Magento has introduced its another major release of Magento Commerce Cloud with version 2.4.1. In this release, we can see improvements in performance, and there are many enhancements in security especially for the B2B feature set. In the security enhancements, there is now support for the SameSite attribute for cookies, and CAPTCHA protection has been introduced for payment-related and order related API endpoints and the Place Order storefront page. The improvements of B2B are focused on approving the order process, shipping methods, logging of Admin actions, and better security.
In this release, we will observe there are several major improvements to the core quality of Magento 2.4.0. More than 150 fixes have been done to the core code, with more than 15 security enhancements. It also includes resolving of nearly 300 GitHub issues uploaded by the Magento community trusted members. These community contributions range from minor clean-up of core code to significant enhancements in GraphQL. All known issues of Magento 2.4.0 have been resolved in this release. In this article, we will discuss all the major fixes and updates of Magento 2.4.1.
Security-only patch available
Now, the merchants don’t need to apply hundreds of functional fixes and enhancements that a full quarterly release provides for installing the time-sensitive security fixes. All the vulnerabilities which were identified in the previous release i.e. Magento 2.4.0 have been fixed by this Patch 126.96.36.199. All hotfixes which were applied in the Magento 2.4.0 release are included in this release as well.
Wish to know more about the security-only patches, then you must go through the official blog post of Magento Introducing the New Security-only Patch Release. If you need instructions on how to download and install security patches then please go through this article Install Magento using Composer. In the security-only patches, there are only security bug fixes. It doesn’t include the other security enhancements which are included in this release.
Key Highlights of This Release
- Substantial Security Enhancements
- Infrastructure Improvements
- Performance Improvements
- New Media Gallery
- PWA Studio
- Fixed Issues
We will each one in more detail.
1. Substantial Security Enhancements
As we have already mentioned that in this release there are more than 15 security fixes and platform security improvements. The fixes have been backported to Magento 2.4.0-p1 and Magento 2.3.6. These security enhancements can close RCE (Remote Code Execution) and XSS (Cross-site Scripting) vulnerabilities. We have not observed any major attacks on these issues to date. However, there may be some loopholes in the security of your Admin panel which can be easily exploited by the hackers for accessing customer information or taking over the admin sessions. A hacker requires access to the admin panel for all these vulnerabilities hence we always recommend you to make sure there is the utmost security of your Admin Panel. You must put efforts in the IP allow listing, two-factor authentication, VPN usage, use of a unique location rather than /admin, and good password hygiene.
Also Read: An extensive review of Magento for ecommerce
Additional Security Improvements
The three major fixed issues in this release are:
In the following product areas, you can find CAPTCHA protection
- Place Order storefront page and REST and GraphQL endpoints
- Payment-related REST and GraphQL endpoints.
Captcha Protection for the other additional pages comes by default. You can easily enable it on the Admin Panel.
Support for the SameSite attribute for Cookies
For supporting Google Chrome enforcement in the new cookie classification system, the Magento class which used to handle cookies has been updated to support the SameSite cookie attribute.
Enhanced Magento Scan Tool
Adobe has partnered with Sanguine Security. It is a global leader for preventing digital skimming to integrate their database of over 8700 threat signatures into the Magento Security Scan Tool. This partnership will result in better security status of the e-commerce stores, and real-time insights of the security status. The Security scan tool is available for free from the dashboard of your Commerce account
2. Improvements in the Infrastructure
In this release, there are many improvements in the core quality of the Magento, which results in the better quality of the Framework and functional areas like:
- Customer Account
- Import & Export
- Promotions & Targeting
- Cart & Checkout
- Staging & Preview
Merchants can give the options to users to clear all the items from their cart in a single and can configure this ability independently on each website.
3. Improvements in the Performance
In the Magento Commerce 2.4.1, you will find 3 major releases which are mentioned here:
Network transfers size reduction between Redis and Magento
Plugin list configuration is now generated during the execution of the bin/magento di:compile command. It is written for generating metadata folders based on scope. Earlier, it was stored in the cache.
Improved message queue customer performance
There are 3 new configuration settings introduced which will decrease the customer queue CPU consumption by 20%. These parameters can give better control over customers to save server resources.
