What’s New in Magento 2.4.2?
Magento Open Source 2.4.2 introduces enhancements to performance and security plus significant platform improvements. Security enhancements include expansion of support for the SameSite
attribute for all cookies. Elasticsearch 7.9.x and Redis 6.x are now supported.
This release includes over 280 new fixes to core code and 35 security enhancements. It includes the resolution of almost 290 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in GraphQL.
All known issues identified in Magento 2.4.1 have been fixed in this release.
Security-only patch available
Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides (for example, Magento 2.4.1-p1). Patch 2.4.0.12 (Composer package 2.4.1-p1) is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.4.1. All hot fixes that were applied to the 2.4.1 release are included in this security-only patch. (A hot fix provides a fix to a released version of Magento that addresses a specific problem or bug.)
For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.4.1-p1), see Install Magento using Composer. Security-only patches include security bug fixes only, not the additional security enhancements that are included in the full patch.
Other release information
Although code for these features is bundled with quarterly releases of the Magento core code, several of these projects (for example, Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.
Highlights
Look for the following highlights in this release.
Substantial security enhancements
This release includes over 35 security fixes and platform security improvements. All security fixes have been backported to Magento 2.4.1-p1 and Magento 2.3.6-p1.
Over 35 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP allowlisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin
, and good password hygiene. See Adobe Security Bulletin for a discussion of these fixed issues.
Additional security enhancements
Security improvements for this release include:
- All core cookies now support the
SameSite
attribute. - Magento now displays messages that identify potentially malicious content in product and category description fields when the user tries to save values in these fields.
- File system operations across Magento components have been standardized and hardened to prevent malicious uploads.
- Core Content Security Policy (CSP) violations have been fixed.
Infrastructure improvements
This release contains enhancements to core quality, which improve the quality of the Framework and these functional areas: Customer Account, Catalog, CMS, OMS, Import/Export, Promotions and Targeting, and Cart and Checkout.
Platform enhancements
- Elasticsearch 7.9.x is now supported. Although we recommend running Elasticsearch 7.9.x, Magento 2.4.x remains compatible with Elasticsearch 7.4.x.
- Magento 2.4.2 has been tested with Varnish 6.4. Magento 2.4.x remains compatible with Varnish 6.x.
- Redis 6.x is now supported. Magento 2.4.x remains compatible with Redis 5.x.
- Magento 2.4.2 is now compatible with Composer 2.x. We recommend that merchants migrate to Composer 2.x. Although you can install this release using Composer 1.x, Composer 1.x will soon reach end-of-life. For an overview of Composer 2.x features, see Composer 2.0 is now available!
The ability to configure a Magento installation to use a split database has been deprecated in this release. Merchants who currently use split database should start planning to revert to or migrate to a single database or use an alternative approach. See the Deprecation of split database functionality in Magento Commerce DevBlog post for an overview of this issue. See Revert from a split database to a single database for migration instructions.
Performance enhancements
This release includes code enhancements that boost API performance and Admin response time for deployments with large catalogs. Multiple scalability enhancements enable Magento 2.4.2 to natively support complex catalogs up to 20x larger than in previous releases.
Adobe Stock Integration
This release includes Adobe Stock Integration v2.1.1.
GraphQL
This release adds GraphQL coverage for the following features:
- Added support for comparison lists. Shoppers can create and delete comparison lists, and add and remove items to the comparison lists. In addition, shoppers that create a compare list as a guest can log in as a customer and retain their comparison lists.
- Added the
generateCustomerTokenAsAdmin
mutation and updated theCustomer
object to support remote purchasing assistance. - Added localization support across stores to support tasks such as changing languages, carts, and currencies.
- Added support for unions in Magento GraphQL. GitHub-29425
- The GraphQL schema has been enhanced to optimize product data retrieval for configurable products with many variants.
- Integer type object IDs have been deprecated in favor of
uid
attributes of type ID. - Added the
staging
attribute to theProductInterface
andCategoryInterface
to determine if a product is staged and to view its associated campaign information.
See the GraphQL Developer Guide for details on these enhancements.
PWA Studio
This release of PWA Studio includes:
- Internationalization and localization. Venia now provides support for multiple languages and currencies.
- Improved extensibility framework to support code changes through extensions.
- Initial components for My Account related features such as Wishlist, Saved Payments, Address Book, and Order History.
- Various performance optimizations and bug fixes.
For information about enhancements and bug fixes, see PWA Studio releases. See Magento compatibility for a list of PWA Studio versions and their compatible Magento core versions.
Media Gallery
New Role Resources for Media Gallery. This release provides merchants the ability to limit administrator access to only the Media gallery and to control who can perform these actions:
- Insert media assets into content
- Upload assets
- Edit assets details
- Delete assets from the Media Gallery
- Manage folder structure.
Web-optimized images in content. Merchants can now use web-optimized image rendition in content instead of high resolution images. The original image remains unmodified in the Media Gallery, and the image rendition is dynamically generated when the image is inserted in the content.
Magento Functional Testing Framework (MFTF)
MFTF 3.2.1 is now available. This release introduces error tolerance in both tests and test suite generation. Additional enhancements and bug fixes are described in the Magento Functional Testing Framework Changelog.
Vendor Developed Extensions
See the following articles for updates on features and changes for this release:
- Amazon Pay
- Braintree
- dotdigital Engagement Cloud
- Klarna
- Vertex Cloud
- Yotpo Product Reviews
AWS S3 support enhancements
Amazon Simple Storage Service (AWS S3) support has been enhanced to include support for:
- Object storage and future extensibility
- Storing media files on AWS S3
How to Choose Magento 2.4.2 Hosting Provider?
How to choose a best and cheap web host for Magento 2.4.2? Choosing top and reliable web host for Magento 2.4.2 is not a simple task especially with low price offers. You need to take a large number of factors into consideration, including the Magento 2.4.2 compatibility, usability, features, speed, reliability, price, company reputation, etc. Therefore, we have established this Magento 2.4.2 review site, which is designed to help you find the top and reliable Magento 2.4.2 host within minutes, based on our specialized editors’ Magento 2.4.2 hosting experience and real customers’ feedback.
Top and Reliable Magento 2.4.2 Hosting Provider
ASPHostPortal.com
ASPHostPortal’s Magento 2.4.2 hosting packages are proving very popular for 2019. ASPHostPortal.com Magento 2.4.2 optimized hosting infrastructure features independent email, web, database, DNS and control panel servers and lightning fast servers ensuring your site loads super quick! They are 100% fully support on windows platform. Their windows hosting is compatible with the Magento 2.4.2 hosting management and collaboration application.
DiscountService.biz
DiscountService.biz offers several web hosting packages, from the beginner package – an affordable solution that’s more than enough to get a small business up and running – to the professional package which offers large disk space, band width and websites. There are also specialized business packages that put true business savvy within everyone’s reach.
UKWindowsHostASP.NET
UKWindowsHostASP.NET is proudly to be one of Magento hosting service provider compared from our visitors feedback and rating! UKWindowsHostASP.NET delivers affordable Magento hosting technology for as low as £5.50 per month. Not only do they deliver reliable load-balanced cloud architecture, but they guarantee their performance with a 99.9% uptime promise, and a 30 day money back guarantee. UKWindowsHostASP.NET can help its clients to migrate existing websites to their servers for free, and they provide extensive web tools for their clients, including the top-rated Plesk control panel. And that’s not further not enough though. 24/7 server monitoring!