Magento 2.4.2 Update

·

·

Magento 2.4.2 enhances performance, security and fixes a lot of bugs. The security enhancements include the integration of SameSite attributes for all cookies as well as updated plugins.

Highlights

  • Magento 2.4.2 contains over 280 fixes and 35 security enhancments that help to close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.
  • Additional security enhancements:
    • All core cookies now support the SameSite attribute.
    • Magento now displays messages that identify potentially malicious content in product and category description fields when the user tries to save values in these fields.
    • File system operations across Magento components have been standardized and hardened to prevent malicious uploads.
    • Core Content Security Policy (CSP) violations have been fixed.
  • Elasticsearch 7.9.x is now supported.
  • Magento 2.4.2 has been tested with Varnish 6.4.
  • Redis 6.x is now supported.
  • Magento 2.4.2 is now compatible with Composer 2.x.
  • Adobe Stock Integration v2.1.1.
  • GraphQL updates.
  • New features for PWA Studio.
  • Extension updates.
  • Code enhancements that boost API performance and Admin response time for deployments with large catalogs.
  • New Role Resources for Media Gallery.
  • Web-optimized images in content.
  • AWS S3 support enhancements.
  • A lot of fixes.

All new features and fixes can be found on devdocs.magento.com. The security update is also available as patch without all the other updates.

Remember to create a backup before installing updates.