Magento Open Source 2.3.1 Release Notes

- E-Commerce, Magento 2

Magento Commerce 2.3.1. release notes

And what about the new release of Magento Open Source? What enhancements does the 2.3.1 version provide? The situation is quite similar to the one we’ve just described: we have more than 200 functional fixes, over 500 pull requests, and over 30 security enhancements – just like in the case of the Commerce edition. By the way, if you want to learn about the paid version of our favorite e-commerce platform, follow this link: Magento Commerce 2.3.1 Release Notes.  

And the situation with the PRODSECBUG-2198 patch is absolutely the same: you have to apply it to protect your e-commerce website from recently discovered vulnerabilities. The patch addresses critical SQL injection vulnerability identified in Magento 2.3. You can find more information about it here: Magento Security Center.

Follow the steps below to download and apply the patch:

  1. Access your account here: My Account.
  2. Then, proceed to the Downloads tab to select the necessary Magento edition and version.
  3. Now, you can choose Support Patches and Security Patches and then select the latest one – PRODSECBUG-2198.
  4. Start the download process and upload a patch to a specific directory in your Magento installation. Usually, it can be something like ‘m2-hotfixes.’ Note that it should not be accessible publicly.
  5. To apply the patch, enter the following command in your project root:
    git apply ./m2-hotfixes/<patch-file-name>.
  6. Now, go to Admin -> System -> Cache Management and refresh the cache.

Merchant tool enhancements

Below, we explore merchant tool enhancements introduced in the Magento Open Source 2.3.1 release. They include the improved order creation workflow, support for PDP images, as well as Inventory Management created by the community. Let’s describe each feature in more detail.

Order creation workflow

There is also good news regarding the order creation workflow. You might have already faced the delays when editing billing and shipping addresses. Due to the refactoring of the Admin order creation workflow, they are eliminated in Magento Open Source 2.3.1. It is necessary to mention that the processing of these fields happens after they are populated.

PDP images

The ability to provide customers with better content is based not only on Page Builder but also the support for PDP images. The old limits no longer prevent you from uploading  PDP images larger than 1920 x 1200. The pictures are no longer need to be compressed and downsized.

Note that before Magento Open Source 2.3.1, the system resized and compressed high-quality images larger than 1920 x 1200 automatically. At least, you didn’t have to do that automatically. Now, you no longer need to sacrifice the image quality at all. Furthermore, as a Magento merchant, you can set requirements for resizing and compression starting from Magento 2.3.1.

Inventory Management

As for the inventory management workflow, it was also enhanced with the Multi-Source Inventory community project. Developers have added a lot of new features. You can find all the improvements here: Inventory Management Release Notes. We’d like to focus on some key features introduced in Magento Open Source 2.3.1:

  • Elasticsearch. You can now use Elasticsearch to get correct products and quantities when Elasticsearch is used as the search engine. Furthermore, searches return results from stock assigned to the website from 2.3.1. And to make your life even easier, the system supports filtering! Thus, it is possible to find the required information faster and with less effort.
  • Distance Priority Source Selection algorithm. Forever forget about unexpected expenditures caused by inappropriately selected fulfillment location. Magento Open Source 2.3.1 lets you use an algorithm instead, which automatically chooses the closest inventory locations. This SSA feature is based on Google Maps API. You can find out how it calculates the shortest distance for deliveries here: Manage source selection algorithms.
  • Mass inventory transfers. Bulk inventory transfers have been improved as well. Now, they are optimized with higher processing speed and reduced locking during transfers.
  • In-store pickup. Inventory Management now enables in-store pickup for selected sources. The feature is quite popular among customers, but before 2.3.1, it was available in third-party extensions only. Now, you can reduce shipping costs and increase customer satisfaction with the in-store pickup functionality out-of-the-box. And due to the higher priority of store pickup orders, the system prevents insufficient inventory available in sources to fulfill shipped orders. For further information, follow this link: Inventory Management Release Notes.

Improved developer routine

Now, when you know what improvements of Magento Open Source 2.3.1 are oriented towards merchants, we should explore the enhanced developer experience of the recent platform version. As you might have already noticed, the only huge difference between the two platform versions is the availability of Page Builder in Magento Commerce. But let’s see what developer-centric improvements are unique to each version.

Upgrade process dependency assessment

Just like in the case of the Commerce version, the Open Source one offers a new composer plugin – magento/composer-root-update-plugin. It automatically updates all dependencies in composer.json during the upgrade. Before the new platform version, you have to do apply changes manually.

PWA Studio

PWA Studio introduces another vital enhancement to the existing developer routine, but it is the same as the one mentioned above. If you decide to go ‘headless,’ there is no need to do everything with your own tools. Now, the platform offers a set of developer instruments that allows developing, deploying, and maintaining a PWA storefront on top of Magento 2.x. You can find answers to your questions here: Magento PWA Documentation.


The new API standard has been improved in Magento Open Source 2.3.1 as well. As a developer, you can now leverage cart and customer actions with higher efficiency: create a cart, populate a cart, set a shipping address, create a customer account, etc. Nothing unique in comparison to the Commerce version.

Enhanced security

We’ve already informed you about the major security fixe introduced with a new patch at least twice. And there are 30+ security enhancements that help prevent various problems, such as cross-site scripting, sensitive data disclosure vulnerabilities, arbitrary code execution, etc. Note that they are the same for both Commerce and Open Source editions.

