On January 28th, Magento released versions 2.3.4, 2.2.11, and 2.3.3-p1 for Magento Open Source and Magento Commerce. They also release Magento Open Source version 18.104.22.168, Magento Commerce version 22.214.171.124, SUPEE-11295, and PWA Studio version 5.0.0.
Whether you choose to patch-only in order to incorporate fixes for security vulnerabilities, or if you’re prepared to upgrade your site to the latest version of Magento, it’s important to pick a path and keep your site secure.
What’s so important about these updates?
Generally speaking, the most important items are security improvements that address vulnerabilities like cross-site scripting, deserialization of untrusted data, path traversal, security bypassing, and SQL injections. These technical terms refer to opportunities for bad actors to access sensitive information, or execute code to do things that they shouldn’t have access to do, potentially to the detriment of your business and/or your customers.
Each is different, so we’ve put together some highlights for you:
SUPEE-11295 & Magento 2.3.3-p1
These are security-only patches. SUPEE-11295 is for Magento 1.x sites, and Magento 2.3.3-p1 (aka Patch 126.96.36.199) is a patch for Magento 2.3.3 site owners that want to address security vulnerabilities without upgrading to Magento 2.3.4.
Magento Commerce 1.14.4 & Magento Open Source 188.8.131.52
In addition to the security fixes that you’ll get with the SUPEE-11295 patch, upgrading to the latest version of Magento 1.x will also fix an error that happened when trying to run the compiler from Admin –> System –> Tools –> Compiler. There had been a <Disable> button that did not work as intended, that upgrading fixes.
Magento Open Source 2.2.11 & Magento Commerce 2.2.11
This is the final release for the Magento 2.2.x branch of Magento 2. No further upgrades will be released according to Magento. Users should plan to upgrade to Magento 2.3.x in order to receive future updates.
In the meantime, this upgrade includes 24 functional fixes in addition to 30 security fixes for Magento Open Source. For Magento Commerce users, there are 29 functional fixes and enhancements and 23 security enhancements, so if you’re still on Magento 2.2.x, there are lots of reasons to upgrade.
Magento Open Source 2.3.4 & Magento Commerce 2.3.4
This is a bigger release, with over 200 functional fixes and enhancements and over 30 security enhancements, this release has a lot going on. It also introduces new integrations, such as with Adobe Stock image galleries and Live Chat from dotdigital.
Magento also deprecated some payment gateways from the Magento core platform, such as Authorize.net. Users that are upgrading may need to use an extension from the Magento Marketplace to continue to have access to their payment gateway of choice.
Magento PWA Studio 5.0.0
Magento PWA Studio 5.0.0 includes a wealth of bug fixes, new features, updates, documentation, and refactoring. Looking at GitHub, there are 1,199 file changes and 214 commits when compared to Magento PWA Studio 4.0.0.
It is built to work with Magento 2.3.3+ as it’s reliant on GraphQL functionalities that aren’t available in earlier versions of Magento, so if you want to use it with an earlier version of Magento 2.3.x, some functionality may require additional development on your part.