Magento Open Source is back with improved security and better performance in its new release Magento Open Source 2.4.1. We can see many security enhancement in this release. It has come with support for the SameSite attribute for cookies as well as CAPTCHA addition for payment and order related API points.
In this release, there are improvements in the core quality of Magento 2.4.0. There are more than 150 fixes in the core code, and 15 plus security improvements. It includes the resolution of 300 popular GitHub by the Magento community members. All known issues of Magento 2.4.0 have been resolved in this release.
Security-only Patch Available
Merchants don’t need to apply hundreds of functional fixes for installing security patches which are time-sensitive. All hot fixes which were applied in the Magento 2.4.0 release are included in this release as well. There were security only patches which provides fixes for vulnerabilities that were identified in the Magento 2.4.0 release. If you need to know more about the Security Patches, please go through this blog post Introducing the New Security-only Patch Release. If you need instructions on how to download and install security patches then please go through this article Install Magento using Composer. Security-only patches include security bug fixes only, not the additional security enhancements that are included in the full patch.
Key Highlights of the Release
- Substantial Security Enhancements
- Infrastructure Improvements
- Performance Improvements
- New Media Gallery
- PWA Studio
- Fixed Issues
We will discuss each of these in more detail.
Substantial Security Enhancements
As we have already mentioned that in this release there are more than 15 security fixes and platform security improvements. The fixes have been backported to Magento 2.4.0-p1 and Magento 2.3.6.
These security enhancements can close RCE (Remote Code Execution) and XSS (Cross-site Scripting) vulnerabilities. We have not observed any major attack on these issues to date. However, some loopholes can be exploited for accessing customer information or take over the administrator sessions. Most of these issues can be done by obtaining access to the Admin panel, hence we have always recommended ensuring the utmost security of the Admin Panel. It includes IP allow listing, two-factor authentication, VPN usage, and good password hygiene.
Additional Security Improvements
The other major security improvements in this release are:
In the following product areas, you can find CAPTCHA protection
- Place Order storefront page and REST and GraphQL endpoints
- Payment-related REST and GraphQL endpoints.
Captcha Protection for the other additional pages comes by default. You can easily enable it on the Admin Panel.
Support for the SameSite attribute for Cookies
For supporting Google Chrome enforcement in the new cookie classification system, the Magento class which used to handle cookies has been updated to support the SameSite cookie attribute.
Also Read: Magento Review with Features and Pricing
Enhanced Magento Scan Tool
Adobe has partnered with Sanguine Security. It is a global leader for preventing digital skimming to integrate its database of over 8700 threat signatures into the Magento Security Scan Tool. This partnership will result in better security status of the e-commerce stores, and real-time insights of the security status.
In this release, there are many improvements in the core quality of Magento Framework in these areas:
- Customer Account
- Import & Export
- Promotions & Targeting
- Cart & Checkout
- Staging & Preview
Merchants can give the options to users to clear all the items from their cart in a single and can configure this ability independently on each website.
The 3 major performance improvements in the Magento 2.4.1 release are:
Reduction in network transfers size between Redis and Magento
Plugin list configuration is now generated during the execution of the bin/magento di:compile command. It is written for generating metadata folders based on scope. Earlier, it was stored in the cache.
Improved message queue customer performance
There are 3 new configuration settings introduced which will decrease the customer queue CPU consumption by 20%. These parameters can give better control over customers to save server resources.
Improved execution time for bin/Magento commands
New Media Gallery
The option of the New Media Gallery now comes by default in the Magento Admin Panel. As a merchant, you can perform these actions on an image in the New Media Gallery:
- Deleting images in bulk
- Optimize the storage by duplicate image deletion & images that are no longer in use
- Filter images by the storefront area, including product & category content and CMS blocks
- Work with the metadata of the image:
- View metadata from the images of the Product Gallery
- Edit the metadata of images such as title, keywords, description, etc.
- Search for the images by metadata
The GraphQL coverage in this release are:
Reviews for products
Customers, as well as guests, can write reviews for products. They can also retrieve product review histories.
All customers & guests can also add a gift message for their orders. They can also add gift wrapping, gift receipts, or printed cards in their order.
In the Magento Commerce installation, the customers can add or remove reward points to their carts. They can also check the reward points in history.
The customer can check all the details related to their order history, including invoicing, shipping & refunds.
Add to Cart
The customers can below product types in the cart:
- Gift Card
The customer can save their payment details including Braintree credit card and Braintree with Paypal
In the PWA Studio v8.0.0, you can find many new features and enhancements:
- Venia Style guide updates that are applied to design token, typography, colors, core components, and page layouts.
- Improvements in the Venia mini-cart experience
- Initial support for localized content and locales on the Venia storefront
- Improvements in the MyAccount experience of the Venia storefront
Hundreds of issues have been fixed in the core code of Magento with Magento 2.4.1 release. The fixes have been done in these fields:
- Installation, Upgrade, Deployment
- Adobe Stock
- Bundle Products
- Cart and Checkout
- CMS content
- Configurable Products
With every new release of Magento, our Magento developers start delving more about it to make the most out of it. We, at Emizentech, the best Magento development company in India, we are having expertise in upgrading your Magento store to the latest Magento version or developing an ecommerce store from scratch. Let us know your requirements.