The size of the global e-commerce market has increased significantly over the last decade. Not only could you notice new solutions that make life easier for customers, sellers, marketers and programmers, but also ever-evolving systems that already have a place on the market, such as Magento. After the release of the second version, new updates are gradually changing the standard online sales algorithm.
The nature of the upgrade to version 2.3.4
This is not the most client-focused update. Magento 2.3.4 offers a lot of significant improvements targeted at sellers and the way they treat store visitors. First of all, all users of the application can benefit from the latest developments in the field of creating content using Page Builder. This tool, introduced on the market almost a year ago, has changed a lot, thanks to which Magento users can improve the quality of content delivered to clients.
New in update
By using Magento 2 Commerce, you can control all aspects of product presentation on your site. You can sort products in Page Builder by their position in the category, SKU, or by name, price or stock. Displaying products is possible in the static product grid or in the image gallery.
Another important improvement in Page Builder is related to Progressive Web Apps. The tool is now fully compatible with PWA Studio with the Venia theme. Both technologies are improved, allowing retailers to easily use the Headless approach in e-commerce. Thanks to Magento 2.3.4, the power, speed and creative control of Page Builder can be used in shop windows based on PWA Studio. In this way, Headless Magento 2 websites become more seller-friendly. The combination of PWA and Page Builder accelerates market entry on every platform.
Creating graphics and uploading them
To provide administrators with better access to graphic resources, Magento 2.3.4 offers integration with Adobe Stock. Because many sellers do not produce their own images and instead buy content from various sources, the new version of the platform allows you to do it directly through the Magento 2 administrative interface. The integrated functionality of Adobe Stock offers direct access to high-quality multimedia resources. As a result, slow and inefficient manual photo transfers have been eliminated. As the owner of the Magento 2 store, you can simplify the process of creating materials on the site, improve workflow and fill your store with professional and visually attractive images.
This feature is the first integration with Creative Cloud. It has been awaited for a long time and there is a chance that with subsequent updates more integration with Adobe creative tools will come out.
How to do it?
The option is available directly in the Media Gallery, where you can view the full Adobe Stock catalog with huge resources. Also remember that it is possible to preview watermarked images in your site content. That’s why you can try them out before obtaining a license. After making your selection, please authorize them using your Adobe ID and replace the images with those without watermarks and in full resolution.
Another revolutionary integration is associated with Dotdigital. It was the first extension of the package integrated with Magento 2 in the finished product. In Magento 2.3.4 the module offers many additional features, such as chat with one free agent. They are to manage multiple conversations with clients, send and receive files (tickets, product photos, official documents, receipts, etc.), offer customers a better product, recommend products based on previous purchases.
The main goal of Dotdigital Engagement Cloud Chat is to enable customers to contact your brand and build real-time communication. Thanks to this, all barriers to sales are removed and exceptional customer service is provided from the first click.
PWA Studio 5.0.0 is not only compatible with Page Builder, but also offers new tools and an improved workflow related to the components of the Venia interface. GraphQL offers better coverage and allows you to apply the Headless approach in a more comfortable way.
Performance improvements are the most important component of every Magento 2 update. Various areas of the platform have been optimized to increase the efficiency of your e-commerce site. General store behavior, inventory management, B2B features and many other performance improvements allow you and your customers to enjoy better e-commerce support.
Authorize.net is no longer part of Magento 2. Core integration has been withdrawn due to PSD2 regulation. It now remains to use the official payment integration solutions available in the Marketplace.
Problems with Magecart and security
Magento 2.3.4 includes six significant security patches, three of which were rated critical. Fixed a bug in SQL that could result in leak-sensitive information and a security circumvention issue that could also lead to arbitrary code being entered. In addition, minor security issues have been removed. A security vulnerability has been patched that could allow cross-scripting that could be used to reveal sensitive information, and a path transition issue could be used by attackers for the same purpose.
What is Magecart about?
