Hundreds of issues have been fixed in the Magento Open Source 2.4.5 core code. It also introduces improvements to platform quality, payment methods, GraphQL caching performance, and accessibility, as well as updates to integrated Google modules. This release from August 9, 2022 includes over 290 quality fixes and enhancements.
Releases may contain backward-incompatible changes (BIC)
Magento Open Source 2.4.5 contains backward-incompatible changes. To review these backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)
Security Enhancements
This release includes 20 security fix and platform security improvements. This security fix has been backported to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts:
- IP allowlisting
- two-factor authentication
- use of a VPN
- use of a unique location rather than
/admin
- good password hygiene
See Adobe Security Bulletin for the latest discussion of these fixed issues.
Additional Security Enhancements
Security improvements for this release improve compliance with the latest security best practices, including:
- reCAPTCHA support has been added to the Wish List Sharing, Create New Customer Account, and Gift Card forms.
- ACL resources have been added to Inventory.
- Inventory template security has been enhanced.
- The
MaliciousCode
filter has been upgraded to use theHtmlPurifier
library.
Platform Enhancements
Magento Open Source 2.4.5 now supports
- Composer 2.2
- TinyMCE (5.10.2). Earlier versions of TinyMCE (v5.9.2 or earlier) allowed arbitrary JavaScript execution when a specially crafted URL or an image with a specially crafted URL was updated.
- jQueryUI (1.13.1)
PHPStan
(^1.5.7 with constraint)
The DHL Integration schema has been updated from v6.0 to v6.2. This upgrade will not result in a change in product behavior.
Outdated JavaScript libraries have been updated to their latest versions, and outdated dependencies have been removed. These changes are backward compatible.
Accessibility Updates
The focus of this release has been on creating a storefront experience on Venia (PWA) that is more perceivable, operable, understandable, and robust. These enhancements include:
- Search results summary information is now announced to screen reader users
- Screen readers are now informed when a new page view loads
- Contrast and keyboard accessibility have been improved
Google Analytics
Google has updated the tracking and integration mechanisms of AdWords and Analytics in web applications through integration with GTag. This integration of Google functionality into website pages extends opportunities to track and manage content through Google Services. Adobe Commerce has a set of built-in modules including Google AdWords, Analytics, Optimizer, and TagManager that leverage the former API for integration with Google services. In this release, we have re-implemented this integration using the GTag approach.
GraphQL
GraphQL performance enhancements include:
- Developers and administrators experience faster rebuilding of the unified storefront GraphQL schema on deployment or when changing attributes in production. Shoppers also experience significantly faster page load speeds when the GraphQL schema must be rebuilt for any reason.
- Added capability to consume the expiration date/time of the authorization token through the use of JSON Web Tokens (JWT) in the GraphQL API.
- The
bin/magento config:set graphql/session/disable 1
command allows merchants to completely disable the creation of session cookies for all GraphQL operations. By default, Magento Open Source creates these cookies and relies on them for authorization, which affects performance. Going forward, we recommend using tokens as the only form of authorization for GraphQL requests. We do not recommend using session cookies alone or in conjunction with authorization tokens. See GraphQL Authorization. - Session cookies are now launched in GraphQL operations using class proxies only when needed.
- Session usage has been removed from
http
header processors in GraphQL such as store, customer, or currency.
See the GraphQL Developer Guide for details on these enhancements.
Inventory
Inventory template security has been enhanced.
Page Builder
Page Builder v.1.7.2 is compatible with Magento Open Source 2.4.5.
Page Builder column layout includes these enhancements:
- Columns are now exposed, permitting users to control column settings on the storefront.
- Column resizing now supports wrapping triggered by user actions.
Payments
Apple Pay is now available to all merchants running deployments with Payment Services enabled. This payment method does not require shoppers to enter their credit or debit card details. Apple Pay is available on the product details page, mini cart, shopping cart, and checkout workflow. Merchants can toggle on this feature.
PayPal
- Merchants in Spain and Italy can now offer PayPal Pay Later to shoppers.
- Previews of the PayPal, Credit and Pay Later buttons are now available in the Admin for the checkout, minicart, cart, and product pages. Previews reveal how these buttons will look when they are enabled and rendered on the storefront.
Braintree
- Braintree has discontinued the KOUNT fraud protection integration. It has been removed from the Magento Open Source codebase.
- The Always request 3DS option has been added to the Admin.
PWA Studio
PWA Studio v.12.5.x is compatible with Magento Open Source 2.4.5.
New features for this release include:
- Shopper behavior data is collected on PWA Studio storefront for web analytics services. Merchants can now subscribe and extend these events as needed.
- Merchants can now select a service to deploy from the Admin (Google Tag Manager).
For information about enhancements and bug fixes, see PWA Studio releases. See Version compatibility for a list of PWA Studio versions and their compatible Magento Open Source core versions.
Credits
- For a detailed list of fixed issues, please visit the Magento Open Source DevDocs.
- Picture courtesy of Noah Buscher
Schreibe einen Kommentar