Magento Commerce 2.3.5 – What’s Under the Hood

On Wednesday, April 29, Magento Commerce 2.3.5 was released by Adobe and Magento. 

Wondering what’s new in the latest release of Magento’s flagship software?

Let’s take a look at some of the basics now, and explain why you should upgrade your own Magento store to Magento Commerce 2.3.5 as soon as you can. 

Magento 2.3.5 Has Implemented A “Security-Only” Patch Option

First, let’s discuss one of the most important changes in Magento 2.3.5. This is the ability for merchants and their tech teams to immediately apply time-sensitive security fixes to their stores – without having to install the full quarterly release of Magento 2.3.5.

If you’re not prepared to upgrade your backend with the new features, fixes, and enhancements of Magento 2.3.5, but you still want to make sure that you protect your website from malicious attackers, you can install a security-only patch that only includes fixes for vulnerabilities that were identified in the previous Magento quarterly release.

For more information about security-only patches, you can take a look at this post from the Magento DevBlog introducing the concept, and get all the details you need to get started with implementing security-only patches.

25 Security Enhancements Have Been Added To Ensure Your Data Is Protected

In the latest release of Magento Commerce 2.3.5, more than 25 security enhancements have been added to fight back against Remote Code Execution (RCE) and cross-site scripting (XSS) vulnerabilities.

While no known data breaches have occurred due to these issues yet, Magento did identify a few vulnerabilities that would have allowed attackers to exploit customer information if they gained access to the Admin panel. 

So, in addition to these security steps, it’s recommended to follow Magento best practices to prevent hackers from obtaining admin access, including, but not limited to:

• IP whitelisting for known users
• Use of a VPN to encrypt web traffic
• Two-factor authentication for logins
• Using a unique location for your URL (instead of the default /admin)
• Making use of good password hygiene – creating strong and unique passwords, changing them frequently, not reusing old passwords, etc.

One of the biggest changes included in this product release is the implementation of Content Security Policies (CSP). These tools help detect and mitigate XSS and data injection attacks, which inject malicious content that claims to originate from your website.

In addition, the session_id component has been removed from URLs, as they expose users to the risk of session hijacking through session fixation. This will help protect Magento admins and merchants from potential cyberthreats.

Magento 2.3.5 Contains Platform Upgrades to Improve Performance & Reliability

Beyond overall patches and security fixes, Magento 2.3.5 contains a few major platform upgrades that will update the system architecture, and officially deprecate several now-unsupported integrations.

• Support for Elasticsearch 7.5 – Magento Open Source and Magento Commerce now support Elasticsearch 7.5 as the default store search engine. Magento 2.3.x releases will still support Elasticsearch 6.x and 7.x, but no longer will support Elasticsearch 2.x and 5.x which will be removed in 2.4.0.
  

• Deprecation of some third-party payment methods – Several now-unsupported core payment integrations including Worldpay, Cybersource, eWay, and Authorize.net are now deprecated, as planned by Magento. They will be removed in Magento Open Source 2.4.0. Merchants are recommended to migrate to the official Magento extensions for these payment methods available on the Magento Store.

• Upgrade of Symfony components – Symfony Components, a set of decoupled PHP libraries integral to the Magento Framework, have been updated to the latest version (4.4).
• Deprecation of Signifyd fraud protection code – This core integration is no longer supported, and Signifyd users can use the official Magento extension as a replacement. 

Page Builder Has Gotten Some New Tools & Tricks

Those who frequently use the visual Page Builder included in Magento Commerce will enjoy variety of new updates and features, including: 

• Addition of templates – Page Builder can now use templates from existing content. The content and layouts of existing pages can be used and modified to create simple, easy-to-use templates.
  

• New video background support – Rows, Banners, and Sliders on Page Builder now support video backgrounds on all pages.
  
• Full height Sliders, Banners, And Rows – All Sliders, Banners, And Rows can be set to full-height on the page using CSS units.
• Content type upgrade library – This update allows Magento to introduce new Page Builder content types without problems related to backwards incompatibility in previous versions.

In prior releases, changes to the Page Builder and content type configurations often led to display and data-loss issues in previously-saved Page Builder content types. This new library architecture eliminates this issue, and automatically upgrades previous content types to match the latest configuration changes of the new version. 

… And That’s Just The Start Of It! 

Magento is always making improvements to its digital commerce platforms – and Magento Commerce 2.3.5 is just the latest set of improvements! 

The previous version, Magento 2.3.4, also had a huge number of great quality-of-life and functionality improvements, including:

• Additional support for Dotdigital Live Chat, providing one free Live Chat Agent for all Magento 2.3.x users.
• Default integration for Adobe Stock image galleries, allowing for easier addition of media assets to Magento directly from Magento Admin.
• Enhancements to Page Builder, including improved product sorting and a product carousel option, as well as quality-of-life enhancements.
• Progressive Web App (PWA) and Page Builder integration.

One of the best things about Magento is that the platform never stops improving. This latest Magento Commerce release includes a huge variety of bug fixes, feature enhancements, architecture improvements, and more. If you’d like a full breakdown of the latest release – complete with all of the technical details you could ever want – click here to see the Magento Commerce 2.3.5 patch notes from Magento. 

Not into the technical details? All you need to know is that Magento 2.3.5 is the best version of Magento Commerce yet – and if you want to make sure your eCommerce site stays competitive, it’s best to upgrade to this new product release ASAP. 

Need Help Upgrading To Magento Commerce 2.3.5? Get In Touch Now! 

Want to learn more about Magento Commerce 2.3.5? Need an implementation partner to help you upgrade to the latest version of the Magento Commerce platform? 121eCommerce is here to help. Get in touch now to schedule a consultation – and see for yourself why we were named an Adobe 2020 Magento Emerging Partner of the Year.