After a month of the beta version release, Magento 2.4 will officially be launched with General Availability this Tuesday, July 28, 2020!
Despite the pandemic going on worldwide, Magento still manages to pull off this version as promised before the end of the 2020 Q3. We’ll experience a promising Magento major update with 100 new fixes to core code and 30 security enhancements.
Together, let see how Magento Open Source and Commerce 2.4 helps to better/smoother Ecommerce operations.
In other words, this article is your ultimate guideline toward Magento 2.4 and highlights improvements you should not miss!
GET YOUR STORE UPDATED to Magento 2.4 with the help of Magento Website Maintenance Experts to make the most of newest features.
No.1 Improvement To Notice: Two Factor Authentication (2FA)
Table of Contents
Hint for why this is the most important update: It’s the only thing Magento includes in its “preview and plan your upgrade” email.
Hacking is becoming more and more prevalent in the ecommerce scene. Either a breach in customer personal information or trading secrets get leaked, you’ll face a massive crisis regardless of the business scale.
And take into account the current situation of social distancing and digitalized operation, it’s triple the threat of hacking.
Not to mention, Adobe itself suffered both of these nightmares from a massive attack back in 2013.
An in-depth investigation found 38 million active users IDs and passwords in jeopardy with the source code of several of Adobe’s products being stolen.
That explains why, after the acquisition, we as Magento users have experienced attempts upon attempts to leverage Magento security for each update.
For this 2.4 version, Magento focuses on one of the most common attack places – the login page. To do so, Adobe&Magento are providing and supporting multiple requiring areas for 2FA throughout the Magento Commerce ecosystem.
Don’t worry, we’ll learn about this tokenizing process right now.
What is two-factor authentication and how it works with Magento 2.4?
Here is the definition of TFA or 2FA:
With Magento, there are three gateways in which this verification tactics take places (and it is mandatory):
- Services that use your Magento.com credentials such as My Account or the Magento Commerce Help Center. Learn how to configure here.
- Accessing the cloud admin using SSH and the Magento Commerce Admin. Available in conjunction with the release of 2.4.
- Beginning with the release of 2.4, 2FA will be enabled by default for the Magento Commerce Admin and cannot be disabled. After upgrading, Admin users must configure 2FA before logging in.
Further Security Enhancements With Sustainability
All 30 security advancements within Magento 2.4 are to help eradicate remote code execution (RCE) and cross-site scripting (XSS) possibilities.
Here is how these two types of attack differ:
For example, the 2FA we talked about earlier is mostly for RCE prevention by securing your login station.
Other security improvements, including:
- The template filter strict mode is now a default feature. Magento segments (counting CMS pages and hinders) that utilize the layout channel in inheritance mode can be helpless against distant code execution (RCE). Empowering exacting mode, of course, guarantees that RCE assaults can’t be purposely empowered.
- Data rendering for UI data providers is now disabled by default. This removes any opportunity for malicious users to execute arbitrary JavaScript.
- New \Magento\Framework\Escaper class. This class is provided for .phtml templates and the PHP classes that are responsible for generating HTML.
- *Support for new security.txt file**. This file is an industry-standard file on the server that helps security researchers report potential security issues to site administrators.
Security-only patch
Note that Magento 2.4.0 is the primary quarterly discharge that gives the capacity to introduce security patches with no compelling reason to apply other utilitarian fixes. The new form of the stage offers to fix 2.3.5.2 (Composer bundle 2.3.4-p2) that conveys all hotfixes applied to the 2.3.5 discharge.
Here are your direct access links regarding this topic:
- For general information about this patch, check out this Magento dev docs article.
- Learn how to download and install this security only patch using Composer – read up on this bit.
No More MySQL – Elasticsearch Will Power The Catalog Search Engine
Using Elasticsearch instead of the default MySQL for faster layered navigation has been a “big-brain” tip in a hot minute. You can do it in the following sequence Stores -> Settings -> Configuration -> Catalog -> Catalog -> Catalog Search -> Search Engine.
In response, Elasticsearch will take over some workload from your database (which is managed by MySQL) and, in the same token, offer better performance – especially if you move it to a separate machine.
