Yesterday marked the release of Magento Commerce 2.4.2, the latest release of Magento 2 that is now available for all Magento Commerce customers. The new release includes several enhancements, quality improvements and upgrades to allow Magento customers to offer an improved shopping experience for their customers.
This release includes over 35 fixes to help close RCE (remote code execution) and XSS (cross-site scripting) vulnerabilities, with Magento reminding customers to take necessary steps to protect the Admin including IP whitelisting, two-factor authentication, use of VPN, good password hygiene and use of unique location rather than /admin.
Additional Security Enhancements:
- All core cookies now support SameSite attribute
- CSP (core content security policy) violations have been fixed
- Prevention of malicious content in both product and category fields by displaying messages to highlight risks
- Prevention of malicious uploads by standardizing and hardening file system operations across Magento components.
This release also contains enhancements to core quality which will improve the quality of the Framework and the following functional areas:
- Customer Account
- Promotions and Targeting
- Cart and Checkout
- Staging and Preview
Similar to other releases, the Magento Commerce 2.4.2 release also includes a number of key platform enhancements including:
- Magento 2.4.2 has been tested and remains compatible with Varnish 6.4.
- Elasticsearch 7.9.x. is now supported
- Redis 6.x is now supported
- Magento 2.4.2 is now compatible with Composer 2.x. (Magento recommend that merchants migrate to Composer 2.x. as whilst Composer 1.x is still supported it will soon reach end-of-life)
This release also includes significant code enhancements that merchants will see great benefits from:
- Boosted API performance
- Improved admin response time for deployments with large catalogs
- Natively supports complex catalogs up to 20x larger than in previous Magento releases
The latest release adds GraphQL coverage for the following features:
- Added support for multiple wishlists. You can use GraphQL to create, delete, and rename wishlists as well as move or copy items between them.
- Added support for returned merchandise authorizations (RMA). Shoppers can request a return. If the merchant accepts the request, the shopper can perform tasks such as adding a comment and adding tracking information.
- Added support for the following B2B features:
– Companies. You can add company administrators, users, roles, and teams.
– Company credit. The company query includes details about the company’s credit history. The ConfigurableOptionsSelectionMetadata and ConfigurableOptionAvailableForSelection data types have been added to the schema to provide this functionality.
– Requisition lists. You can create, delete, and update requisition lists. Support also includes the ability to add, update, delete, copy, and move items within a requisition list as well as add requisition list items into the cart.
New B2B Feature
The Magento 2.4.2 release includes support for online payments for purchase orders. Purchase orders can now be completed using online payment methods and B2B buyers are prompted to select their preferred payment method for each purchased order during the initial checkout.
After the purchase order has been approved, buyers are prompted to enter payment details to convert the purchase order to a final order.
In order to support online payments, this feature also:
- Maintains compatibility with third-party, custom, and community-developed payment methods.
- Overrides existing payment method templates during initial checkout to maintain PCI compliance.
- Allows buyers to change the payment method during the final payment step to maintain flexibility and increase conversion.
- Introduces an Approved – Pending Payment state for purchase orders to clearly show when action is required.
PWA Studio Enhancements
- Internationalization and localization. Venia now provides support for multiple languages and currencies.
- Initial components for My Account related features such as Wishlist, Saved Payments, Address Book, and Order History.
- Improved extensibility framework to support code changes through extensions.
As you can see from our highlights above, there are many key updates and enhancements that come with Magento 2.4.2 and you can find more information regarding this release in Magento’s full release notes:
Now is the time to upgrade your store to Magento 2.4.2 to ensure you’re getting the most out of the latest updates and remain secure.
Get in touch with us today to discuss upgrading to Magento 2.4.2 with our certified Magento developers and start seeing the benefits from this latest release.