Magento 2.4 Release Notes
Magento OS 2.4.0 Beta Release Notes
Highlighted are the main improvements introduced in the beta version of the Magento Open Source 2.4.0.
As usual, the new upgrade brings numerous platform upgrades, security changes, and performance enhancements, including 100+ fixes to core code. Since quarterly releases usually contain backward-incompatibility changes, 2.4.0 is not an exception. However, the new platform version contains only minor adjustments. (You can find all of them here: Backward Incompatible Changes.)
Skinny Security Patches for 2.4
Note that Magento 2.4.0 is the first quarterly release that provides the ability to install security patches without any need to apply other functional fixes. The new version of the platform offers patch 220.127.116.11 (Composer package 2.3.4-p2) that delivers all hot fixes applied to the 2.3.5 release.
Inventory Management and PWA Studio are released and documented independently.
Now, let’s take a look at the core areas Magento 2.4.0 upgrades.
Magento Security Improvements
Magento 2.4.0 delivers 30+ security improvements. The new platform addresses remote code execution and cross-site scripting vulnerabilities. The new version introduces the following upgrades:
- The Magento admin area now enables two-factor authentication by default. The feature cannot be disabled.
- The system enables the template filter strict mode for Magento components to eliminate RCE.
- Content Security Policy improvements include the whitelisting of inline style and script tags in .phtml templates.
Magento 2.4 Platform Enhancements
- PHP 7.4 – 7.1 and 7.2 has been deprecated;
- PHPUnit 9.x – 6.5 has been deprecated;
- Elasticsearch 7.x;
- MySQL 8.0;
- MySQL catalog search engine has been replaced with Elasticsearch;
- MariaDB 10.4 – 10.0 and 10.1 are no longer supported;
- Zend Framework dependencies are now a part of the Laminas project;
- The Signifyd fraud protection code has been removed from the core;
- The core Braintree module is no longer there as well.
2.4 Infrastructure Improvements
- No third-party payment methods in the core: Authorize.Net, eWay, CyberSource, and Worldpay has been removed;
- Partial-word search introduced by Elasticsearch;
- Web Set Up Wizard is no longer available – use the command line instead;
- Better updates with the Composer plugin.
- Customer data section invalidation logic has been revamped, addressing a known issue with local storage;
- Redis performance optimizations: smaller network data transfers, less CPU cycles consumption; more efficient race conditions for write operations;
- Improved caching for SQL queries: a single SQL query to the inventory_stock_sales_channel (as well as inventory_stock) table is used instead of 16;
- Better Quick Order add-to-cart performance (up to 30% enhancement).
Magento Adobe Stock Image Previews
Magento 2.4 provides the ability to license stock image previews right from the Media Gallery, simplifying the initial procedure. Besides, the Media Gallery itself introduces a brand-new, searchable interface, where you can search, filter, and sort images up to 30x faster than in the previous Magento versions.
Magento 2.4.0 enhances the Inventory Management functionality with in-store pickup and bundle product support.
GraphQL has also been improved in Magento 2.4.0. For instance, the pickupLocations query now supports the Inventory In-store pickup feature. Besides, you can leverage the categories query to return a list of categories that match a specified filter. And due to the reorderItems mutation, a logged-in user can add all the products from a previous order into the cart.
Magento 2.4.0 supports PWA Studio 6.0.0 and 6.0.1.
Time Limit for Admin Accounts 020214#]
There is a community contribution that will probably become a part of MAgento 2.4.0. As a store administrator, you will get an opportunity to limit backend accounts. After the specified interval, accounts can be automatically deactivated. It is a security measure aimed at third-party specialists who may need access to your backend.
Magento Functional Testing Framework
With MFTF v3.0.0, you get MFTF helpers developed to create custom actions beyond the framework. Besides, it includes schema updates for test entities, sub-folders in test modules, and nested assertion syntax. You can also leverage static checks to monitor deprecated test entities.
There is also unofficial information regarding Web Payments. The feature supposedly allows customers to order and pay faster and more easily, using data stored in their browser.
- Dotdigital: customer attribute values are synced as data fields; cart insight data is properly sent for active quotes; website name, store name, and store view name are syncable via individual data fields; transactional data sync limit improvements affect Wishlist, Review, and Order syncs; logging output from the Client class is now consistent across all the API wrapper methods; configurable products have finally got a stock figure; stock updates performed by third-party code are fully detectable.
- Amazon Pay: CSP whitelists have been updated; multi-item orders support multiple authorizations; Japanese addresses are now supported.
- Braintree Payments: merchants should now use Braintree Payments instead of the core Braintree integration
- Klarna: on-site messaging tools for credit and financing options; enhanced refunds, APIs, unit tests, discounts, etc.
- Vertex: better Admin configuration and user experience due to the use of XML schema files and patches
- Yotpo: Ratings and Reviews are built into Page Builder.
New 2.4 API Rumours
There are also rumors that Magento 2.4 will introduce new APIs, opening the 2.4-develop branch in the Magento2 project repository. As a result, everyone will get the access to Magento Community.
This means that community pull requests will be redirected to the new branch. It opens new possibilities for the community members to impact every new release of Magento.