The long-awaited Magento 2.3.5 release is here!
The new version of Magento offers significant functional upgrades, substantial security changes, and performance improvements. This release includes over 180 functional fixes to the core platform and over 25 security enhancements. It also includes the resolution of over 46 GitHub issues by community members.
We’re digging into the release now, and there is a lot to digest. The summary below provides a good primer on the major features, functions and fixes that caught our eye. And if you want to dig deeper, here are direct links to the issues fixed and the Magento Commerce and Magento Open Source release notes.
- Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release (for example, Magento 2.3.5-p1) provides. Patch 18.104.22.168 (Composer package 2.3.4-p2) is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.4. All hotfixes that were applied to the 2.3.4 release are included in this security-only patch. Security-only patches include security bug fixes only, not the additional security enhancements that are included in the full patch.
- Over 25 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin.
- With the Magento 2.3.4 release, individual issues are no longer described in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin.
- Support for Elasticsearch 7.x. Elasticsearch 7.x is now the supported catalog search engine for both Magento Commerce and Magento Open Source. With this release, Magento 2.3.x supports only Elasticsearch 6.x and 7.x. Elasticsearch 2.x and 5.x are now deprecated for Magento 2.3.x and will be removed in Magento 2.4.0.
- With this release, the integrations of the Authorize.Net, eWay, CyberSource, and Worldpay payment methods are deprecated. These core features are no longer supported and will be removed in the next minor release (2.4.0). Merchants should migrate to the official extensions that are available on the Magento Marketplace.
- Multiple optimizations to Redis performance. The enhancements minimize the number of queries to Redis that are performed on each Magento request. These optimizations include:
- Decrease in the size of network data transfers between Redis and Magento
- Reduction in Redis’ consumption of CPU cycles by improving the adapter’s ability to automatically determine what needs to be loaded
- Reduction in race conditions on Redis write operations
Product Recommendations (Magento Commerce):
- Magento’s Product Recommendations is a new marketing tool that merchants can use to increase conversions, boost revenue, and stimulate shopper engagement. It is powered by Adobe Sensei, which uses artificial intelligence and machine-learning algorithms to perform a deep analysis of aggregated shopper data. This data, when combined with your Magento catalog, results in highly engaging, relevant, and personalized experiences for the shopper.
B2B (Magento Commerce):
A new B2B module integrates Engagement cloud and the Magento B2B module allowing Magento merchants to use their B2B commerce data and better interact with their customers.
- Sync Company data.
- Sync of Quote data.
- Sync of shared catalog data and additional product catalog data to dotdigital.
Page Builder enhancements:
- Templates. Page Builder now has templates that can be created from existing content and applied to new content areas. Page Builder templates save both content and layouts of existing pages, blocks, dynamic blocks, product attributes, and category descriptions. For example, you can save an existing Page Builder CMS page as a template and then apply that template (with all its content and layouts) to quickly create new CMS Pages for your site.
- Video Backgrounds for Rows, Banners, and Sliders. Page Builder Rows, Banners, and Sliders now have the option to use videos for their backgrounds.
- Full Height Rows, Banners, and Sliders. Page Builder Rows, Banners, and Sliders now have the option to set their heights to the full height of the page using a number with any CSS unit or a calculation between units.
- Launch of the PWA extensibility framework. This framework gives developers the ability to create an extensibility API for their storefront or write plugins that can tap into those API and modify storefront logic.
- Caching and data fetching improvements. This release contains improved caching logic and other data fetching optimizations in the Peregrine and Venia UI component libraries. These components have been refactored to take advantage of Apollo cache features to reduce over fetching or prevent the storage of sensitive data.
Google Shopping ads Channel
- The Google Shopping ads Channel bundled extension has reached end-of-life with this release (2.3.5 and 2.3.4-p1). It is no longer supported. Alternative extensions are available on the Magento Marketplace.
Vendor-developed extension enhancements:
This release of Vertex includes the following new feature and enhancements:
- Address Validation. Addresses that are created or edited in the Customer Account are now validated when the module is enabled.
- Admin Configuration. Flexible Field dropdown options are now sorted alphabetically by the current Admin user’s locale.
- Virtual Products. Vertex now uses an order’s billing address to calculate taxes on virtual products. Shipping-related flexible fields are no longer completed for virtual products.
This is a huge release, and there is certainly a lot to digest. If you have any questions on how this release may impact your business, please contact us now! We’re passionate about Magento and we want to help you get the most out of your eCommerce platform.