The new Magento version – Magento 2.3.5 – is already available to download. Let’s discuss what security, performance and platform quality enhancements come with the new update.
The long-awaited Magento 2.3.5 has been officially released on April 28. This release includes significant improvements to performance, quality and platform stability. Magento 2.3.5 came up with more than 25 security fixes and improvements, 180+ product quality enhancements across the platform. It includes the resolution of 4+ GitHub issues noted by the Magento community, such as Inventory Management, GraphQL, core code minor clean-up and more. Want your online store to maintain the highest level of performance and security? Upgrade it to the latest version right away. And don’t forget to backup!
Magento 2.3.5 Security
Magento 2.3.5 Improvements
Magento 2.3.5. Performance Enhancements
Magento 2.3.5 Infrastructure Changes
Magento 2.3.5 Inventory Management & GraphQL Enhancements
Magento 2.3.5 PWA Studio
New Magento B2B Features
Magento 2.3.4-p2 Security-only Patch
Magento 2.3.5 Security
Magento 2.3.5 provides over 25 security enhancements that help handle close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities. Although, there were no confirmed hacker attacks related to these issues, several vulnerabilities could be used to get access to customer information or the Admin panel. So, to better protect its community, Magento 2.3.5 contains the following enhancements:
- Implementation of Content Security Policy (CSP). CSP is an HTTP response header used by browsers to enhance web page security. This security layer supports the detection and decrease of attacks, including cross-site scripting (XSS) and data injection attacks.
- Removal of session_id from URLs. Exposure of session-id values in URLs makes a security vulnerability in the form of session fixation. The code from the methods and classes which read and tag session_id from URLs has been removed.
Magento 2.3.5 Improvements
- Support for Elasticsearch 7.x. Elasticsearch 7.x is now the supported catalog search engine for Magento Commerce and Magento Open Source. Elasticsearch 2.x and 5.x are deprecated and are going to be removed in Magento 2.4.0.
- Deprecation of the core integration of Signifyd. This fraud protection code is no longer supported. Business owners need to migrate to the Signifyd Fraud & Chargeback Protection extension.
- Symfony Components should be upgraded to the latest version 4.4
- Deprecation of core integration of payment gateways. Integration of Authorize.Net, eWay, CyberSource and Worldpay payment methods is deprecated. So, the integrations are no longer supported and will be removed in the next release. Merchants need to choose other extensions available on the Magento Marketplace or third-party market places such as the BelVG store.
- Migration of dependencies on Zend Framework to the Laminas project to show the transition to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated and Magento 2.3.5 implements a number of changes to code and configuration required to support the use of the Laminas libraries.
Magento 2.3.5. Performance Enhancements
The following Magento 2.3.5 improvements result in noticeable system’s performance boost:
Improvement of customer data section invalidation logic. Magento 2.3.5 release provides a new way to invalidate customer sections data. It allows avoiding a known issue with local storage with custom sections.xml invalidations being active.
Redis performance optimisation include:
- Decrease in the size of network data transfers between Magento and Redis.
- Reduction in Redis’ consumption of CPU cycles, as well as in race conditions on Redis write operations.
Magento 2.3.5 Infrastructure Changes
Magento 2.3.5 release contains improvements to core quality. It enhances the Framework quality and Catalog, Sales, PayPal, Elasticsearch, CMS and Import modules.
- PayPal Pro is now compatible with the Chrome 80 browser. The payment method previously used a Magento callback endpoint which requires access to the customer’s session. The new default Chrome Samesite cookie functionality doesn’t allow it.
- A PHPStan code analysis check integration with Magento static builds. The tool conducts sophisticated static code analysis and identifies additional issues.
Magento 2.3.5 Inventory Management & GraphQL Enhancements
Inventory Management improvements in the Magento 2.3.5. Release include:
- SourceDataProvider and StockDataProvider get new extensions point.
- Orders list allows viewing allocated inventory sources.
Considering GraphQL, now you can use products and categoryList queries to get information about categories and products which have been added to a staged campaign.
Magento 2.3.5 PWA Studio
PWA Studio 6.0.0 provides the following improvements:
- PWA extensibility framework is launched. The framework delivers the ability to develop an extensibility API for their storefront or write plugins to modify storefront logic and tap into those API.
- Caching and data fetching enhancements in the Peregrine and Venia UI component libraries.
- Shopping cart components now can be used for a full-page shopping cart experience.
New Magento B2B Features
A new B2B module integrates Engagement cloud and the Magento B2B module allowing Magento B2B merchants to use their B2B commerce data and better interact with their customers. Here we get:
- Company data sync.
- Sync of shared catalog data and additional product catalog data to dotdigital.
- Sync of quote data.
Another important update is that Magento will no longer support Google Shopping ads Channel.
Magento 2.3.4-p2 Security-only Patch
If you don’t want to upgrade your online store to the version 2.3.5 right away, you can install the Magento Security Patch to reduce the risk for both admin and customers. Magento has released the new security-only patch – Magento 2.3.4-p2 which provides fixes of vulnerabilities found in the previous platform release – 2.3.4. In this security patch, Magento saves all fit fixes made applied to the 2.3.4 release. Magento 2.3.4-p2 is easy to install and is a perfect solution for business owners who need a fast security upgrade.
Wrapping it up
Hopefully, you have found all the details about the latest Magento release – Magento 2.3.5 – and its new security-only patch 2.3.4-p2. Remember that updating your Magento platform regularly, you guarantee customer security, provide the best functionality and improve your online store. Constant upgrades are the best way to ensure your online business will grow and thrive. Let your business reach the highest ecommerce levels and meet all the expectations of the loyal customers and occasional website visitors.
Partner With Us
Looking for a partner to grow your business? We are the right company to bring your webstore to success.
Talk to Vlad
Thank you for the feedback!
Great article So knowledgeable & informative Magento 2 assuring the features that Magento 1 never had also more secure & new streamlined Admin panel occupied and so much more.