Understand that, Magento 2.4 will now set Elasticsearch as the default setting instead of MySQL. You and your customers can enjoy faster and more search capabilities with this improvement.
On this note, you need to make sure you have installed Elasticsearch 7.6.x first since it is the required version for Magento 2.4. But gladly, you can upgrade Elasticsearch effortlessly with caution for backup data and no migration issue by following this article.
In case you are using a third-party module for your search engine, you need to contact them and make sure their module is aligned with Magento 2.4 guidelines.
This way, you can ensure a smooth transition into Magento 2.4.x.
Better Security Bug Recognition With CVE
Yes we have StackExchange, and yes we have GitHub community but that’s just simply not enough. Especially when we talk about security problems, we don’t need a mere vulnerability database.
The bar is way higher than that.
We need one system that allows internally linking of said vulnerabilities and facilitates the comparison of security providers and helpers.
And Common Vulnerabilities and Exposures is the answer. Since Magento Commerce 2.3.2, Magento will acknowledge and record security bugs with the indexed CVE numbers.
Come with that number identifier is a status indicator, a brief description, and references to related vulnerability reports and advisories. And such listings will make your ecommerce operation regarding vulnerabilities specification much easier.
Say Goodbye To Authorize.Net And Braintree Payment Method Integrations
The Magento 2.4 will officially take these two payment method integrations out of the core code. If you still insist on including these payment gateways into your Magento system, you need to find the official extension on the Marketplace.
Highlight Enhancements Of Magento Open Source & Commerce 2.4.0
Let’s get a summary of the most important area of Magento 2.4.0 upgrades.
A New Lock For Security
Besides the “unable to disable” 2FA for the Magento admin, we must talk about Content Security Policy (CSP).
As mentioned earlier, while 2FA is mainly for RCE prevention, CSP is all about XSS protection.
To be more specific, CSP within Magento will support whitelisting of inline style and script tags in .phtml templates. This feature is not universally permitted by the default configuration.
A New Platform Guideline
Magento 2.4 will set a new standard for platform workspace that is encompassed:
- Support for PHP 7.4. Magento 2.4 will still run with PHP 7.3, but it’s unrecommended. Noted, version 7.1 and 7.2 have been deprecated.
- PHPUnit 9.x from now on – 6.5 ver. has been deprecated.
- Elasticsearch 7.x will be the default setting for the catalog search engine.
- MySQL 8.0 is the highly recommendation for use and MySQL 5.6 is out-of-date to host Magento 2.4.
- Subsequently, MariaDB 10.0 and 10.1 are no longer supported – instead, turn to MariaDB 10.4.
- Zend Framework dependencies are now migrated to the Laminas project.
- The Signifyd fraud protection code has been removed from the core code. Install this official extension for replacement.
- The core Braintree module, as discussed previously, will no longer a core code feature.
Improve The Quality Of Infrastructure
Firstly, because of the Payment Service Directive PSD2 and the proceeded with the development of numerous APIs, various Magento center installment mixes hazard getting obsolete and no longer security agreeable later on.
With that in mind, many center installment mixes have been or will before long be belittled, and we are prescribing progress to their relating commercial center expansions. In this new era for Magento, these third party payment integrations will officially get removed:
- Worldpay
- Authorize.net
- Authorize.net (Direct Post)
- CyberSource
- eWay
Besides, Magento 2.4 will also make a leap in these areas for infrastructure transformation:
These changes of direction are such important steps to set up a smoother and better ecommerce flow as well as execution.
Attempts At Performance Optimization
Magento 2.4 will make a strike not only for the website but also for ecommerce performance. To be more specific, the test resulted in a 25-30% improvement with Quick Order add-to-cart performance.
CHECK OUT THIS Top 9 Magento Ajax add-to-cart extension to make that improvement gap even BIGGER!
This great new is undoubtedly a step toward better conversion, and these enhancements support it:
- Customer data section invalidation logic has been renovated, addressing a known issue with local storage.
- Redis performance optimizations:
- More bite-size network data transfers
- Fewer CPU cycles consumption with prioritized automation
- Fewer race conditions on Redis write operations
- Improved caching for SQL queries: 1 query instead of 16.
In return, we will experience better performance within the Magento system, from loading to caching and even customer journey.