Despite no attacks have occurred, certain vulnerabilities can be exploited to access various precise data stored on your website. For further information, follow this link: Magento Security Center. It is also worth mentioning that all exploitable security issues are now a part of 2.2.8, 2.1.17,, and Magento Commerce versions.

Better performance

The performance of the Magento Open Source platform has been improved with 2.3.1 as well. And it features the same improvements as we’ve already listed above.

Now, the free version of our favorite e-commerce tool lets you use customer accounts with over 3k addresses without any delays. Oriented at B2B merchants, the feature introduces the following changes:

  • Customer address handling has new UI components designed to increase platform performance. As a result, 3000 and more addresses can be utilized – just like in the case of the Magento 2.3.1 Commerce.
  • The same is about the Admin order creation page: in case of both Commerce and Open Source, it can cope with customer accounts with 3k addresses without performance issues.
  • And the Open Source version increases the usability in this direction by displaying the list of additional customer addresses as a grid in the storefront customer address book. You can find more about the new feature here: Magento 2.3.1 Address Book. Nothing unique in comparison to the Commerce edition.
  • The shipping and billing data entered during checkout is no longer deleted after a cart update even for Open Source website.

Infrastructure improvements

Now, let’s take a look at the improvements of Magento Open Source 2.3.1 that affect both merchants and developers.

  • Authorize.Net extension. A new extension now replaces the Authorize.Net Direct Post module in Magento Open Source 2.3.1 since it will be no longer used since the end of June. You can find more information regarding the deprecation here.
  • Accept.js library. The library is now used for Authorize.NET payments.
  • Elasticsearch 6.0. This search engine version can be utilized in Magento Open Source 2.3.1 as well as in its Commerce edition.
  • PayPal Express Checkout. PayPal Express Checkout has been updated to checkout.js v4. Thus, you get a modernized checkout flow which performs faster, introduces new payment options (Venmo and PayPal Credit), and lets you use new payment options in a single integration that does not have to be updated as new payment methods are available.
  • Redis 5.0. It is finally supported by Magento Open Source starting from 2.3.1.
  • PHP. Magento 2.3.1 is compatible with PHP 7.2.x and certified on PHP 7.2.11.
  • MySQL Views. There is also a noticeable improvement related to MySQL. Magento 2.3.1 lets you isolate and extract MySQL Views from regular database tables. No negative effects on database backup and restoration are observed.
  • DHL. The users of DHL shipping methods also get a vital improvement: Magento Open Source 2.3.1 utilizes the DHL XML Services schema 6.0!
  • MFTF. Magento Functional Test Framework has been upgraded to 2.3.13.

Bundled extension enhancements

As for the third-party extensions included in Magento Open Source 2.3.1, they include the following features:

Amazon Pay. This module provides multi-currency support for EU and U.K. merchants. You can find more information regarding the extension and its updated functionality here: Use multi-currency.

dotdigital Engagement Cloud. This module was initially known as dotmailer. Now, it has been rebranded. Furthermore, the customer account dashboard area now includes support for Marketing Preferences. Thus, the customer consent text in the customer’s account dashboard area can be displayed as the general subscription text. The abandoned cart and automation process also introduce something new. Both features benefit from a retry function in a case when contacts are pending in dotdigital Engagement Cloud.

Magento Shipping. This module has been dramatically improved as well. First of all, let’s take a look at its brand new features introduced with Magento Open Source 2.3.1. It is shipment cancellation that lets you cancel a shipment that has not yet been dispatched. Besides, you can leverage Portal Access via Magento. This improvement provides the ability to reach the Magento Shipping portal right from your Magento store using the Magento Shipping credentials.

Also, note that multiple enhancements to the existing features have been introduced in Magento Open Source 2.3.1:

  • The batch processing workflow now includes error messaging and field validation.
  • Collection Points have been expanded as well. Now, they cater for both FedEx Hold at Locations and UPS Access Points.
  • Interface changes to the list of locations displayed on checkout are also a part of the Magento Open Source 2.3.1 update. A customer can view open and close hours when provided by the carrier.
  • Click & Collect is another intriguing option introduced in Magento Open Source 2.3.1. The list of available locations has been brought in line with the new Collection Points list on the checkout page.
  • Carrier Specific Packaging. In the case of FedEx, customers can choose a carrier-specific packaging. The available packages can be selected during shipping.
  • Qualification Experience. Now include Ship to Address, Click & Collect, and Collection Points. The initial functionality of the module has been restructured so that the three available options are now available as outcomes in a single Qualification experience.
  • Security has been enhanced in terms of ship[ping as well. Now third-party code execution is now possible.
  • Cart Price Rules. The native cart price rules of Magento can be applied to Magento Shipping starting from Magento Open Source 2.3.1.
  • Dispatch. Additional workflow capabilities are a part of the dispatch process. Now, they can cater for future carriers.

Vertex. When it comes to the Vertex module, there are only two improvements introduced in Magento Open Source 2.3.1. It supports B2C VAT as well as configurable logging.

Fixed issues

Also, note that hundreds of issues in the Magento Open Source 2.3.1 core code have been fixed. You can find all of them here: Official Magento Open Source 2.3.1 Release Notes.