Improved execution time for bin/Magento commands.
4. Adobe Stock Integration
This release includes Adobe Stock Integration v2.1.0.
5. New Media Gallery
The default option of the New Media Gallery has been enabled default in the Admin Panel of the Magento. There are certain actions which the merchants can perform on images in the New Media Gallery such as:
- Deleting images in bulk
- Optimize the storage by duplicate image deletion & images that are no longer in use
- Filter images by the storefront area, including product & category content and CMS blocks
- Work with the metadata of the image:
- View metadata from the images of the Product Gallery
- Edit the metadata of images such as title, keywords, description, etc.
- Search for the images by metadata
5. Page Builder
There is now support for the full-screen mode in the Page Builder. This will support easier editing of content and a consistent content editing experience on the Admin Panel.
The GraphQL coverage in this release are:
Reviews for products
Customers, as well as guest, can write reviews for products. They can also retrieve product review histories.
All customers & guests can also add a gift message for their orders. They can also add gift wrapping, gift receipts, or printed cards in their order.
In the Magento Commerce installation, the customers can add or remove reward points to their carts. They can also check the reward points in history.
The customer can check all the details related to their order history, including invoicing, shipping & refunds.
Add to Cart
The customers can below product types in the cart:
- Gift Card
The customer can save their payment details including Braintree credit card and Braintree with Paypal
7. PWA Studio
In the PWA Studio v8.0.0, you can find many new features and enhancements:
- Venia Style guide updates that are applied to design token, typography, colors, core components, and page layouts.
- Improvements in the Venia mini-cart experience
- Initial support for localized content and locales on the Venia storefront
- Improvements in the MyAccount experience of the Venia storefront
In the Magento 2.4.1. you will be welcoming the B2B v1.3.0. In this release, there are improvements in approving methods, shipping methods, shopping cart, and Admin actions logging.
Approving the orders in B2B results in improving usability and allows for bulk actions on order purchasing. Improvements related to approving orders and rejection includes the following:
- cNew View Rule Page for users without editing privileges: The buyers can now check the rules which are applied to their company on the new View Rule page but they don’t have permissions to edit them.
- Count alert icon on the Requires My Approval tab: In the My Purchase Orders there is a Requires My Approval Tab on which there is a counter which indicates the number of pending approval actions.
- Bulk order approvals and rejections: The company admin or B2B manager can perform bulk rejection or approval of the orders. The changes allow approvers either to reject or approve the orders in a single action.
- E-commerce store owners can also search Applies to and Requires approval from fields of the My Purchase Orders view and can select multiple user roles.
B2B Shipping Methods Improvements
The merchant can also control the shipping methods which are provided to each company. They are having a choice for the following configurations:
- Set of shipping methods for B2B Company accounts
- Use of either all or specific shipping methods for each company
- A specific list of shipping methods for each company
Improvements in the Shopping Cart
- Merchants can allow users to clear their shopping cart content in a single action and can configure this ability independently on each site
- The B2B buyers can either add individual items or all shopping carts contents directly to a requisition list.
New Admin Features
- The B2B merchants can also create orders from the Admin on behalf of their customers.
- They can also view quotes associated with a user from the customer’s detail page.
- They can filter the Customers Now Online grid by company
Better Security of Storefront
For eliminating spam or fraudulent accounts, the store owners can now enable Google reCAPTCHA on the New Company Request form on the storefront.
Expanded Logging of Admin Actions
The admin actions will now be logged in the Admin Actions log. These actions will be logged through all relevant company modules: Company, NegotiableQuote, CompanyCredit, SharedCatalog.
9. Fixed Issues
In the Magento 2.4.1, there are hundreds of fixes of issues in the core code of Magento. You can find the fixes in these fields:
- Installation, Upgrade, Deployment
- Adobe Stock
- Bundle Products
- Cart and Checkout
- CMS content
- Configurable Products
With every new release of Magento, our Magento developers start delving more about it to make the most out of it. We, at Emizentech, the best Magento development company in India, we are having expertise in upgrading your Magento store to the latest Magento version or developing an ecommerce store from scratch. Let us know your requirements.