Below, we highlight the core features and improvements of Magento 2.3.4. You will find all updates shared between Commerce and Open Source. After that, we separately describe Commerce-specific enhancements. Although it is not a new major release, the new platform version offers significant performance upgrades and security changes, including over 220 functional fixes as well as 30+ security enhancements.
The size of the global e-commerce market has risen dramatically within the last decade. We saw not only numerous new solutions that make the life of customers, merchants, marketers, and developers easier but also continually evolving existing systems, such as Magento. After the release of its second version, new and new updates are gradually changing the standard algorithm of online sales. And below we explore the latest version of the platform – Magento 2.3.4.
While it is not the most customer-centric update, Magento 2.3.4 offers tons of vital improvements aimed at merchants and the way they treat their store visitors. First of all, all Commerce users can leverage the latest achievements from the field of content creation with Page Builder. Launched almost a year ago, this tool evolved a lot so that Magento users can accelerate their ability to provide customers with better content.
As a Magento 2 Commerce merchant, you can control all aspects of how your products are showcased on a storefront:
Sort products in Page Builder by
product position in the category;
SKUs;
Other parameters: name, price, stock status, etc.
Showcase products in:
static product grids;
image carousels.
Another vital Page Builder enhancement is related to Magento 2 PWA. The tool is now fully compatible with PWA Studio and the Venia theme. Both technologies get their improvements so that merchants can easily leverage the Headless approach to e-commerce. Starting from Magento 2.3.4, the power, speed, and creative control of Page Builder can be harnessed in PWA Studio-based storefronts. Thus, Headless Magento 2 websites become more merchant-friendly. The combination of PWA and Page Builder accelerates speed to market across all devices.
To provide administrators with better access to stock media, Magento 2.3.4 offers the integration with Adobe Stock. Since many merchants don’t create their unique images and purchase content on various stock platforms instead, the new platform version lets them do it right in the admin interface of Magento 2. The integrated Adobe Stock functionality offers direct access to high-quality media assets.
As a result, the slow and inefficient manual upload of images is eliminated. As a Magento 2 merchant, you can dramatically simplify your creative process, streamline the workflow, and fill your website with professional and visually compelling images.
The option is available right in Media Gallery. You can seamlessly browse the full Adobe Stock catalog of millions of assets right there. Also, note that it is possible to preview watermarked images inside site content. Thus, you can try them before licensing. After that, it is necessary to authorize them with your Adobe ID and programmatically replace the watermarked images.
This feature is the first integration with Creative Cloud. We’ve been waiting for something like that since 2018 (Check this article: Top-Notch Content Creation & Analytics). It seems that more integrations with Adobe creative tools will come out with further updates.
Another revolutionary integration is related to dotdigital. It was the first Vendor Bundled Extension integrated into Magento 2 out of the box. With Magento 2.3.4, the module offers lots of additional opportunities. Now, it includes Chat and provides one FREE agent. Chat agents can:
manage multiple conversations with customers;
send and receive files (tickets, product images, whitepapers, receipts, etc.);
upsell customers to a different product;
recommend products based on previous purchases.
So, the primary purpose of Dotdigital Engagement Cloud Chat is to enable customers to get in touch with your brand and build real-time communication. You remove any barriers to sales and deliver exceptional customer service out of the box, starting from Magento 2.3.4.
Other updates include:
PWA Studio 5.0.0 is not only compatible with Page Builder but also offers new tools and improved workflow related to the Venia UI components. Check the official PWA Studio Release Notes for further information.
GraphQL offers better coverage and lets merchants implement a headless approach much more comfortable. You can find all GraphQL changes introduced in Magento 2.3.4 in the official GraphQL Release Notes.
Magento 2.3.4 offers a bunch of security fixes and upgrades. We describe them below in more detail.
Performance improvements are a common component of every Magento 2 update, and 2.3.4 is not an exception. Different platform areas were optimized to increase the productivity of your e-commerce website. Overall storefront performance, Inventory Management, B2B capabilities, and multiple more performance enhancements let you and your customers enjoy better e-commerce experience. You can find more details below.
Authorize.net is no longer a part of Magento 2. The core integration has been deprecated due to the PSD2 regulation. Now, you have to use the official payment integration solutions available on the Marketplace.
Magecart and Security Issues
Magento 2.3.4 includes six essential security fixes, three of which are rated as critical severity:
Critical security issues:
CVE-2020-3719 is an SQL injection flaw that could be exploited to leak sensitive information;
CVE-2020-3716 is related to the field of deserialization of the untrusted data and could lead to arbitrary code execution;
CVE-2020-3718 is a security bypass issue that could also lead to arbitrary code execution;
Important security issues:
CVE-2020-3715 is a stored cross-site scripting vulnerability that could be exploited to leak sensitive information;
CVE-2020-3758 is another stored cross-site scripting vulnerability that could lead to confidential information disclosure;
CVE-2020-3717 is a path traversal issue that could be leveraged by attackers for the same purpose.
Although no attacks exploiting the issues have been confirmed, Magento websites became privileged targets of Magecart attack. If you are not familiar with the problem, it is aimed at stealing payment card data and could lead to arbitrary code execution. Malefactors rely on the compromise of the installs. Besides, they leverage the injection of an e-skimmer.
