In this article, we have covered the release notes of the latest Magento open source version Magento 2.3.5. You will come to know about the security enhancements, new upgrades, improvements, and many other highlights.
After the 4 months, the Magento is ready to release its new version in April 2020. The announcement has been made on the Magento official website. In this release, there are more than 180 functional fixes and 25 plus security enhancements. It has resolved over 46 GitHub issues by the members of the community. It includes cleaning up core code to enhancements of inventory management & GraphQL.
Highlights and New Updates of Magento 2.3.5 Open Source Release:
The release has been focused on improving the security, searching, payment methods, improving performance, managing stock or inventory management, and have also fixed several issues. We will discuss each one by one…
1. Substantial Security Enhancements:
In this release, there are 25 security enhancements which will help close RCE (Remote Code Execution) and XSS (Cross-site Scripting) vulnerabilities. However, there are no incidents of attacks from the cyber hackers till now, but still, there are susceptibilities which can be exploited for taking over Admin or customer information. Mostly, in these issues, the attackers need Admin access first. Hence, always protect your admin by two-factor authentication, proper password, IP whitelisting, and the use of a unique location. The other enhancements are:
- Content Security Policy (CSP) Implementation: CSP is used by the web browsers for enhancing the security of a web page. It is an HTTP response header which supports the attacks detection, including data injection and XSS attacks.
- Session id removal from URLs: Session id exposure in URL creates potential security threats in session fixation.
2. Platform Upgrades:
There are several upgrades in the Magento platform in this release.
- Elasticsearch 7.5 support: Now the Elasticsearch 7.5 is supported on both Magento Open Source and Magento Commerce.
- Deprecation of 3rd Party Payment methods core integration: Now the core features of payment gateways such as Authorize.Net, eWay, CyberSource, and Worldpay wouldn’t be supported. They will get removed from the next minor release of Magento 2.4.0. As a seller, you would need to migrate to the official extensions available at Magento marketplace.
- Deprecation of Signifyd fraud protection code core integration: The core feature of Signifyd fraud protection code is no longer in support. The sellers need to migrate Signifyd fraud & Chargeback protection extension available at Magento marketplace.
- Symfony components have been upgraded to the latest version (4.4).
3. Performance Boosts:
The customers, as well as the merchants, will experience a significant boost in the performance and overall user flow.
- Optimizations in Redis performance: In the enhancement, the number of queries which were performed on each Magento requests have been minimized. Due to these optimizations:
- The size of data transfers between Redis & Magento has decreased
- CPU cycles consumption by Redis has been reduced due to improvement in adapter’s ability to automatically determine what needs to be loaded.
- Reduction in race conditions on Redis write operations
4. Infrastructure Improvements:
There are myriads of improvements in the Magento infrastructure in this release. The quality of the framework has been improved along with the modules like catalog, sales, PayPal, Elasticsearch, Import, CMS, and B2B.
- Now the PayPal Pro Payment can work as user flow in the Chrome 80 browser. Previously, it invoked a Magento callback endpoint that needed access to the customer’s session — access that the new default Chrome same-46 site cookie functionality does not permit.
- Integration of PHPStan code analysis into Magento static builds: It analyse the sophisticated static code and finds additional issues which have been not yet detected by PHP CodeSniffer & PHP Mess Detector.
5. Enhancement in Merchant Tools:
There are two major enhancements in the merchant tools; one in the inventory management, and other in GraphQL. Let’s discuss each:
- New bulk API for IsProductSalableForRequestedQtyInterface which is usable for cart verification and checkout process.
- New extension for SourceDataProvider and StockDataProvider
- Can view allocated inventory sources from the Orders list
You can use the queries of products and categoryList for getting information about the same respectively which are added to a staged campaign.
6. PWA Studio
To get information about the enhancements, features and improvements of the PWA Studio, go through the PWA Studio releases precisely.
In this release, there is a new B2B integration module which integrates Engagement cloud and the Magento B2B module. Hence, the vendors can leverage their B2B customer data & can engage with the patrons in a better manner. It includes syncing of company data, catalog data, quote data.
8. Google Shopping ads Channel:
The Google Shopping ads Channel extension is now no more supported in this Magento release.
9. Vendor-developed extension enhancements:
A lot of upgrades have been done to the 3rd party extensions which you can integrate on the Magento open source. These extensions are now compatible, their UX has been scrupulously improved and have new features & enhancements. Some of the examples of these 3rd party extensions are:
Fixed Issues in Magento 2.3.5 release:
In this release, Magento has fixed more than hundreds of existing bugs or issues. Here we have mentioned the primary issues which can make the flow much better and a seamless integration and use of Magento.
1. Installation, Deployment and Upgrade:
- The link accessed from Admin > Stores > Settings > Configuration > General > Advanced Reporting opens in a new tab now.
- A website can be removed with its scope-specific configuration settings in app/etc/config.php as per the flow. Earlier Magento shows an error.
- Configuration settings can’t be edit from the Admin
2. Adobe Stock Integration:
The preview of images has been closed along with the details of images. Keyboards navigations are now able to move to another image. The Search Stock Images button now remains active as expected after you’ve searched for and saved an image from the media gallery.
3. Cart & Checkout:
- An informative error message displays while adding the product by Order by SKU & the file for upload is corrupt.
- Cart price rules based on payment methods apply during checkout
- Can disable zip code validation on the checkout workflow from the Admin
Apart from these, there are many other general fixes and modules which you can check on the Magento official website.
How to Download Magento 2.3.5 open-source? How to Upgrade to Magento 2.3.5?
There are plenty of ways of downloading and installing the Magento 2.3.5. However, before moving to the Magento 2.3.5, you should know that whether you are in an urgent need or not of those updates. Also, you should consult your Magento services provider whether to go for the community version or enterprise version. A good Magento development company like Emizentech provides the best consultation for Magento services.
When Magento 2.3.6 is going to release?
After the release of the much awaited Magento 2.3.5, the developer community would start to wait for its next release Magento 2.3.6.
Last but not the least. The merchants are requested to upgrade the Magento 2 stores to the latest version in order to avail these exciting features, offer a secure online shopping platform and get the competitive edge!