Atwix MageNews – August 2019

Welcome to the August edition of Atwix MageNews!
This is the 7th digest in the series and it’s all about updates from Magento world, upcoming changes and experience sharing. Interested? Come in and read more!

Not to Miss

New Payment Security Standards and Magento

Currently, two payment standards are shaping the payment industry. This is all about 3-D Secure 2.0 and PSD2.

The main change of 3-D Secure 2.0 is that merchants and issuer banks will exchange contextual data to automatically verify the identity of the customers and detect high-risks transactions which are less than 5 percent of all placed transactions. This helps to reduce transaction time by 85% and the drop-off rate by 70%.

The PSD2 (Payment Service Directive 2) is a reviewed EU payment directive which requires payment providers to apply Strong Customer Authentication (SCA). SCA requires to use at least two of the following factors to verify identity during transactions:
– Something the customer knows: password or PIN they set
– Something the customers has: phone or hardware token for authentication
– Something the customer is: fingerprint, face recognition.
Starting September 14, 2019 European banks will decline payments that require SCA but do not meet the above criteria.

These directives will affect Magento as well. Magento is going to deprecate core bundled integrations with CyberSource,, eWay, Worldpay in favor of official payment integrations available on the marketplace.

More Info:
[Magento DevBlog] 3D Secure 2.0 changes
[3DSecure2] Official website of 3D Secure 2.0 standard
[Visa] New and improved 3-D secure – Infographic
[Magento Marketplace] Braintree – Official Integration
[Magento Marketplace] Authorize.Net – Official Integration
[Magento Marketplace] CyberSource Global Payment Management – Official Integration
[Magento Marketplace] eWay Payments – Official Integration

Adobe Analytics in Magento

Adobe announced a brand-new Analysis Workspace template for exploring your Magento commerce and marketing data. Check it out below!

More Info:
[Youtube] Adobe Analytics – Magento Marketing & Commerce Template

Community Experience

Module Vendor Worst Practices

A write up from Jisse Reitsma about classic quality issues of third-party modules you can find during the code review.
More Info:
[Yireo] Review of a bad Magento 2 extension

Ngrok + Magento + Docker

And again about ngrok service and Magento. This time Dmitry Shkoliar tells us how to share docker-powered Magento local environment with the world using a custom integration module to troubleshoot typical issues related to building URLs and caching.

More Info:
[] Sharing local Docker Magento 2 development environment over the web
[Github] Magento 2 ngrok integration

Magento 2 JS Bundling

Andrew Levine analyzed current JavaScript bundling problems for Luma-based frontend. He pointed out the most significant differences between Magento frontend and the rest of webpack-based frontends. As a result we got a summary of challenges on a way of implementing optimized JS bundling.

More Info:
[Github Gist] JavaScript Bundling in Magento

Composer Root Updater

It’s great to see that Magento cares about upgrading process and tries to streamline it. For these needs, Magento created a composer plugin which automatically adjusts composer.json of the project making sure all dependencies comply with a new version of the platform. Don’t forget to try it next time you upgrade your projects!

More Info:
[Github] magento/composer-root-update-plugin
[Magento DevBlog] Easier upgrades with new Composer plugin!
[Magento DevDocs] Upgrade using the Magento composer root plugin

Elastic App Search for Magento

Elastic team announced an integration between Magento and their Elastic App Search product. App Search is a SaaS solution that simplifies the process of creating and maintaining applications which need to support search functionality. It provides deep relevance tuning and analytics feature for improving conversion rates. Learn more about this below.
More Info:
[Elastic] Elastic App Search Magento module beta release
[Elastic] Elastic App Search
[Github] A first party module to integrate Elastic App Search in Magento 2.


DocBlock Standards

Magento DocBlock Standards improvement has been announced by Vinai Kopp. This is a common effort and it resulted in removing rules which let to docBlock duplication. The proposal discourages usage of @inheritdoc directives which were based on adding obvious and redundant descriptions. It encourages commenting why some method or component was added and not how it was added. Read more about changes below.

More Info:
[Magento DevDocs] DocBlock Standards
[Github] Remove rules duplicating method signature info

Replacement for SCD

Static content deployment is one of the longest-running processes during Magento deployments. If the deployment process is not optimized, it even prolongs website downtime. Andrew Levine is working right now on a replacement for the current SCD. The biggest bottleneck is unofficial PHP LESS compiler. Andrew is working on a solution. The idea is to make Magento use official LESS compiler written on JavaScript and parallel style compiling via workers. This approach seems to be reasonable and works 6 times faster than the current one.

More Info:
[Github] Fast, drop-in replacement for Magento’s Static Content Deploy (WIP)
[Github] Proposal to rewrite + modernize Static Content Deployment


XSS in Order Cancelation Flow

Magento 2.3.2 contains numerous security improvements and it’s super important to apply them all on out-dated versions of the platform. One of such vulnerabilities and attack vectors was founded and disclosed by RIPS Tech team. According to it, merchants who use core bundled integration with could be vulnerable to unauthenticated stored XSS attack during order cancelation which combined with RCE exploit can give hackers access to the webserver. Make sure your projects are patched and ready for this!

More Info:
[RIPSTECH Blog] Magento 2.3.1: Unauthenticated Stored XSS to RCE

Upcoming Events. Don’t Miss!

– August 1st – MM19ID, Jakarta, Indonesia
– August 22nd – MM19SG, Marina Bay Sands, Singapore
– August 30th – Magento Meetup & Contribution Day in Khmelnytskyi, Khmelnytskyi, Ukraine
– September 5-6 – Meet Magento New York
– September 27-28 – MageCONF 2019, Kyiv, Ukraine

Want more?

Make sure to be the first for our September MageNews digest – subscribe to our blog.

See you in a month!

What was before?
Atwix MageNews – July 2019
Atwix MageNews – June 2019