Magento Commerce 2.4.1 was released today, October 15th, 2020. While the major enhancements in this involve performance and security, there are some other nice developments here in relation to B2B functionality, PWA development capabilities, a vastly improved Media Gallery, and something PageBuilder fans have been waiting a long-time for…
This release includes all improvements to core quality that were included in Magento 2.4.0, over 150 new fixes to core code, and over 15 security enhancements. All known issues identified in Magento Commerce 2.4.0 have been fixed in Magento Commerce 2.4.1 release.
Substantial security enhancements
Headlining the security enhancements are support for the SameSite attribute for cookies and the addition of CAPTCHA protection for payment-related and order-related API endpoints and the Place Order storefront page. This release applies over 15 security enhancements that help close Remote Code Execution (RCE) and Cross-Site Scripting (XSS) vulnerabilities. Some of them are the following:
CAPTCHA protection has been added to the following product areas:
– Place Order storefront page and REST and GraphQL endpoints
– Payment-related REST and GraphQL endpoints.
CAPTCHA protection for these additional pages is disabled by default. It can be enabled on the Admin in the same way that other pages covered by CAPTCHA are. This protection has been added as an anti-brute force mechanism to protect stores against carding attacks.
Support for the SameSite attribute for cookies.
To support the Google Chrome enforcement of the new cookie classification system, Magento classes that handle cookies have been updated to support the SameSite cookie attribute. This attribute is set to Lax by default but can be explicitly overridden.
Enhanced Magento Scan Tool.
Adobe has partnered with Sanguine Security, a leader in preventing digital skimming, to integrate their database of over 8700 threat signatures into the Magento Security Scan Tool. This partnership will enable merchants to get real-time insights into the security status of their site through proactive detection of malware and reduction of false positives. Merchants can register for the tool by visiting https://account.magento.com/scanner. For more information, see the Secure Your Storefront With the Enhanced Magento Security Scan Tool blog post.
Check out the detailed notes of security enhancements here.
This release contains enhancements to core quality, which improve the quality of the Framework and these functional areas: Customer Account, Catalog, CMS, OMS, Import/Export, Promotions and Targeting, Cart and Checkout, and Staging and Preview.
Merchants can now allow users to clear the contents of their shopping cart in a single action and can configure this ability independently on each website
Check out the detailed notes of infrastructure improvements here.
Reduction in the size of network transfers between Redis and Magento. Plugin list configuration is now generated during the execution of the bin/magento di:compile command. This configuration information is written to generated metadata folders based on scope. Previously, this information was stored in cache. Resulting performance improvements include a decrease in network cache size and execution time for many scenarios.
Enhanced message queue consumer performance. Three new configuration settings support a decrease of 20% in consumer queue CPU consumption. These optional parameters provide increased control over consumers and save server resources.
Improved execution time for bin/magento commands.
Check out the detailed notes of performance here.
Adobe Stock Integration
This release includes Adobe Stock Integration v2.1.0.
New Media Gallery
The Media Gallery has received some vastly improved time-saving measures and meta-data capabilities. Merchants can now perform these actions on images in the Media Gallery:
– Delete images in bulk
– Optimize media storage by identifying duplicate images and images that are not used on the storefront
– Filter images by the storefront area they are used in, including product and category content and CMS blocks
– Work with image metadata
– View metadata from the images uploaded into Media Gallery
– Edit image metadata (title, description, and keywords)
– Search for images by their metadata
The New Media Gallery is now enabled by default in the Admin.
Check out the detailed notes of new media gallery here.
Page Builder fans rejoice! It now supports full screen mode, providing much easier editing of content and provides a consistent experience editing content across the Admin.
This release adds GraphQL coverage for the following features:
Product reviews. Customers and guests can write product reviews. Customers can retrieve their product review histories.
Gift options. All customers and guests can add a gift message to their order. On Magento Commerce installations, they can also add gift wrapping, gift receipts, and printed cards to the order.
Reward points. On Magento Commerce installations, customers can apply or remove reward points to their carts. They can also view their reward point history.
Order history. All customers can view details about their order histories, including invoices, shipping, and refunds.
Add to cart. Customers can add the following product types to their cart: Simple, Configurable, Bundled, Grouped, Virtual, Gift Card, and Downloadable.
Stored payment methods. Logged-in customers can now store payment details (including Braintree credit card and Braintree with PayPal) in MyAccount.
Check out the detailed notes of GraphQL here.
PWA Studio v8.0.0 introduces new features and enhancements:
– Updates to the Venia style guide that apply to design tokens, typography, colors, core components, and page layouts.
– Improvements to the Venia mini-cart experience
– Initial support for multiple locales and localized content on the Venia storefront
– Numerous improvements to the MyAccount experience of the Venia storefront
Check out the detailed notes of PWA Studio here.
Magento 2.4.1 introduces B2B v1.3.0. This release includes improvements to order approvals, shipping methods, shopping cart, and logging of Admin actions.
– Improvements to Order Approvals
– B2B shipping methods enhancements
– Shopping cart improvements
– New Admin features
– Enhanced security on storefront
– Expanded logging of Admin actions
Check out the detailed notes of B2B here.
Magento Functional Testing Framework (MFTF)
MFTF 3.1.0 is now available.
Hundreds of issues were fixed in the Magento 2.4.1 core code. All of them applied to the following areas:
– Installation, upgrade, deployment
– AdminGWS (Magento Commerce Only)
– Adobe Stock
– Bundle products
– Cart and checkout
– Click the link below to see the full list…
If you have any questions about the Magento Commerce 2.4.1 release, how to make the most of these new features, or need a hand upgrading to the latest version, please contact us at email@example.com and we’ll be happy to help.
Magento Tech Lead
Connect with Tiago on LinkedIn