Magento Commerce 2.4.1 introduces enhancements to performance and security and significant additions to the B2B feature set. This release includes the resolution of almost 300 GitHub issues by community members. These community contributions range from the minor clean-up of core code to significant enhancements in GraphQL.
Security-only patch available
Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. This release includes over 15 security fixes and platform security improvements. All security fixes have been backported to Magento 2.4.0-p1 and Magento 2.3.6.
Enhanced Magento Security Scan
Magento Security Scan has received a series of enhancements. Adobe has partnered with Sansec to help facilitate these enhancements. Sansec research is focused exclusively on ecommerce fraud, and is usually weeks ahead in detecting the latest sources of vulnerabilities, attack vectors and IOCs (47% of Sansec threat data has not been discovered by other security firms). This partnership will enable merchants to get real-time insights into the security status of their site through proactive detection of malware and reduction of false positives. Read our blog article Magento Security Scan Enhanced in Partnership with Sansec for more information.
CAPTCHA protection (an anti-brute force mechanism to protect stores against carding attacks) has been added to the following product areas:
- Place Order storefront page and REST and GraphQL endpoints
- Payment-related REST and GraphQL endpoints
CAPTCHA has been disabled by default but can be enabled in the Admin.
SameSite attribute for cookies
Magento classes that handle cookies have been updated to support the SameSite cookie attribute, to support the Google Chrome enforcement of the new cookie classification system.
Site-Wide Analysis Tool (SWAT) integration with Magento Admin
SWAT provides system insights and instrumentation for Commerce Cloud installations of Magento with 24/7 real-time performance monitoring, reports, and self-service recommendations. Merchants can use the new SWAT Admin role to securely access their SWAT Customer Detail pages through the Magento Admin.
New Media Gallery
The New Media Gallery is now enabled by default in the Admin. Merchants can now perform these actions on images in the Media Gallery:
- Delete images in bulk
- Optimise media storage by identifying duplicate images and images that are not used
- Filter images by the storefront area they are used in, including product and category
- Work with image metadata: View, Edit & Search
PWA Studio v8.0.0
New features and enhancements:
- Updates to the Venia style guide that apply to design tokens, typography, colors, core components, and page layouts
- Improvements to the Venia mini-cart experience & MyAccount experience
- Support for multiple locales and localised content on the Venia storefront
Improvements to Order Approvals:
- New View Rule page for users without edit privileges - B2B buyers can now view rules that apply to their company on the new View Rule page.
- Count alert icon on the Requires My Approval tab - indicates the number of pending approval actions.
- Bulk order approvals and rejections - merchants can now perform bulk rejection and approval of purchase orders.
- B2B shipping methods enhancements - includes a specific set of shipping methods for B2B Company accounts & the use of All or B2B-specific shipping methods for each.
- Shopping cart improvements - merchants can now allow users to clear the contents of their shopping cart in a single action, and B2B buyers can now add individual items or the entire contents of their shopping cart directly to a requisition list.
- New Admin features - merchants can now create orders from the Admin on behalf of customers using Payment on Account, directly view all quotes associated with a user from the customer’s detail page, filter the Customers Now Online grid by Company, and filter customers in the Admin by Sales Rep.
Visit Magento DevDocs for the full Magento Commerce 2.4.1 Release Notes.