What’s New in Magento 2.4.0?
Highlights
Look for the following highlights in this release:
Substantial security enhancements
This release includes over 30 security fixes and platform security improvements.
Over 30 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP allowlisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin
, and good password hygiene.
Additional security enhancements
- Implementation of 2FA for Admin accounts, Magento.com user accounts, and Cloud SSH access
- Securing your Magento Admin account. Two-factor authentication (2FA) is now required for the Magento Admin. Admin users must first configure their 2FA before logging into the Admin through either the UI or a web API. 2FA is enabled by default and cannot be disabled. This extra step of authentication makes it harder for malicious users to log in to the Admin without authorization.
- Securing your Magento account. Two-factor Authentication (2FA) provides an added, optional layer of security to better protect your Magento.com account from unauthorized users who might want to use your account in ways you do not want.
- Securing Cloud SSH access. Magento Commerce Cloud provides multi-factor authentication (MFA) enforcement to manage authentication requirements for SSH access to Cloud environments. Multi-factor authentication for 2FA is not enabled by default on a project. Magento highly recommends enabling this feature. Contact Support for assistance.
- Template filter strict mode is now enabled by default. Magento components (including CMS pages and blocks) that use the template filter in legacy mode can be vulnerable to remote code execution (RCE). Enabling strict mode by default ensures that RCE attacks cannot be deliberately enabled.
- Data rendering for UI data providers is now disabled by default. This removes an opportunity for malicious users to execute arbitrary JavaScript.
- New
\Magento\Framework\Escaper
class. This class is provided for.phtml
templates and the PHP classes that are responsible for generating HTML. This class contains HTML sanitization methods relevant to multiple contexts. The$escaper
local variable is available inside.phtml
templates and should be used instead of the deprecated$block->escape{method}
. Use$escaper
rather than$block
as the use of$block->escape{method}
has been deprecated. - Support for new security.txt file. This file is an industry-standard file on the server that helps security researchers report potential security issues to site administrators.
Starting with the release of Magento Commerce 2.3.2, Magento will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This allows users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment. You can learn more about CVE identifiers at CVE.
Platform upgrades
The following platform upgrades help enhance website security and performance. Supported versions of PHP and PHPUnit, Elasticsearch, MySQL, and other dependencies are listed in Magento 2.4 technology stack requirements.
- PHP 7.4 support introduced and PHP 7.1 and 7.2 deprecated. Magento 2.4.0 introduces support for PHP 7.4.
- Support for PHPUnit 9.x and deprecation of PHPUnit 6.5. PHP 7.4 requires the use of the latest PHPUnit testing framework, which is PHPUnit 9.x. Magento Marketplace extension vendors must confirm that all new extension versions are compatible with PHP 7.4 and that all unit and integration tests have been configured to be run with PHPUnit 9.
- Elasticsearch 7.6.x support. Elasticsearch 7.6.x is now the default catalog search engine for Magento Commerce and Open Source. You cannot install or upgrade to Magento 2.4.0 without also installing Elasticsearch 7.6.x. Elasticsearch version 2.x code has been removed. Elasticsearch versions 5.x and 6.x have been deprecated and are no longer supported.
- MySQL 8.0 support. Magento 2.4.x supports MySQL 8.x. (Magento 2.4.0 was tested with MySQL 8.0.20.) Merchants are encouraged to migrate their deployments to MySQL 8.x to take advantage of its improved performance, security, and reliability. Although MySQL 5.7 is still supported for Magento 2.4.x, MySQL 5.6 is no longer supported. You cannot host Magento 2.4.x with a MySQL 5.6 database.
- Removal of the MySQL catalog search engine. The MySQL search engine has been removed from Magento 2.4.0 and replaced as the default search engine with Elasticsearch. Elasticsearch provides superior search capabilities as well as catalog performance optimizations. All merchants must have Elasticsearch to install and deploy Magento 2.4.0.
- MariaDB 10.4 support. Support for MySQL 8.0 provides the opportunity for merchants to deploy MariaDB 10.4 with Magento. Although merchants can still use MariaDB 10.2 with Magento 2.4.0, we recommend upgrading to MariaDB 10.4 for improved performance and reliability. MariaDB 10.0 and 10.1 are no longer supported (as a result of removing support for MySQL 5.6 in this release).
- Migration of dependencies on Zend Framework to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated.
- Decomposition of Magento Controllers allows extension developers to implement ActionInterface directly without “layer supertype” classes. Enhancement started by Vinai Kopp in pull request 16268 and finalized by Lukasz Bajsarowicz in pull request 26778. GitHub-9582
- Removal of the core integration of the Signifyd fraud protection code. This core feature is no longer supported. Merchants should migrate to the Signifyd Fraud & Chargeback Protection extension that is available on the Magento Marketplace.
