Magento Open Source 2.4.5 Released: All You Need To Know

The waiting season is officially over for all merchants, developers, and businesses; Adobe has unveiled Magento Open Source 2.4.5. Adobe never resisted change and transformation. The latest version promises to be reliable and capable and will provide a safe harbor for merchants while they upgrade their operations. 

This major platform update brings Adobe back in full swing with 290 bug fixes and new, cutting-edge features. The latest iteration of Magento, 2.4.5, debuts with enhanced platform quality, GraphQL caching performance, payment methods, and accessibility. Also, the integrated Google modules have been modified. 

Let’s unwrap the institution of Magento Open Source 2.4.5. 

Pinnacles of Magento Open Source 2.4.5 

Security Enhancements 

Magento team encouraged merchants to take all necessary precautions to secure the Admin in light of the 20 security fixes and platform security upgrades. Adobe backported this fix to Magento Open Source 2.4.4-p1 and Magento Open Source 2.3.7-p4. The firm confirms with conviction and reliance that no confirmed attacks have occurred, honing in this issue. In contradiction to the bold confirmation made above, some susceptibility and vulnerabilities can hamper the soundness and reliability of customer information. In addition to this, this peculiar issue can also potentially exploit or take over administrator sessions. To affect the reliability of the data, the attacker needs to pave their way to the Admin access. As a precaution, the firm emphasizes the idea of protecting one’s Admin by taking necessary steps. 

 These precautions include but are not limited to the following: 

• IP allows listing
• Two-factor authentication
• Use of a VPN
• Use of a unique location rather than /Admin
• Good password hygiene

Additional Security Enhancements 

Security improvements for this latest release are majorly focused on improvising compliance with the following security best practices listed below: 

• Magento upgraded MaliciousCode filter to use the HtmlPurifier library. 
• Inventory now has the addition of ACL resources. 
• Enhanced inventory template security 
• reCAPTCHA support has been added to the Gift Card forms, Wish List Sharing and Create New Customer Account.  

Platform enhancements

The Magento team has focused on enhancing the platform in this latest edition. The following are some of the new features that have been included: 

• The platform now supports TinyMCE 5.10.2, jQueryUI 1.13.1, Composer 2.2, PHPStan 1.5.7.
• DHL Integration Schema updated to v6.2 from v6.0. This particular update will surely not result in any alteration in product behaviour. 
• JS libraries updated to the latest version. 
• No outdated dependencies 

All changes done in this particular domain are backward compatible. 

Composer Dependency Updates 

The following Composer Dependencies have been updated with constraint to their most recent recent version: 

• colinmollenhour/credis (1.13.0)? 
• guzzlehttp/guzzle (^7.4.2)
• laminas/laminas-captcha (updated with a constraint ^2.12) 
• laminas/laminas-db (^2.15.0)
• laminas/laminas-di (^3.7.0)
• laminas/laminas-escaper (~2.10.0)
• laminas/laminas-eventmanager (^3.5.0)
• laminas/laminas-feed (^2.17.0)
• laminas/laminas-mail (^2.16.0)
• laminas/laminas-mvc (^3.3.3)
• laminas/laminas-server (^2.11.1)
• laminas/laminas-servicemanager (^3.11.0)
• laminas/laminas-validator (^2.17.0)
• league/fly (2.4.3) 
• monolog/monolog (^2.5)
• phpmd/phpmd (^2.12.0)
• phpstan/phpstan (^1.5.7)
• phpunit/phpunit (~9.5.20)
• php-cs-fixer (^3.4.0) 
• webonyx/graphql-php (14.11.6)

In addition to the above updates, the following dependencies have been removed: 

• laminas/laminas-session 
• laminas/laminas-text
• laminas/laminas-view

Other upgrades and replacements 

• DHL Integration schema upgraded from v6.0 to v6.2. 
• The jarallax.js and jaralax-video.js libraries can now use the latest version of Vimeo REST API. 
• The library jquery/jquery-cookie has been upgraded with js-cookie/js-cookie. 
• Default Gateway URL for USPS shipping has now changed to use https in place of http.
• Updated grunt-eslint(NPS)library 
• jQuery Storage replaced with julien-maurel/js-storage. 
• moment-timezone-with-data.js (0.5.34) 
• glob.js dependency (upgraded with constraint to ~7.2.0) 
• underscore.js dependency (NPM) (1.14.2) 
• serve-static.js dependency (upgraded with constraint ~1.14.2) 
• The phpcs static code and php-cs-fixer analysis tools are now correspondent with PHP 8.X. 

