Magento 2.4: Release Notes (Everything about latest version)

August 25, 2020

The Magento community holds itself back from giving an update even though it’s pandemic. And finally, the latest version of Magento 2.4 is released on 28 July 2020. You must be excited to know the updates and new features released with this new version of Magento 2.4.

In this article, we will altogether explore those features and updates of Magento 2.4.

Magento developers all around the globe must be discussing these updates of Magento 2.4 which precisely brushes up the eCommerce platform.

Here you can check the official announcement to initiate contribution on 5 December 2019:

Magento always improves its platform for eCommerce in many ways with new features. Magento 2.4.0 also brings many updates and features.

Magento 2.4 Release Highlights:

Magento’s official announcement includes that this version of Magento 2.4.0 can accelerate the eCommerce business in the current eCommerce panorama.

This new version of Magento 2.4.0 comprises a total of 98 New Features, 68 Bugs Fix, 50 Security Updates, 7 Test Cycles, and 12 Packages & Extensions along with Support for the PHP 7.4

Except for these features, you can also have the leverage of:

2 Factor Authentication for Magento 2 Admin
Purchase Approval Workflows
Seller Assisted Shopping
In-Store Pickup
New Media Gallery
PWA Development
Headless Commerce

Magento Security-Only Patch 2.3.5-p2

Magento owners are now equipped for installing the time-delicate security fixes without applying the functional fixes and improvements. According to the release notes, 2.3.5- p1 is the security-only fix for fixing all the weaknesses identified in the last quarterly delivery.

Substantial Security Enhancements

The Magento 2.4.0 release includes over 30 security fixes and platform security upgrades.

More than 30 security upgrades that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.
Additional security enhancements
Default implementation of 2FA for Admin accounts, Magento.com user accounts, and Cloud SSH access.
- Securing your Magento Admin account: Two-factor confirmation (2FA) is presently required for the Magento Admin. Admin users must initially configure their 2FA before signing into the Admin through either the UI or a web API. 2FA is enabled by default.
- Securing your Magento account: Two-factor Authentication (2FA) gives an additional, discretionary layer of security to better protect your Magento.com account from unauthorized users who might want to use your account in ways you do not want.
- Securing Cloud SSH access: Magento Commerce Cloud provides multi-factor authentication (MFA) enforcement to manage authentication requirements for SSH access to Cloud environments.
Template filter strict mode is now enabled by default: Magento components (including CMS pages and blocks) that use the template filter in legacy mode can be vulnerable to remote code execution (RCE). Enabling strict mode by default ensures that RCE attacks cannot be deliberately enabled.
Data rendering for UI data providers are now disabled by default: This removes an opportunity for malicious users to execute arbitrary JavaScript.
New \Magento\Framework\Escaper class: This class is provided for .phtml templates and the PHP classes that are responsible for generating HTML. This class contains HTML sanitization methods relevant to multiple contexts
Support for security.txt file: This file is an industry-standard file on the server that helps security researchers report potential security issues to site administrators.

Platform Upgrades

The following platform upgrades help enhance website security and performance

PHP 7.4 support was introduced and PHP 7.1 and 7.2 were deprecated.
Support for PHPUnit 9. x and deprecation of PHPUnit 6.5.
Elasticsearch 7.6.x support: Elasticsearch 7.6.x is now the default catalog search engine for Magento Commerce and Open Source.
MySQL 8.0 support: Magento 2.4.x supports MySQL 8.x. Merchants are encouraged to migrate their deployments to MySQL 8.x to take advantage of its improved performance, security, and reliability
MariaDB 10.4 support: Support for MySQL 8.0 provides the opportunity for merchants to deploy MariaDB 10.4 with Magento
Removal of the MySQL catalog search engine: The MySQL search engine has been removed from Magento 2.4.0 and replaced as the default search engine with Elasticsearch.
Migration of dependencies on Zend Framework to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project.
Decomposition of Magento Controllers allows extension developers to implement ActionInterface directly without “layer supertype” classes.
Removal of the core integration of the Signifyd fraud protection code
The core Braintree module has been removed from the codebase.
The Internet Explorer 11. x browser is no longer supported.

Infrastructure Improvements

This release contains enhancements to core quality, which improve the quality of the Framework and these modules: Customer Account, Catalog, CMS, Import, Cart and Checkout, and B2B.

Removal of core integration of third-party payment methods.
Support for partial-word search for Elasticsearch (new default search engine).
PayPal JavaScript SDK upgrade.
Deprecation and removal of the Web Set-Up Wizard.
Composer update plugin.
Seller-assisted shopping.
ACL to control which administrators can log in to customer accounts can be configured on a per-website basis
Compatibility with multiple websites and customer account scopes
Orders placed on behalf of customers are logged in the storefront and Admin
All sessions are destroyed following administrator logout, and administrators cannot access customer passwords.

Performance Improvements

Improvements to customer data section invalidation logic.
Multiple optimizations to improve Redis performance:
- Decrease in the size of network data transfers between Redis and Magento.
- Reduction in Redis’ consumption of CPU cycles by improving the adapter’s ability to automatically determine what needs to be loaded.
- Reduction in race conditions on Redis writes operations.
Improved caching of results of SQL queries to inventory tables.
Improvement of up to 25-30% to Quick Order add-to-cart performance.
Merchants can now use lazy loading to load images.

Magento GraphQL Enhancements

GraphQL is an open-source data query and manipulation language for APIs, and a runtime for fulfilling queries with existing data.

pickup locations query supports the Inventory In-store pickup feature
categories query returns a list of categories that match a specified filter. This query differs from the category list query in that it supports pagination.
reorder items mutation allows a logged-in user to add all the products from a previous order into their cart.

Other Major Highlights of the Magento 2.4 Release

Improved Adobe Stock Integration v2.0
New Improved Magento Media Gallery with a searchable interface
Page Builder now supports PHP 7.4 for Magento 2.4
Inventory Management enhancements for this release include support for instore pickup and bundle product support.
Support for PWA Studio 6.0.0 and 6.0.1
Order Approval Workflow feature for B2B.
Magento Functional Testing Framework (MFTF)
Vendor-developed extension enhancements such as dotdigital, Amazon Pay, Braintree Payments, Klarna, Vertex, and Yotpo.
Fixed issues and enhancements in many features like:
- Installation, upgrade, deployment
- AdminGWS
- Analytics
- Backend
- Bundle products
- Cache
- Cart and checkout
- Cart price rule
- Catalog
- Catalog Rule
- Catalog widget
- CMS content
- Cleanup
- Configurable products
- Cookies
- Custom customer attributes
- Customer
- Customer segment
- Import/export
- And Many More…