Security Enhancements

This release includes over 35 fixes to help close RCE (remote code execution) and XSS (cross-site scripting) vulnerabilities, with Magento reminding customers to take necessary steps to protect the Admin including IP whitelisting, two-factor authentication, use of VPN, good password hygiene and use of unique location rather than /admin.

‍

Additional Security Enhancements:

  • All core cookies now support SameSite attribute
  • CSP (core content security policy) violations have been fixed
  • Prevention of malicious content in both product and category fields by displaying messages to highlight risks
  • Prevention of malicious uploads by standardizing and hardening file system operations across Magento components.

‍

Infrastructure Improvements

This release also contains enhancements to core quality which will improve the quality of the Framework and the following functional areas:

  • Customer Account
  • Catalog
  • CMS
  • OMS
  • Import/Export
  • Promotions and Targeting
  • Cart and Checkout
  • B2B
  • Staging and Preview

‍

Platform Enhancements

Similar to other releases, the Magento Commerce 2.4.2 release also includes a number of key platform enhancements including:

  • Magento 2.4.2 has been tested and remains compatible with Varnish 6.4.
  • Elasticsearch 7.9.x. is now supported
  • Redis 6.x is now supported
  • Magento 2.4.2 is now compatible with Composer 2.x. (Magento recommend that merchants migrate to Composer 2.x. as whilst Composer 1.x is still supported it will soon reach end-of-life)

‍

Performance Enhancements

This release also includes significant code enhancements that merchants will see great benefits from:

  • Boosted API performance
  • Improved admin response time for deployments with large catalogs
  • Natively supports complex catalogs up to 20x larger than in previous Magento releases

‍

Improved GraphQL

The latest release adds GraphQL coverage for the following features:

  • Added support for multiple wishlists. You can use GraphQL to create, delete, and rename wishlists as well as move or copy items between them.
  • Added support for returned merchandise authorizations (RMA). Shoppers can request a return. If the merchant accepts the request, the shopper can perform tasks such as adding a comment and adding tracking information.
  • Added support for the following B2B features:

– Companies. You can add company administrators, users, roles, and teams.

– Company credit. The company query includes details about the company’s credit history. The ConfigurableOptionsSelectionMetadata and ConfigurableOptionAvailableForSelection data types have been added to the schema to provide this functionality.

– Requisition lists. You can create, delete, and update requisition lists. Support also includes the ability to add, update, delete, copy, and move items within a requisition list as well as add requisition list items into the cart.

‍