The recent Magento development was released on 28th Apr 2020. Since Magento is a preferred eCommerce platform, it continuously upgrades its ability to adapt to increased performance and higher demands.
The latest version Magento 2.3.5 provides major platform developments, notable security upgrades, and performance enhancements.
The release involves more than 180 functional fixes, 25 security upgrades, and more than 46 GitHub issues.
Let us have a look at the highlights as mentioned earlier.
Important Security Upgrades
This release offers the below security upgrades:
More than 25 security upgrades that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities. Although no confirmed attaches related to the above issues have occurred, however, some weaknesses can be exploited to access customer information. As these issues require access to Admin, it is suggested to protect the Admin as well as IP whitelisting, the use of a unique location rather than /admin, two-factor authentication, use of a VPN, and good password hygiene.
Additional security upgrades include:
- Implementation of Content Security Policies (CSP)
- Removal of session_id from URLs
Platform upgrades
The below platform upgrades help enhance website security and performance:
- Support for Elasticsearch 7.x
- Deprecation of the core integration of the Signifyd fraud protection code
- Deprecation of core integration of third-party payment methods
- Migration of dependencies on Zend Framework to the Laminas Project
- Upgrade of Symfony Components
Performance boosts
- Improvements to customer data section invalidation logic
- Multiple optimizations to Redis performance
Infrastructure improvements
This Magento development offers enhancements to core quality that improves the quality of Framework and these modules: PayPal, Sales, Elasticsearch, Catalog, CMS, and Import.
- The PayPal Pro payment method now works as expected in the Chrome 80 browser.
- A PHPStan code analysis check has been integrated into Magento static builds.
Inventory Management
Inventory Management upgrades for this release include:
- New extension point for SourceDataProvider and StockDataProvider
- Ability to view allocated inventory sources from the Orders list
GraphQL
With this release, you can now use products and category list queries to retrieve information about products and categories that have been added to a staged campaign.
PWA Studio
PWA Studio 6.0.0 contains both new features and improvements to existing features:
- Launch of the PWA extensibility framework.
- Caching and data fetching improvements.
- Shopping cart components
dotdigital
- Integration of Engagement cloud and Magento B2B
- Improved importer performance
Google Shopping Ads Channel
The Google Shopping ads Channel bundled extension has reached end-of-life with this release (2.3.5 and 2.3.4-p1). It is no longer supported. Alternative extensions are available on the Magento Marketplace.
Fixed Issues
The below-mentioned issues have been fixed in the release:
- Enhanced Adobe stock integration
- Bundle product prices are now calculated accurately on product pages.
- Cache – Frontend cookies are now set as expected when you enable Use Secure URLs on Storefront and Secure Base URL is set to https.
- Cart and Checkout – Cart Price Rules that are based on payment methods are now applied during the checkout workflow.
- Catalog – Filtering on the Admin product grid website column now works as expected
- Cleanup and simple code refactoring – Corrected misalignment of the View Details label for configurable products in the order summary of the checkout workflow.
- Configurable Products – Added validation logic to the Create new value input field of the configurable product creation workflow
- Cron – bin/Magento cron:run -v no longer fails when the database name exceeds 64 characters but instead creates a shorter name.
- Custom Customer attribute – Magento now displays custom customer address attribute values as expected in the address section of the checkout workflow.
- EAV – The Update Attribute action now correctly updates the timestamp of a product’s updated_at column from catalog_product_entity when you update the product from the Admin edit product page.
- Email – Email templates can now be previewed from the Admin when JavaScript magnification is enabled.
- Frameworks – Dependencies on Zend Framework have been migrated to the Laminas project to reflect the transitioning of the Zend Framework to the Linux Foundation’s Laminas Project.
- Javascript Framework – Added a check to confirm that a file belongs to the current base URL before setting the .min.js suffix.
- Import/Export – Magento now successfully imports customer data using the Customer and Addresses (single file)) option when cron is enabled, and the Customer Grid Indexer is set to Update By Schedule.
- Index – The partial indexer no longer incorrectly removes stock data when updating at least 1000 products.
- Newsletter – The preview template feature now works as expected.
- Reviews – Magento now disables the Submit Review button after the user clicks the button once.
- Sales – Order queries have been refactored to reduce the size of the dataset returned, and the frequency of the questions.
- Search – Filtering results no longer include out-of-stock options when you filter configurable products in a category.
- Shipping – Magento now prints shipping labels as a .pdf file as expected when you select Print Shipping Label from the Action drop-down list from an order in the order archive list.
- Sitemap – The partial sitemaps that are listed in the sitemap index now have the correct URL
- Store – Customer sessions now persist as expected when a customer logs in to one store, adds products to the shopping cart, and then switches to a new store in a multi-store deployment.
- Swagger – Magento no longer displays an informative console error when you try to navigate to the Swagger index page.
- Swatches – Merchants can now successfully add color swatch attributes to products using the Visual Swatch option.
- Tax – Magento now performs VAT calculations correctly in all stores in a multi-store deployment.
- Testing – A PHPStan code analysis check has been integrated into Magento static builds
- Theme – Product names are no longer translated if their text matches a global key.
- Translation and locales – Special price range settings (from/to dates) now work correctly for administrator accounts using a Dutch locale.
- UI – Radio buttons for shipping methods are now enabled as expected in the checkout workflow.
- WYSIWYG – The WYSIWYG editor now works as expected on Internet Explorer 11.x.
The latest Magento development has been released at a critical juncture. eCommerce requirements are towering because of pandemic lockdown all over the world, and more businesses are now shifting on it. Most of them are doing it not as a choice but as the only way to operate amidst bizarre lockdowns.
About Author
Dipak Patil - Delivery Head & Partner Manager
Dipak is known for his ability to seamlessly manage and deliver top-notch projects. With a strong emphasis on quality and customer satisfaction, he has built a reputation for fostering strong client relationships. His leadership and dedication have been instrumental in guiding teams towards success, ensuring timely and effective delivery of services.