The latest iteration of Adobe’s Magento 2 platform has just been released: v2.4.2. And at the same time, as always, they have released v2.3.6-p1 for the v2.3 release branch.
What’s new in Magento v2.4.2?
Magento Open Source v2.4.2 comes with lots of new features and enhancements to performance and security. We’ve touched on some of these below.
More than 35 major security fixes and improvements
There are more than 35 security enhancements that come with the Magento v2.4.2 release. All of these security fixes have been back ported to both the Magento v2.4.1-p1 and v2.3.6-p1 so that merchants on these release branches can easily apply the security upgrades. We strongly recommend that all of our clients apply these upgrades as soon as possible. This then gives us more time to test the latest release and ensure there are no issues or bugs with it, before we upgrade all clients.
Additional security fixes
As well as the 35 major security enhancements, there are a number of additional security improvements that come with the Magento v2.4.2 release. These include:
- Core cookies now support the SameSite attribute.
- Magento now displays messages that identify potentially malicious content in product and category description fields when the user tries to save values in these fields.
- File system operations across Magento components have been standardised and hardened to prevent malicious uploads.
- Core Content Security Policy (CSP) violations have been fixed.
This release contains enhancements which improve the quality of the Framework and these functional areas:
- Customer Account
- Promotions and Targeting
- Cart and Checkout
This release contains a number of platform enhancements such as:
- Elasticsearch 7.9.x is now supported.
- Magento 2.4.2 has been tested with Varnish 6.4.
- Redis 6.x is now supported.
- Magento 2.4.2 is now compatible with Composer 2.x.
To summarise, all updates and enhancements are pretty minor. There’s not a whole load to shout about. It does however provide stability with the platform as lots of bugs have been ironed out.
We’ve previously advised all clients to stay on the v2.3 release branch due to the number of bugs and issues that came with v2.4 and v2.4.1. However, we now believe that v2.4.1 is now stable enough. Therefore, we will be upgrading all clients straight from v2.3.6 to v2.4.1 as soon as possible, despite Adobe announcing that the ‘end of software’ support date for Magento v2.3 has been extended to April 2022 due to impacts from COVID-19.
Are you ready to upgrade?
Adobe are scheduling to release new version of Magento 2 every quarter. With this in mind, it’s super important that you have an upgrade strategy in place. Magento 2 upgrades don’t have to be things that merchants dread. This is of course dependent on whether or not your store has been developed in the right way. At Foundation Commerce we have upgrade strategies in place with all our clients. We normally advise clients to allow a day to carry out the necessary development work. We hear stories of other agencies taking months to apply upgrades and this is not standard practise.
Submit the form at the bottom of the page to speak with one of our Magento 2 developers. They’ll be more than happy to help you put a Magento 2 upgrade strategy in place. We’ve successfully upgraded multiple Magento 2 merchants and continue to work with them as an extension of their existing team.