GraphQL Performance Improvements

The new developments in GraphQL performance include :

• Rebuilding a single storefront faster GraphQL schema when deployment and when changing different attributes in production. In addition to this, shoppers also get access to faster page load speeds in case the GraphQL schema needs to be rebuilt for any particular reason. 
• GraphQL API can use the expiration date/time of an authorization token. 
• In GraphQL, HTTP header processors no longer let you use sessions.
• Now, all GraphQL operations can be done without the session cookies.

Accessibility updates

The enhancement of the storefront experience on Venia (PWA) to make it more perceivable, operational, comprehensible, and resilient has been the primary focus during the development of this edition. These improvements consist of the following points: 

• Screen reader users will now hear announcements of information regarding search results summaries.
• Readers of text on screens are now notified whenever a new page view loads.
• Accessibility enhancements have been made to the contrast and keyboard. 

Google Analytics 

• With the integration of GTag, Google updated the integration mechanism and the tracking of Analytics and web applications. 
• This recent upgrade extends the ability to manage content and track content through Google Services. 

GraphQL 

GraphQL performance enhancements include the following points: 

• Developers and administrators will notice that the unified storefront GraphQL schema is rebuilt faster when it is deployed or when attributes are changed in production. When the GraphQL schema needs to be rebuilt for any reason, shoppers also notice that pages load much faster.
• JSON Web Tokens (JWT) in the GraphQL API is now possible to get the authorization token’s expiration date and time.
• With the bin/Magento config:set graphql/session/disable 1 command, merchants can stop all GraphQL operations from making session cookies. By default, Magento Open Source makes these cookies and relies on them for authorization, which slows down performance. From now on, we recommend that GraphQL requests only use tokens to prove who they belong to. We don’t think you should use session cookies alone or with authorization tokens.
• GraphQL operations now only use class proxies when they need to use session cookies.
• In GraphQL, sessions are no longer used in http header processors like currency, store, and customer. 

Inventory 

The firm has enhanced Inventory template security.  

Payments

Apple Pay can now be used at all stores with deployments that have Payment Services turned on. Shoppers don’t have to enter their credit or debit card information when they use this payment method. Apple Pay can be used on the product details page, in the mini cart, in the shopping cart, and in the checkout process. This option can be turned on or off by merchants.

PayPal 

• Shoppers in Spain and Italy can now use PayPal Pay Later at stores that accept the payment method.
• In the Admin, you can now see what the PayPal, Credit, and Pay Later buttons look like on the checkout, mini-cart, cart, and product pages. Previews show how these buttons will look on the storefront when turned on and drawn.

Braintree 

• Braintree has stopped using the KOUNT integration to protect against fraud. It has been taken out of the codebase for Magento Open Source.
• The Admin now has an option to always ask for a 3DS.

PWA Studio

The new version of Magento is compatible with PWA Studio v.12.5.x, which lets you do the following things:

• Through the PWA studio storefront, merchants can now get information about how shoppers behave for use in web analytics services.
• Merchants can now use the Admin panel to set up a service.

Page Builder

Page Builder v.1.7.2 is now compatible with Magento Open Source 2.4.5.  

These improvements have been made to the Page Builder column layout:

• Columns are now visible, so users can change how columns are set up on the storefront.
• Columns can now be resized so that user actions can cause wrapping.

Other Domains Covered in The Ameliorating Process

• Installation, upgrade deployment.  
• Accessibility 
• Adobe Stock
• Bundle products
• Cache
• Cart and checkout
• Cart price rule
• Configurable products
• Catalog
• customer attributes 
• Downloadable product. 
• System-issued emails 
• Frameworks
• Import/export
• Infrastructure
• Logging
• MFTF
• Action Groups 
• New tests
• Refactored tests
• Newsletter
• Order
• Payment methods
• Web API framework
• Video
• URL rewrites

Adobe, a firm with a desire for constant success, manages to change its conduct with the times. It’s not like Adobe ever fought against evolution and progress. The latest development will indeed assist store owners and developers in burgeoning their respective business operations.