- The core Braintree module has been removed from the code base. The Braintree Payments module now provides the same feature set.
Infrastructure improvements
This release contains enhancements to core quality, which improve the quality of the Framework and these modules: Customer Account, Catalog, CMS, Import, Cart and Checkout, and B2B.
- Removal of core integration of third-party payment methods. With this release, the Authorize.Net payment method integration has been removed from core code. Merchants should migrate to the official extension that is available on the Magento Marketplace.
- Support for partial-word search for Elasticsearch (new default search engine). Elasticsearch now supports the use of partial words in search terms for product names and SKUs when using quick search. This capability was supported by the MySQL search engine, which has been deprecated and replaced by Elasticsearch in this release.
- PayPal JavaScript SDK upgrade. We’ve migrated the PayPal Express Checkout integration to the latest PayPal JavaScript SDK, an SDK that automatically collects and passes needed risk parameters to PayPal. The behavior of the PayPal Express Checkout payment method remains unchanged. However, upgrading this SDK to the latest version let merchants access the latest features and security enhancements.
- Deprecation and removal of the Web Set Up Wizard. You must use the command line to install or upgrade Magento 2.4.0.
- Composer update plugin. Composer plugin streamlines the upgrade process by resolving changes that must be made to the root project
composer.json
file before updating to a new Magento product requirement. This plug-in protects against overwriting customizations. - Seller-assisted shopping. This feature allows merchants to view the storefront on behalf of their customers. Customers opt to allow storefront access to their accounts. This community-developed feature includes an original extension developed by MAGEFAN. Features include:
- ACL to control which administrators can log in to customer accounts can be configured on a per-website basis
- Compatibility with multiple websites and customer account scopes
- Orders placed on behalf of customers are logged in the storefront and Admin
- All sessions are destroyed following administrator logout, and administrators cannot access customer passwords.
Performance improvements
- Improvements to customer data section invalidation logic. This release introduces a new way of invalidating all customer sections data that avoids a known issue with local storage when custom
sections.xml
invalidations are active. (Previously, private content (local storage) was not correctly populated when you had a custom etc/frontend/sections.xml with action invalidations.)- Decrease in the size of network data transfers between Redis and Magento
- Reduction in Redis’ consumption of CPU cycles by improving the adapter’s ability to automatically determine what needs to be loaded
- Reduction in race conditions on Redis write operationsMultiple optimizations to Redis performance. The enhancements minimize the number of queries to Redis that are performed on each Magento request. These optimizations include:
- Improved caching of results of SQL queries to inventory tables. These enhancements include:
- Caching of SQL queries to the
inventory_stock_sales_channel
table (1 query instead of 16) - Caching of result of queries to the
inventory_stock
table (1 query instead of 16)
- Caching of SQL queries to the
- Improvement of up to 25-30% to Quick Order add-to-cart performance.
- Merchants can now use lazy loading to load images.
Adobe Stock Integration v2.0
Ability to license stock image previews from the Media Gallery. Merchants can now find any Adobe Stock preview image in the Media Gallery, which reduces the number of steps required to license stock preview image.
New Media Gallery
This replacement for the former Media Gallery offers a new, searchable interface for Magento media assets. Administrators can now search, filter, and sort images up to 30x faster than they could in the earlier version of this feature. Merchants can use this tool to evaluate storefront image usage. Extension developers should be aware that extensions that were developed for the Media Gallery will not work as expected with the new Media Gallery.
Inventory Management
Inventory Management enhancements for this release include support for in-store pickup and bundle product support.
GraphQL
GraphQL enhancements include:
pickupLocations
query supports the Inventory In-store pickup featurecategories
query returns a list of categories that match a specified filter. This query differs from thecategoryList
query in that it supports pagination.reorderItems
mutation allows a logged-in user to add all the products from a previous order into their cart.
PWA Studio
See Magento compatibility for a list of PWA Studio versions and their compatible Magento core versions.
Magento Functional Testing Framework (MFTF)
MFTF v3.0.0 includes these new features and includes support for PHP 7.4 and PHPUnit 9:
- MFTF helpers, which can create custom actions outside of the test framework
- schema updates for test entities
- sub-folders in test modules
- nested assertion syntax
- static check that checks and reports references to deprecated test entities
This release also removes deprecated actions and upgrades scripts that were added to upgrade tests to MFTF major version requirements.
Vendor-developed extension enhancements
This release of Magento includes extensions developed by third-party vendors. It introduces both quality and UX improvements to these extensions and an expansion of MFTF coverage.