Adobe Stock Integration
Vendors now can discover any Adobe Stock see the picture in the Media Gallery, which decreases the number of steps required to permit stock review.
It’s estimated that the introduction of Media Gallery will make the search-n-pick of Magento media assets 30x faster than previous versions.
Inventory Management Leaps
Magento 2.4.0 welcomes the Inventory Management functionality with in-store pickup and bundle product support.
With In-Store Pick Up in Inventory Management, customers can go without much of a stretch and select which physical stock areas are qualified as a client pickup area.
During checkout, clients can rapidly discover an area close to them and view other fundamental data, such as storing open hours.
When requests are in place, store partners can tell them when their requests are ready for pickup with a solitary snap.
GraphQL
GraphQL improvements are opened but not limited to:
- pickupLocations question underpins the Inventory In-store pickup highlight.
- classifications inquiry restores a rundown of classifications that coordinate a predetermined channel. This inquiry varies from the categoryList question in that it underpins pagination.
- reorderItems transformation permits a signed in client to include all the items from a past request into their truck.
PWA Studio
The Magento PWA Studio venture is a lot of designer apparatuses that take into account the turn of events, organization, and support of a PWA customer-facing facade on the head of Magento 2.3 or more.
>>> LEARN ALL ABOUT THIS TECHNOLOGY: Magento PWA Studio and how to better your ecommerce with it.
It utilizes present-day instruments and libraries to make a form framework and system that holds fast to the Magento standard of extensibility.
In this Magento 2.4.0 update, Magento supports PWA Studio 6.0.0 and 6.0.1.
Magento Functional Testing Framework
With MFTF v3.0.0, you get MFTF partners created to make custom activities past the system.
Moreover, it incorporates blueprint refreshes for test substances, sub-envelopes in test modules, and settled linguistic declaration structure.
You can likewise use static checks to screen deplored test substances.
Vendor-developed Extension
This arrival of Magento incorporates expansions created by outsider merchants. It presents both quality and UX enhancements to these augmentations and the development of MFTF inclusion.
- Dotdigital: characteristic client qualities are linkable as information fields; truck knowledge information get rewritten for dynamic statements; site name, store name, and store see name are sync-able using individual information fields; conditional information Wishlist, Review, and Order matches up; logging yield from the Client class is currently steady over all the API covering strategies; configurable items have at long last got a stock figure; stock updates performed by outsider code are completely perceptible.
- Amazon Pay: CSP whitelists will get refreshed; multi-thing orders bolster different approvals;
- Braintree Payments: vendors should now utilize Braintree Payments rather than the center Braintree joining.
- Klarna: on location informing apparatuses for credit and financing alternatives; improved discounts, APIs, unit tests, limits, etc.
- Vertex: better Admin arrangement and client experience because of the utilization of XML mapping documents and fixes.
- Yotpo: Ratings and Reviews are parts of Page Builder.
Magento Marketplace expansion sellers ought to affirm that their augmentations are good with PHP 7.4 when distributing another rendition of their expansion for Magento 2.4.0.
The Promised Shiny APIs
Since 2017, Magento has begun to shape and visualize Magento 2.4 with better API, and we’ll finally get to experience it.
There are additional bits of gossip that Magento 2.4 will present new APIs, opening the 2.4-create branch in the Magento2 venture archive.
Therefore, everybody will gain admittance to the Magento Community. Plus, people group pull solicitations will get diverted to the new branch. It opens additional opportunities for the network individuals to affect each new arrival of Magento.
Magento 2.4.0 B2B Changes
To put it first, you will now be able to use the Order Approval Workflow include. The new improvement focuses on supervisors of purchasing associations who can design endorsement rules for their purchasers.
A MUST-READ: Everything you need to know about Magento 2 B2B settings and technologies.
With the new Magento variant, it is conceivable to make novel endorsement conditions per Company account. Rules can consolidate such rules as request sum, details, shipment costs, and so on. It is additionally permitted to smooth out adaptable consents.
Another new upgrade is a snappy perspective on POS that requires endorsement. In their turn, Buy Orders have a full history log of activities of them. Improved email warnings are likewise a piece of the B2B update of Magento 2.4.0.
They get sent for significant gatherings during all means in the endorsement procedure.
