As Magento release a new update, we take a look at the new features and roundup the release notes into one bitesize overview.
This release includes all improvements to core quality that were included in Magento 2.4.0, over 150 new fixes to core code, and over 15 security enhancements. It includes the resolution of almost 300 GitHub issues by its community members.
Substantial security enhancements
This release includes over 15 security fixes and platform security improvements. All security fixes have been backported to Magento 2.4.0-p1 and Magento 2.3.6.
Additional security enhancements
Security improvements for this release include:
CAPTCHA protection has been added to the following product areas:
Place Order storefront page and REST and GraphQL endpoints
Payment-related REST and GraphQL endpoints.
CAPTCHA protection for these additional pages is disabled by default. It can be enabled on the Admin in the same way that other pages covered by CAPTCHA are. This protection has been added as an anti-brute force mechanism to protect stores against carding attacks.
Support for the SameSite attribute for cookies. To support the Google Chrome enforcement of the new cookie classification system, Magento classes that handle cookies have been updated to support the cookie attribute. This attribute is set to Lax by default but can be explicitly overridden.
Enhanced Magento Scan Tool. Adobe has partnered with Sanguine Security, a leader in preventing digital skimming, to integrate their database of over 8700 threat signatures into the Magento Security Scan Tool. This partnership will enable merchants to get real-time insights into the security status of their site through proactive detection of malware and reduction of false positives.
Reduction in the size of network transfers between Redis and Magento. Plugin list configuration is now generated during the execution of the bin/magento di:compile command. This configuration information is written to generated metadata folders based on scope. Previously, this information was stored in cache. Resulting performance improvements include a decrease in network cache size and execution time for many scenarios.
Enhanced message queue consumer performance. Three new configuration settings support a decrease in consumer queue CPU consumption. These optional parameters provide increased control over consumers and save server resources.
Improved execution time for bin/magento commands.
Adobe Stock Integration
This release includes Adobe Stock Integration v2.1.0.
PWA Studio v8.0.0 introduces new features and enhancements:
Updates to the Venia style guide that apply to design tokens, typography, colours, core components, and page layouts
Improvements to the Venia mini-cart experience
Initial support for multiple locales and localized content on the Venia storefront
Numerous improvements to the MyAccount experience of the Venia storefront
New Admin features
B2B merchants can create orders from the Admin on behalf of customers using Payment on Account as the payment method.
Merchants can now directly view all quotes associated with a user from the customer’s detail page.
Merchants can now filter the Customers Now Online grid by Company.
Admins can now filter customers in the Admin by Sales Rep.
Vendor Developed Extensions
See the following articles for updates on features and changes for this release:
Amazon Pay now checks whether a user is already logged in before rendering payment options.
Issues with multi-factor authentication and abandoned carts have been resolved.
Amazon Pay now correctly populates the store name in emails and other displayed locations. If the Store Name field in Amazon Pay configuration is empty, the extension retrieves the store’s default name (that is, the name you give your store in the Magento Admin).
Localisation/translation issues for Decline scenarios have been addressed. Displayed text is no longer always in English.
Administrators with the correct permissions can now access Advanced Reporting and Segment Reports.
Magento successfully generates advance reporting data files and sends them as expected to Inventory on deployments with split databases. Previously, Magento did not generate or send the quotes.csv file to Inventory, and as a result, Inventory did not generate the expected reports.
Cart and checkout
Direct SQL queries have been replaced by Data Provider, which has improved checkout performance.
The Products in the Comparison and the Recently Compared Products lists now work as expected. Previously, when the comparison list was expanded, Magento did not display products, even though the section indicated that the list contained products.
The Delete button on the Add to Shopping Cart by SKU section of a customer’s Manage Shopping Cart page now works as expected when multiple rows are selected.
Magento no longer throws an error when you try to order a product by SKU when the digits you enter match a valid SKU but the case of these digits differ. Previously, when you entered an SKU on My Account > Order by SKU that did not exactly match a valid SKU, Magento threw an error.
A customer’s shipping address is now selected by default at checkout when the address is located in the country identified on the Allow Countries list and that list includes only that country. Previously, Magento did not select the address as default and displayed this error message: Please specify a regionId in shipping address.
Merchants can now enable Apply to Shipping Amount in the Action tab of Marketing > Cart Price Rules > Add New Rule when Fixed amount discount for whole cart is applied.
Magento no longer throws an exception when a shopper tries to unset the persistence cookie after beginning checkout and then navigating to the storefront home page. Previously, when the shopper clicked the Not you? link on the home page, Magento threw this exception: The shipping address is missing. Set the address and try again.
Magento now displays an add-to-cart success message when a customer adds an out-of-stock product to their cart. Previously, the product was added, but Magento did not display a success message.
Custom address attributes are now included as expected in the form that displays for the payment step in the checkout workflow.
The State/Province/Region input box is now enabled as expected on My Account > Address Book > Add new address.
Discounts are now applied as expected to shipping charges when Apply to Shipping Amount is enabled.
The code that supports closing the mini cart has been refactored to remove the closeSidebar function. The appropriate click binding has been added to the [data-action=”close”] element.
The new Show “Clear Shopping Cart” button on the cart page configuration setting provides control over displaying a Clear Cart button on the shopping cart view page. By default, this setting is disabled.
Validation has been added to the phone field in the checkout workflow.
Guest checkout is now disabled as expected when a cart contains downloadable products when the Shareable and Disable Guest Checkout if Cart Contains Downloadable Items settings are disabled.
The success message that Magento displays when a shopper adds a product to their cart from the customer account sidebar now contains a link to the shopper’s shopping cart.
Magento now selects an empty value by default for the prefix dropdown options menu on the checkout workflow.
The pop-up message that Magento displays when you delete multiple items from a shopping cart now accurately describes the number and type of entities you have selected for deletion.
Magento now displays a customer registration form when a guest user completes checkout.
Custom customer address attributes fields are now displayed as expected in the storefront checkout workflow.
Magento now retrieves the current customer group for an active quote during checkout. Previously, Magento used the customer group that was active when the product was first added to the cart, and if that customer group was deleted before checkout, Magento threw an error.
Custom customer attributes
Corrected alignment issues for the explanatory text about passwords and the Job Title field on the Customer Edit Account Information page.
CAPTCHA now works as expected when a new customer clicks the Create an Account button on the storefront customer registration page. Previously, Magento did not create the customer account and displayed an error when the customer clicked the button.
The checkout workflow no longer displays custom customer address attribute values when the customer has not entered any data.
Order sync no longer fails when an order contains product SKUs that no longer exist in the catalogue.
Empty product categories are no longer included in web insight data.
Web behavior tracking now works for merchants with certain theme configurations. A new fallback selector addresses this.
The subscriber status data field no loner includes empty values when customer sync was run using cron. (App emulation addresses this issue.)
Address book mapping now works as expected when a dotdigital account is enabled at the default level but disabled for the main website.
Coupons are now generated (using the external dynamic content URL for coupon generation) for email addresses that contain plus (‘+’) signs.
Contacts are no longer resubscribed when their last_subscribed_at value is null.
Upgrade errors (dating from 4.5.2) that affected earlier Magento versions have been resolved.
A regression issue that was introduced in 4.5.3 that affected using a method to obtain the subscriber status when preparing subscriber export has been fixed.
The total figure for synced subscribers (presented in the logs and on screen) is now correctly calculat