Although no attacks have been confirmed using these security vulnerabilities, Magento sites have become the target of a Magecart attack. It involves the theft of payment card data and can lead to the introduction of any code. Criminals sabotaged the installation and used an e-skimmer.
Magecart is a general term that covers many groups of threats from the same mode of action. Criminals are sabotaging websites by exploiting vulnerabilities in e-commerce platforms. Their purpose is to add scripts that steal payment card details during purchases.
Examples of using Magecart
Magecart is number one goal due to Magento bugs regarding SQL and other security vulnerabilities. Last year, the attack consisted of dumping the contents of the admin_user database table, stealing the administrative console login details. Then they logged into the Magento dashboard and installed Magecart malware.
Another example of Magecart’s activities is related to the disadvantages of Cross-Site Scripting (XSS). Hackers have stolen customer credit card information through the Newegg security breach using XSS attacks.
To avoid these and other problems, you need to check that your e-commerce site has full Magento level updates and all additional plugins. You also need to limit external access to confidential information so that only verified scripts can be used.
New Magento features 2.3.4
If you can’t afford to turn off the site for longer, you can only install the security patch, without applying hundreds of functional patches. Patch 126.96.36.199 eliminates Magento 2.3.3 weaknesses.
Magento 2.3.4 offers over 30 security enhancements to address vulnerabilities in XSS and RCE. However, no attacks related to these problems have been confirmed. Additional security improvements and core code fixes include changes that fix remote code execution (RCE). Custom layout updates and rollback layout updates are no longer part of the platform. In addition, you can only add whitelisted variables to templates, which eliminates the possibility of adding directives that can call PHP functions on various objects.
In addition, the update includes support for RabbitMQ version 3.8, used in the Magento 2 message queue. The page caching and session storage have also been improved. Added support for MariaDB version 10.2 – Magento 2.3.4 supports declarative schema for both MySQL and MariaDB. Integration of Authorize.net payment methods is no longer available in the base product.
Magento 2.3.4 also introduces some performance improvements. These include an updated mechanism for invalidating client sections, improved banner cache logic, syntax analysis of PHTML files by the packaging mechanism, and the ability to disable statistics collection for the report module.
From the point of view of managing the range, Magento 2.3.4 introduces only three new improvements. First of all, it is an improvement in performance that reduces the load on the database server, affecting the operation of the basket. Secondly, the inventory reservation command has been updated, with less memory usage to find and compensate for missing reservations. Third, Magento 2.3.4 solves many quality problems. There will be no problems with the previous version of the platform with product groups, sources and mass actions on the assortment.
From a GraphQL perspective, Magento 2.3.4 also offers several key improvements. The new version of the platform improves the search range, layer navigation and basket functionality. It is now possible to combine guest baskets with customer baskets. The customer can also start shopping on one device and complete the order on another. The default layered navigation module now supports custom filters. You can search for a category by ID, name or URL. Fixed product tax rates are supported in the product interface. The object in the basket may contain information about promotions and discounts applied. This data is available at the basket level.
Summary of changes included with the upgrade to version 2.3.4
Thanks to 250 core quality enhancements, Magento 2.3.4 has achieved many improvements to the application infrastructure in modules such as Elasticsearch, catalog, PayPal, import, sales, CMS and B2B. In addition, it is possible to collaborate in real time with Live Chat operated by Dotdigital. This increases the conversion rate, keeping returning customers.
Page builder, i.e. the page creator, offers improved sorting of products, thanks to new parameters – product position in the category, list of product SKUs, name, inventory. It provides more advanced configurations, so you can choose how products are presented by selecting one of the predefined options.
The storage and use of created content has also been significantly improved and optimized for rendering with the Venia theme. In addition, unstructured content is converted to structured data that will be available in React and PWA Studio.
New B2B features include the ability to export order lists to CSV format. It is also possible to limit access to B2B functions from the backend. In this way, you can assign access to this area to specific employees.