The second significant improvement of Magento 2.4.0 B2B is the capacity to sign in as a client. The component is good with numerous client account scopes.
You can see the customer user interface in the interest of your customer as a director. There is a for every site get to control rundown to characterize who can sign in to client accounts.
Note that requests put for the benefit of your possibilities are accessible on both user interface and administrator.
Another outstanding component is that the framework demolishes all meetings, following the director logout. Another well-being measure keeps managerial clients from getting to client passwords.
There are additionally a few unsubstantiated enhancements. Right off the bat, it is another work process for statement and request endorsements in the frontend that joins limit esteems.
Also, it is supposed that Magento 2 .4 will empower the exchange of statements between organization clients.
Magento 2.4 Backward Incompatible Changes
Since we’ve referenced MySQL’s cancelation as a web index in Magento 2.4, how about we investigate others in reverse contradiction issues? The accompanying part features the significant changes between discharges that cause traps requiring nitty-gritty clarification and directions.
However, these notes are very technical and require a certain understanding of coding and Magento’s logic. You can find out more about them right here.
Magento 2.4 Inventory Management Enhancements
Inventory Management (provided by the Magento Inventory (was MSI) venture) is accessible with Magento Open Source, Magento Commerce, and Magento Commerce Cloud 2.3.x.
SINK YOUR TEETH IN: The easiest explanation for Magento 2 MSI – all in one place!
Traders can utilize Inventory Management to oversee stock for all item types in a solitary stockroom and across complex delivery systems.
Deal with these areas as sources, following available stock amounts per item. Stocks interface these sources with deals channels (sites) to give an exact marketable amount, ascertaining available, accessible items, pending requests (reservations), and designed limits.
Stock Management additionally refreshes requests and shipment alternatives, giving you full authority over your stock and findings at the source level.
Accordingly, Inventory Management 1.2.0 (module variant: magento/stock metapackage = 1.2.0) is bolstered with form 2.4.0 of Magento Open Source, Magento Commerce, and Magento Commerce Cloud.
- In-store conveyance strategy. Included another choice for clients to choose a source to be utilized as a pickup area during checkout.
- Pack item support for multi-source mode. Stock backings all item types with various sources.
- Offbeat stock re-ordering. Added the capacity to non concurrently re-file stock and improved the presentation of a few basic situations.
- Mass interfaces. Presented new mass interfaces for marketability check: \Magento\InventorySalesApi\Api\AreProductsSalableInterface, \Magento\InventorySalesApi\Api\AreProductsSalableForRequestedQtyInterface.
- Expanded test inclusion. New usefulness secured with computerized tests, broadened inclusion for found and fixed issues.
- Various bug fixes to determine issues with source task, adaptable condition include backing, and similarity with PHP 7.4, MySQL 8, and PHPUnit 9.
Known issue.
The nonattendance of the object_id field in the reservations metadata is forestalling the inventory_cleanup_reservations cron work from working appropriately. You can find this issue in magento/inventory#3046.
Workaround solution: Execute the accompanying MySQL inquiries to physically cleanup reservations:
SELECT GROUP_CONCAT(reservation_id) FROM inventory_reservation GROUP BY stock_id, sku HAVING SUM(quantity) = 0; DELETE FROM inventory_reservation where reservation_id IN (result_of_the_first_query);
EXPLORE How BSS Commerce Assisted SckinⓇ to migrate their website to Magento 2
Wrap up
We’ve talked in-depth about Magento 2.4 in all of its glory and tainted remains (with fixes, of course). This update is a definitive milestone for Magento 2, and it has showcased the determination of the Magento team and its community.
Amid a global pandemic, Magento 2.4 will provide many endorsers and incredible sources for work-from-home establishments. From security to better management, Magento 2.4 has it all!
And we understand your struggle for updating Magento, especially in this time of limited budget and resources.
BSS Commerce is one of the leading Magento extension providers and web development services globally. With experienced and certified Magento developers, we commit to bringing high-quality products and services to optimize your business effectively. Furthermore, we offer FREE Installation – FREE 1-year Support and FREE Lifetime Update for every Magento extension.
Contact us NOW and pour out your needs; we’re on 24/7 support!