Howdy Magento Peeps?! Ready for the new version Magento 2.3.4 GA release scheduled on 28th January? 💪🏻 If not, read this pre-release to get details of the features and functional fixes, and if you are ready, follow this blog to confirm you have not missed any important feature in your checklist. 🚀
According to pre-release, Magento 2.3.4 offers significant platform upgrades, substantial security updates, and PSD2-compliant core payment methods and includes 220 functional fixes to the core product and over 30 security enhancements.
What’s New in Magento 2.3.4
Let’s dive into what Magento 2.3.4 has to offer:
Important Security Enhancements:
- 30 security enhancements having fixes for the cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities – Even though no confirmed attacks related to these issues have been addressed but still, certain vulnerabilities can potentially exploit to access customer information or take over administrator sessions. Fixes to these possible vulnerabilities will be included in Magento 2.3.4 release.
- Removed custom layout updates and deprecated layout updates to remove the opportunity for Remote Code Execution (RCE) – The custom layout text field on CMS Page Edit, Category Edit, and Product Edit pages is now converted to the selector to create a physical file that contains the layout updates and select it for the use.
- Redesign of content template features to allow only whitelisted variables to be added to the templates – This will no longer allow administrator-defined templates such as email, newsletters, and CMS content to include variables and directives that can directly call PHP functions on objects.
- Message queue framework Enhancements
- Improved page caching and session storage
- Enhanced support for MariaDB 10.2
- Deprecation of the core integration of the Authorize.net payment method
Note: As PHP 7.1 reached EOL (End of Life) on December 1, 2019, and Magento 2.3.4 has not been tested with PHP 7.1, it’s recommended to update deployment to a supported PHP version.
- Removal of non-cached requests to the server on catalog pages and refactored the customer section invalidation mechanism and improved banner cache logic.
- by adding a new configuration setting under System Configuration > General > Reports > General Options, merchants can now disable Magento Reports completely or partially. Also, the statistics collection for the Reports module is disabled by default.
Magento 2.3.4 release includes 250 enhancements to core quality which improves the quality of the Framework and catalog, sales, PayPal, Elasticsearch, import, and CMS modules.
Merchant tool enhancements
- Integration with Adobe Stock image galleries enables merchants to add high-quality media assets to their website content without leaving the Magento Admin. Merchants can use the searchable interface in the Magento Media Gallery to explore, preview, license, and deploy stock images in the website content.
Inventory Management Enhancements
- Closed a known performance issue involved in the shopping cart that caused higher than expected loads on the database server.
- Updated the Inventory Reservations CLI command to reduce the memory usage when finding and compensating for missing reservations on large catalogs.
- Resolution of multiple quality issues related to credit memos, grouped products, source, and stock mass actions.
See Inventory Management release notes for more details on recent GraphQL bug fixes.
Improved GraphQL coverage for search, layered navigation, cart functionality
- Merge of the Guest shopping carts with customer carts
- A customer can start an order on one device and complete it on another
- Layered navigation can use custom filters
- Allowed category search by ID, name, and/or URL key
ProductInterfacesupports fixed product taxes (such as WEEE)
cartobject has been enhanced to include information about promotions and applied discounts at the line and cart levels.
See Release notes for more details of recent GraphQL bug fixes.
Security only Patch:
Magento users can now install a security-only patch to safeguard Magento 2 stores against potential vulnerabilities found in the previous major release. This security-only patch 220.127.116.11 will only provide fixes for vulnerabilities rather than having the hundreds of functional fixes and enhancements that a full quarterly release Magento 2.3.4 will have. Not to forget that this Security-only patch will include only security bug fixes, not the additional security enhancements that are included in the full patch.
Other Release Information:
Although code for all the features and functionality is bundled with Magento 2.3.4 release of the Magento core code, several of these projects (for example, Page Builder, Inventory Management, and Progressive Web Applications (PWA) Studio) are also released independently. Also, project-specific release information and bug fixes for these projects are documented in separate documentation for each project.
Apart from the above improvements and enhancements, Magento 2.3.4 release includes fixes to the hundreds of issues in the core code.
Get ready for the Magento 2.3.4 before it’s in GA and don’t forget to mention your favorite feature in the comment section below. Also, share the articles with your other Magento enthus to update them about the version to be released soon!
Until wait ⌛, be Magento 2.3.4 version ready 😉 and start guessing features of upcoming Magento 2.3.5 release in April 2020