Magento Marketplace extension vendors should confirm that their extensions are compatible with PHP 7.4 when publishing a new version of their extension for Magento 2.4.0.
Amazon Pay
This release includes:
- Updates to CSP allowlists
- Ability to do multiple authorizations for a multi-item order
- Support for Japanese addresses
Braintree Payments
This extension replaces our core Braintree integration. It provides the same features as the Braintree core integration.
Klarna
This release includes new on-site messaging options to help shoppers understand the available credit and financing options. It also includes improvements to:
- refunds
- API efficiency
- cookies and unit tests
- discounts
- configuration settings now contain On-Site Messaging section for the control of the storefront display of Klarna promotional messaging.
Vertex
This release of Vertex includes the following new feature and enhancements:
- Improvements to the Admin configuration user experience
- Replacement of installation and upgrade scripts with XML schema files and patches
- Removal of deprecated code (
ApiClient
andClientInterface
)
Yotpo
Yotpo Ratings and Reviews are integrated with Page Builder.
Magento 2.4.0 Major Features:
- Get AI Integrated Magento Commerce to Drive Sales More Efficiently
With the best feature release, the integration of Adobe Sensei where the merchants will get more benefits for new product recommendations to the customers in their Magento 2 Store, and with the help of this, the customer enhancement will be improved which will result in the overall sales growth.
- Drag & Drop Page Builder Templates for Better Content Creation
Now, merchants are enhanced with the Drag & Drop Page Builder Templates for Better Content Creation which will be very less time consuming and will increase more attraction of customers towards the store. With the use of all the page builder templates, there will be a facility to create new pages very fast and also there is no requirement to build the content pages from scratch. If any circumstances arise like the current circumstance of COVID-19 then the merchants are capable of building the new pages using the templates and let their users be informed about the status of the store.
- New Design Experience with New UI
With the new update, there are new designs introduced by Magento. Especially for creating your store elegant and with the help of new designs the customer experience on your store will get improved and also the UI is appreciable where your store can get some rich attractive look.
- Get Free Amazon sales channel extension that works faster onboarding process
The very effective and powerful extension developed where the Magento retailers are capable to sell the products in the Amazon marketplace wherein advancement to that the increase in connecting your Magento 2 store on Amazon made it easier.
With an increase in functionality, there is also an advanced add-on by providing the Amazon sales channel dashboard.
Substantial security enhancements:
The Substantial security enhancements in this release include more than 25 security enhancements that will be very helpful to close the cross-site scripting (XSS) and also the remote code execution (RCE) vulnerabilities. There are no attack issues that came over till now and many of the weak points are taken out from where the access of customer details can be found. The main reason to attack is that the attacker directly attacks the Admin and from there all other issues are started so there is open advice to secure your admin. All the known security issues are already resolved by the release of Magento 2.4.0.
How to Choose Magento 2.4.0 Hosting Provider?
How to choose a best and cheap web host for Magento 2.4.0? Choosing top and reliable web host for Magento 2.4.0 is not a simple task especially with low price offers. You need to take a large number of factors into consideration, including the Magento 2.4.0 compatibility, usability, features, speed, reliability, price, company reputation, etc. Therefore, we have established this Magento 2.4.0 review site, which is designed to help you find the top and reliable Magento 2.4.0 host within minutes, based on our specialized editors’ Magento 2.4.0 hosting experience and real customers’ feedback.
Top and Reliable Magento 2.4.0 Hosting Provider
ASPHostPortal.com
ASPHostPortal’s Magento 2.4.0 hosting packages are proving very popular for 2019. ASPHostPortal.com Magento 2.4.0 optimized hosting infrastructure features independent email, web, database, DNS and control panel servers and lightning fast servers ensuring your site loads super quick! They are 100% fully support on windows platform. Their windows hosting is compatible with the Magento 2.4.0 hosting management and collaboration application.
DiscountService.biz
DiscountService.biz offers several web hosting packages, from the beginner package – an affordable solution that’s more than enough to get a small business up and running – to the professional package which offers large disk space, band width and websites. There are also specialized business packages that put true business savvy within everyone’s reach.
UKWindowsHostASP.NET
UKWindowsHostASP.NET is proudly to be one of Magento hosting service provider compared from our visitors feedback and rating! UKWindowsHostASP.NET delivers affordable Magento hosting technology for as low as £5.50 per month. Not only do they deliver reliable load-balanced cloud architecture, but they guarantee their performance with a 99.9% uptime promise, and a 30 day money back guarantee. UKWindowsHostASP.NET can help its clients to migrate existing websites to their servers for free, and they provide extensive web tools for their clients, including the top-rated Plesk control panel. And that’s not further not enough though. 24/7 server monitoring!