Now, you can leverage released along with the Magento 2.3.4 upgrade. The security fixes got a “priority 2” rating: the update should be applied within 30 days.
If you are not familiar with Magecart groups, here is a brief explanation. First of all, Magecart is an umbrella term that covers multiple threat groups with a common modus operandi. The malefactors compromise websites by exploiting vulnerabilities in e-commerce platforms. Their goal is to add card-skimming scripts to checkout pages.
As you might have already read, the number one target of Magecart is Magento with its SQL injection bugs and other vulnerabilities. For instance, the last year attack against Magento 2 exploited an SQL injection bug. Malefactors dumped the contents of the admin_user database table, stealing administrative console credentials. Next, they logged into the Magento dashboard, adding the Magecart malware. Another example of Magecraft activities is related to Cross-Site Scripting (XSS) flaws. Magecart hackers stole customer credit cards in the Newegg data breach, using a form of XSS attacks.
To avoid these and other issues, you have to verify that your e-commerce website as updates and all the related third-party connections or plugins are up to date and include all patches and upgrades. You also have to restrict external access to sensitive information so that only verified scripts can be executed.
Magento 2.3.4 Features
Security-only patch
You can install a time-sensitive security patch without applying the hundreds of functional fixes. Patch 2.3.3.1 eliminates the vulnerabilities from Magento 2.3.3. Follow these links for further information:
Updates for Page Builder, Inventory Management, and Progressive Web Applications (PWA) Studio are released independently.
Security
Magento 2.3.4 offers 30+ security enhancements to solve XSS and RCE vulnerabilities. However, no attacks related to these issues have been confirmed.
Additional security enhancements and fixes to core code include improvements that fix Remote Code Execution (RCE). Custom layout updates and the deprecation of layout updates are no longer a part of the platform. Besides, only whitelisted variables can be added to templates, eliminating the possibility of adding directives that can call PHP functions on objects.
Other security and PCI compliance enhancements include:
Support for RabbitMQ v3.8 utilized in the message queue framework of Magento 2;
Page caching and session storage improvements;
Support for MariaDB 10.2: Magento 2.3.4 supports declarative schema for both MySQL and MariaDB;
The Authorize.net payment method integration is no longer available out-of-the-box.
Performance
Magento 2.3.4 also introduces the following performance enhancements:
Updated customer section invalidation mechanism;
Improved banner cache logic;
PHTML files support parsing by the bundling mechanism;
Statistic collecting for the Reports module can be disabled.
Infrastructure
With 250 enhancements to core quality, Magento 2.3.4 got lots of infrastructure improvements in such modules as Elasticsearch, catalog, PayPal, import, sales, CMS, and B2B.
Merchant tool
With Magento 2.3.4, you get integration with Adobe Stock image galleries. Consequently, it is possible to add media content from the Magento admin. The tool’s searchable interface provides the ability to explore, preview, license, and deploy stock images.
Inventory Management
From the perspective of Inventory Management, Magento 2.3.4 introduces only three new enhancements. Firstly, it is a performance improvement that reduces the load over the database server, affecting the shopping car.
Secondly, the Inventory Reservations CLI command has been updated. Now, it uses less memory to find and compensate for missing reservations.
Thirdly, Magento 2.3.4 resolves multiple quality issues. If in the previous platform version, you may experience some minor problems woking with credit memos, grouped products, source, and stock mass actions, you won’t face them anymore. You can find more information here: Inventory Management Release Notes.
GraphQL
From the perspective of GraphQL, Magento 2.3.4 also offers several key enhancements. The new platform version improves coverage for search, layered navigation, and cart functionality:
It is possible to merge guest carts with customer carts;
A customer can start shopping on one device and complete an order on another;
The default layered navigation module now supports custom filters;
Category search can be performed by ID, name, or URL key;
The cart object can contain information regarding promotions and applied discounts. This data is available at the line and cart levels.
PWA Studio
Since PWA Studio is released separately, we don’t provide its new features in this article. But you can find everything here: PWA Studio releases.
dotdigital
Magento 2.3.4 offers additional opportunities in the sphere of real-time engagement with Live Chat powered by dotdigital. Increase conversion rates by keeping customers coming back.
Magento 2.3.4 also includes two directions that have been improved for the Commerce edition only. They are Page Builder and B2B. Let’s explore each feature individually.
Page Builder
In 2.3.4, Page builder offers improved product sorting so that you can sort by different new parameters: product position in a category, list of product SKUs, name, stock status, etc.
You can also leverage improved product carousel. It provides more advanced configurations so that you can choose how to showcase products, selecting one of the predefined options.
There is also a massive improvement in how the created content is stored and utilized. It is optimized for rendering with the Venia Theme. Furthermore, unstructured content is converted into structured data to be available in React and PWA Studio.
B2B
As for the B2B features of Magento 2.3.4, they include the ability to export requisition lists into CSV format. However, we provide more extended opportunities via Improved Import & Export. You can find more information here: Import & Export Magento 2 Requisition Lists.
It is also possible torestrict access to B2B features from the backend. Thus, you can assign the ability to access this area to specific employees.