On Wednesday, April 29, Magento Commerce 2.3.5 was released by Adobe and Magento.
Wondering what’s new in the latest release of Magento’s flagship software?
Let’s take a look at some of the basics now, and explain why you should upgrade your own Magento store to Magento Commerce 2.3.5 as soon as you can.
First, let’s discuss one of the most important changes in Magento 2.3.5. This is the ability for merchants and their tech teams to immediately apply time-sensitive security fixes to their stores – without having to install the full quarterly release of Magento 2.3.5.
If you’re not prepared to upgrade your backend with the new features, fixes, and enhancements of Magento 2.3.5, but you still want to make sure that you protect your website from malicious attackers, you can install a security-only patch that only includes fixes for vulnerabilities that were identified in the previous Magento quarterly release.
For more information about security-only patches, you can take a look at this post from the Magento DevBlog introducing the concept, and get all the details you need to get started with implementing security-only patches.
In the latest release of Magento Commerce 2.3.5, more than 25 security enhancements have been added to fight back against Remote Code Execution (RCE) and cross-site scripting (XSS) vulnerabilities.
While no known data breaches have occurred due to these issues yet, Magento did identify a few vulnerabilities that would have allowed attackers to exploit customer information if they gained access to the Admin panel.
So, in addition to these security steps, it’s recommended to follow Magento best practices to prevent hackers from obtaining admin access, including, but not limited to:
One of the biggest changes included in this product release is the implementation of Content Security Policies (CSP). These tools help detect and mitigate XSS and data injection attacks, which inject malicious content that claims to originate from your website.
In addition, the session_id component has been removed from URLs, as they expose users to the risk of session hijacking through session fixation. This will help protect Magento admins and merchants from potential cyberthreats.
Beyond overall patches and security fixes, Magento 2.3.5 contains a few major platform upgrades that will update the system architecture, and officially deprecate several now-unsupported integrations.
Those who frequently use the visual Page Builder included in Magento Commerce will enjoy variety of new updates and features, including:
In prior releases, changes to the Page Builder and content type configurations often led to display and data-loss issues in previously-saved Page Builder content types. This new library architecture eliminates this issue, and automatically upgrades previous content types to match the latest configuration changes of the new version.
Magento is always making improvements to its digital commerce platforms – and Magento Commerce 2.3.5 is just the latest set of improvements!
The previous version, Magento 2.3.4, also had a huge number of great quality-of-life and functionality improvements, including:
One of the best things about Magento is that the platform never stops improving. This latest Magento Commerce release includes a huge variety of bug fixes, feature enhancements, architecture improvements, and more. If you’d like a full breakdown of the latest release – complete with all of the technical details you could ever want – click here to see the Magento Commerce 2.3.5 patch notes from Magento.
Not into the technical details? All you need to know is that Magento 2.3.5 is the best version of Magento Commerce yet – and if you want to make sure your eCommerce site stays competitive, it’s best to upgrade to this new product release ASAP.
Want to learn more about Magento Commerce 2.3.5? Need an implementation partner to help you upgrade to the latest version of the Magento Commerce platform? 121eCommerce is here to help. Get in touch now to schedule a consultation – and see for yourself why we were named an Adobe 2020 Magento Emerging Partner of the Year.