STAND WITH
UKRAINE
  • magento 2.4.5

    Magento 2.4.5: Everything You Need to Know

    Magento 2.4.5 is about to be released for general availability! On August 9, 2022, Magento 2.4.5 will be finally released for both Adobe Commerce and Magento Open Source. It comes with new features and a security patch. 

    As Adobe partners, we had a chance to check it out already, and we are here to report on the changes the update will bring.

    In this article, we’ll go over the main features of this update, and what they mean for the developers and the store owners. 

    Let’s get started! 

    Magento 2.4.5 Release Highlights

    If you are in a rush, here are the main changes of the upcoming update:

    • Fixed over 290 issues with the core code 
    • 20+ security fixes and enhancements
    • Support for Composer 2.2, TinyMCE 5.10.2, and jQueryUI 1.13.1
    • GraphQL enhancements
    • Added more accessibility features for users with screen readers
    • Compatible with Page Builder v.1.7.2 and PWA Studio v.12.5.x
    • Apple pay is available for all merchants, and PayPal Pay Later is now available in Spain and Italy
    • Built-in Google Tag module to upgrade to Google Analytics 4.

    Security Enhancements

    Security was one of the key features of the update. According to the official DevDocs, this release contains 20 security fixes and improvements. Here are some of them:

    • Google reCAPTCHA is now supported on Create New Account, Gift Card, and Wish List sharing pages
    • MaliciousCode filter upgraded to use the HTMLPurifier library
    • Enhanced security of inventory template
    • Added the ACL resources to the inventory. 

    Adobe mentioned they have found some potential vulnerabilities that can be exploited to get access to customer information or take over administrator sessions. They have been fixed without any known attacks related to them occurring. 

    However, all of these vulnerabilities can be exploited only if the attacker gets access to the Admin. For that reason, if you are an owner of a store running on Magento, it is advised to make sure your Admin is properly protected with:

    • IP allowlisting
    • Two-factor authentication
    • Use of a VPN
    • Use of a Unique Location rather than /admin
    • A unique and strong password. 

    Platform Enhancements 

    • Magento 2.4.5 added support for: Composer 2.2, TinyMCE 5.10.2, and jQuery 1.13.1
    • Outdated JS libraries have been updated to the latest version
    • The DHL Integration schema got an update from v6.0 to v6.2
    • The default Gateway URL for USPS shipping has been updated to use https instead of http (great for both SEO and security!).

    Accessibility updates

    As always, Adobe had been working to make the shopping experience comfortable for everyone. This time, accessibility updates include:

    • Screen readers are now informed when a new page is loaded
    • Improved contrast and keyboard accessibility
    • The Summary of search results is now announced by a screen reader.

    GraphQL Updates 

    This release has introduced new improvements to GraphQL. Here are some of them: 

    • Faster rebuilding of unified storefront GraphQL schema on deployment or when changing attributes in production. Your store’s visitors will experience significantly faster page load speeds when the GraphQl schema has to be rebuilt. 
    • In the GraphQL API, there is now a possibility to consume the expiration time and date of the authorization token.
    • Allows disabling of the session cookies for all GraphQL operations completely.

    Page Builder

    • Magento Open Source 2.4.5. Added compatibility with Page Builder v.1.7.2
    • Columns are now exposed, permitting users to control column settings on the storefront
    • Column resizing now supports wrapping triggered by user actions.

    Payments 

    If you are a store owner, this part will probably be more interesting to you, compared to the previous ones. 

    In this release, Apple Pay is officially added as a new payment option. This is a highly secured payment option, as it doesn’t require shoppers to enter credit or debit card details into your store. 

    There are also some changes to PayPal and Braintree:

    • PayPal Pay Later is now available in Spain and Italy
    • PayPal, Credit, and Pay Later buttons can now be previewed by Admin users 
    • Since Braintree has discontinued the KNOUT fraud protection integration, it was removed from Magento as well.

    PWA Studio

    • Magento 2.4.5 added support for PWA Studio v.12.5.x
    • Customer behavior collection for analytics is now done through eventing. You can subscribe and extend these events as needed.

    If you want to know what changes come with PWA Studio v. 12.5.x, check this official documentation.

    Fixed Issues

    This update has fixed hundreds of issues of the core code that were reported previously. It would take time to name all of them here, so if you want to see a full list, head here, and check the Fixed Issues section.

    What about Adobe Commerce?

    As always, due to differences in features, Magento Open Source 2.4.5 and Adobe Commerce 2.4.5 are slightly different. This article talked about the changes available on both platforms, but if you want to read specifically about Adobe Commerce, head here.

    Magento 2.4.5 – Official Release Notes

    If you wish to know more about the upcoming release, check out the Magento 2.4.5 release notes here:

    If you haven’t upgraded your Magento 2.x store to the newest version, or still using Magento 1, it’s time for an update! Read more about how we can help you here