticsearch more of an option. Maybe they’ll add new native features, like support for selling and redeeming gift cards. They might replace the native Luma theme with something more modern that doesn’t require you to build a PWA or purchase a 3rd party theme. Time will tell. In the meantime, it’s great to see this group making such fast traction, and helping to guarantee that Magento Open Source will remain a strong and vibrant option for a wider array of eCommerce merchants.
To get involved with Mage-OS, please visit https://mage-os.org/get-involved
ShopRunner for Magento Stores
ShopRunner, now a FedEx company, was founded in 2010 and provides shoppers with benefits that are similar to Amazon Prime. Consumers can use ShopRunner to get free 2-day shipping and free returns from department stores like Bloomingdales and Saks Fifth Avenue. They can get the same benefits from fashion brands like Coach and Allbirds, beauty products makers like Lancome, and food and beverage merchants like Peet’s Coffee.
Adobe and ShopRunner previously announced a partnership that promises to make it easier than ever for eligible eCommerce merchants to participate in the ShopRunner program. Adobe is now ready for beta testers.
From the shopper’s perspective, this service is free for many customers that have an AmericanExpress, MasterCard, or Chase payment card, or a PayPal account. Customers can see delivery date and time estimates based on order cutoff times, adding transparency on top of the 2-day shipping benefits. Some of the millions of shoppers that are already ShopRunner members also take advantage of the ShopRunner website, where they can search for products across the ShopRunner network and find stores carrying the items they’re looking for.
Merchants can now express interest in using this integration via: https://business.adobe.com/au/resources/shoprunner-adobe.html
Adobe has already announced integrations they’ve built with companies like Bolt, PayPal, Walmart Marketplace, and Walmart’s fulfillment software, which are all listed in the Magento Marketplace. It’s part of their strategy of allowing merchants to pick and choose additional integrations, rather than adding them all to Magento by default. This is intended to make Magento easier to manage, while simultaneously adding ways to grow your eCommerce business and thrive with Magento.
It’s a safe bet that we can all expect to see more and more integrations like this from Adobe popping up in the Magento Marketplace for years to come.
Adobe Summit 2023
The last Magento Imagine was in 2019. Then, Imagine was scheduled to be rolled into Adobe Summit 2020. Like most tradeshows, Adobe Summit had to go virtual due to the pandemic. This left the Magento community with a variety of virtual events to attend, but no cohesive in-person event.
While Meet Magento events have resumed around the globe, we’re very excited that Adobe Summit 2023 will be a hybrid event. It’s scheduled for March 21-23, 2023 at the Venetian in Las Vegas. While Meet Magento New York will be the closest thing we’ll get to Magento Imagine this year, we’re hopeful that Adobe will dedicate space and resources for the Magento community to gather, network, learn, and grow at next year’s Adobe Summit.