Magento Commerce 2.4.2 has arrived and features multiple enhancements and upgrades. Highlights include B2B enhancements to the buyer and seller purchase approval experience, new GraphQL APIs and support for headless commerce B2B implementations, better storefront performance with Media Gallery optimisation, In-Product Guidance, and PWA support for internationalisation of stores.
This release includes over 35 security fixes and platform security improvements. All security fixes have been backported to Magento 2.4.1-p1 and Magento 2.3.6-p1. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 126.96.36.199 (Composer package 2.4.1-p1) is a security-only patch that provides fixes for vulnerabilities that have been identified in previous quarterly release, Magento 2.4.1.
Additional security enhancements
- Closing of remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities
- Core cookies now support the SameSite attribute
- Messages identifying malicious content in product and category description fields
- File system operations have been standardised to prevent malicious uploads
- Core Content Security Policy (CSP) violations have been fixed
B2B purchase orders
Magento 2.4.2 introduces B2B v1.3.1. Purchase orders can now be completed using online payment methods. B2B buyers are prompted to select their preferred payment method for each purchase order during the initial checkout. After the purchase order has been approved, buyers are prompted to enter payment details to convert the purchase order to a final order. The new functionality:
- Overrides existing payment method during checkout for PCI compliance
- Maintains compatibility with third-party payment methods
- Notifies buyers by email when they need to add payment details
- Enables customization of emails from the Admin
- Prevents discount codes from being added or removed at the final payment step
- Allows buyers to change the payment method during the final payment step
Magento 2.4.2 adds GraphQL coverage for the following features and more:
- Multiple wishlists - use GraphQL to create, delete, and rename wishlists as well as move or copy items between them.
- Returned merchandise authorizations (RMA) - shoppers can request a return, merchants can accept the request, and tracking information can be added.
- B2B features - merchants can add company administrators & roles, company queries & credit history, and requisition lists.
- generateCustomerTokenAsAdmin - the mutation has been added to support remote purchasing assistance.
- Localisation support - support has been added across stores to support tasks such as changing languages, carts, and currencies.
- GraphQL schema - GraphQL has been enhanced to optimise product data retrieval for configurable products with many variants.
Image Optimisation: Merchants can now use web-optimized image rendition in content instead of high resolution images. The original image remains unmodified in the Media Gallery, and the image rendition is dynamically generated when the image is inserted in the content.
New Role Resources: New Role Resources for Media Gallery provides merchants the ability to limit administrator access to only the Media gallery and to control who can perform actions such as inserting media assets into content, upload, edit and delete assets, and manage folder structure.
Interactive In-Product Guidance
Interactive In-Product Guidance provides merchants with usage tips and information within the Admin on new feature announcements, walk-through guides, on-boarding information, and tool tips. Administrators must opt-in from the Admin to receive in-product guidance.
This release of PWA Studio includes:
- Internationalisation - Venia now provides support for multiple languages and currencies.
- Improved extensibility framework to support code changes through extensions.
- Initial components for My Account related features (Wishlist, Order History, etc).
- Performance optimisations and bug fixes.
See Magento compatibility for a list of PWA Studio versions and their compatible Magento core versions.
Magento Commerce 2.4.2 also includes further developments and new versions of Page Builder, AWS S3 support enhancements, Magento Functional Testing Framework (MFTF), Order Management System (OMS), and vendor developed extensions: Amazon Pay, Braintree, dotdigital Engagement Cloud, Klarna, Vertex Cloud, Yotpo Product Reviews.
For a full breakdown of all new changes see the Magento Commerce 2.4.2 Release Notes.