Magento 2.4.5, 2.4.4-p1, 2.4.3-p3, 2.3.7-p4 Releases

·

·

Hundreds of issues have been fixed in the Magento Open Source 2.4.5 core code. It also introduces improvements to platform quality, payment methods, GraphQL caching performance, and accessibility, as well as updates to integrated Google modules. This release from August 9, 2022 includes over 290 quality fixes and enhancements.

Releases may contain backward-incompatible changes (BIC)

Magento Open Source 2.4.5 contains backward-incompatible changes. To review these backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)

Security Enhancements

This release includes 20 security fix and platform security improvements. This security fix has been backported to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4.

No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:

  • IP allowlisting
  • two-factor authentication
  • use of a VPN
  • use of a unique location rather than /admin
  • good password hygiene

See Adobe Security Bulletin for the latest discussion of these fixed issues.

Additional Security Enhancements

Security improvements for this release improve compliance with the latest security best practices, including:

  • reCAPTCHA support has been added to the Wish List Sharing, Create New Customer Account, and Gift Card forms.
  • ACL resources have been added to Inventory.
  • Inventory template security has been enhanced.
  • The MaliciousCode filter has been upgraded to use the HtmlPurifier library.

Platform Enhancements

Magento Open Source 2.4.5 now supports

  • Composer 2.2
  • TinyMCE (5.10.2). Earlier versions of TinyMCE (v5.9.2 or earlier) allowed arbitrary JavaScript execution when a specially crafted URL or an image with a specially crafted URL was updated.
  • jQueryUI (1.13.1)
  • PHPStan (^1.5.7 with constraint)

The DHL Integration schema has been updated from v6.0 to v6.2. This upgrade will not result in a change in product behavior.

Outdated JavaScript libraries have been updated to their latest versions, and outdated dependencies have been removed. These changes are backward compatible.

Accessibility Updates

The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:

  • Search results summary information is now announced to screen reader users
  • Screen readers are now informed when a new page view loads
  • Contrast and keyboard accessibility have been improved

Google Analytics

Google has updated the tracking and integration mechanisms of AdWords and Analytics in web applications through integration with GTag. This integration of Google functionality into website pages extends opportunities to track and manage content through Google Services. Adobe Commerce has a set of built-in modules including Google AdWords, Analytics, Optimizer, and TagManager that leverage the former API for integration with Google services.  In this release, we have re-implemented this integration using the GTag approach.​

GraphQL

GraphQL performance enhancements include:

  • Developers and administrators experience faster rebuilding of the unified storefront GraphQL schema on deployment or when changing attributes in production. Shoppers also experience significantly faster page load speeds when the GraphQL schema must be rebuilt for any reason.
  • Added capability to consume the expiration date/time of the authorization token through the use of JSON Web Tokens (JWT) in the GraphQL API.
  • The bin/magento config:set graphql/session/disable 1 command allows merchants to completely disable the creation of session cookies for all GraphQL operations. By default, Magento Open Source creates these cookies and relies on them for authorization, which affects performance. Going forward, we recommend using tokens as the only form of authorization for GraphQL requests. We do not recommend using session cookies alone or in conjunction with authorization tokens. See GraphQL Authorization.
  • Session cookies are now launched in GraphQL operations using class proxies only when needed.
  • Session usage has been removed from http header processors in GraphQL such as store, customer, or currency.

See the GraphQL Developer Guide for details on these enhancements.

Inventory

Inventory template security has been enhanced.

Page Builder

Page Builder v.1.7.2 is compatible with Magento Open Source 2.4.5.

Page Builder column layout includes these enhancements:

  • Columns are now exposed, permitting users to control column settings on the storefront.
  • Column resizing now supports wrapping triggered by user actions.

Payments

Apple Pay is now available to all merchants running deployments with Payment Services enabled. This payment method does not require shoppers to enter their credit or debit card details. Apple Pay is available on the product details page, mini cart, shopping cart, and checkout workflow. Merchants can toggle on this feature.

PayPal

  • Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers.
  • Previews of the PayPal, Credit and Pay Later buttons are now available in the Admin for the checkout, minicart, cart, and product pages. Previews reveal how these buttons will look when they are enabled and rendered on the storefront.

Braintree

  • Braintree has discontinued the KOUNT fraud protection integration. It has been removed from the Magento Open Source codebase.
  • The Always request 3DS option has been added to the Admin.

PWA Studio

PWA Studio v.12.5.x is compatible with Magento Open Source 2.4.5.

New features for this release include:

  • Shopper behavior data is collected on PWA Studio storefront for web analytics services. Merchants can now subscribe and extend these events as needed.
  • Merchants can now select a service to deploy from the Admin (Google Tag Manager).

For information about enhancements and bug fixes, see PWA Studio releases. See Version compatibility for a list of PWA Studio versions and their compatible Magento Open Source core versions.

Credits


Kategorien

Beliebte Tags

AI blockchain ecommerce ethics events Magento marketing Metaverse NFTs privacy security SEO shopify socialmedia update WooCommerce WordPress


Der englischsprachige Podcast von Openstream. Discover how memes, AI, and digital culture shape our world, challenge norms, and redefine what it means to be human.

spotify-podcast-badge
Listen on Apple Podcast