Atwix MageNews – February 2019

Hello and welcome to Atwix MageNews!
This article reviews the most interesting and important topics that popped up in Magento Community last month in our humble opinion.
Without further ado, let’s start!

Good to Know

Magento Upgrades from 2.2 to 2.3

Magento 2.3 landed at the end of November last year. This is a major release with some incompatible changes compared to the previous version. This fact probably makes difference even on how Magento should be upgraded. So, upgrading process is not as simple as changing a version of Magento composer metapackege and it’s needed to run an additional helper script to make upgrading go smooth.

More Info:
– [Firebear Studio] How to Upgrade to Magento 2.3: Update & Error Fixes

PHP 7.1 End of Life

According to PHP supported version policy, active support of PHP 7.1 is over a month ago and by the end of 2019 it has end of life and won’t be supported anymore. Currently, the latest version of PHP that Magento 2.2 supports is 7.1. This is a signal for merchants that probably it’s time to think about investments in upgrading Magento to version 2.3.

More Info:
– [PHP.net] PHP: Supported Versions
– [DevDocs] Magento 2.2.x technology stack requirements

Does PageBuilder Magento 2.3 out-of-box feature?

PageBuilder is an awesome Magento Admin experience improvement that has been under development for more than 2 years. The reason for that is significant changes in Bluefoot CMS architecture that were supposed to be a base for PageBuilder module, but, it doesn’t meet Magento requirements and use cases. Now many of overviews of Magento 2.3 features say that PageBuilder is already Magento 2.3 feature. However, that’s not actually true yet, at least, for version 2.3.0. There are still some final touches left to do and hopefully, in the next release, we will be able to use this.

2/2 what PageBuilder is today is miles ahead of BlueFoot in many areas. Looking back BlueFoot solved a problem but was not a polished product. With 2.3.1 you’ll get the problem solved and a beautiful product ??

— Dave Macaulay (@HelloMacaulay) January 22, 2019

More Info:
– How did a story begin? [Magento] Magento Acquires Technology Behind Bluefoot CMS
– What’s done so far? [MM18UK] Technical Introduction To Magento Page Builder

Open Source

Atwix #1 Contributor in 2018

Atwix became #1 Contributor in 2018 after leading in partners top 10 months in a row. How was it going and what’s next? All answers are in the Atwix article below.

More Info:
– [Atwix] Magento Contributions: 2018, 2019 and beyond

Extensions

Last month Magento Community actively discussed following open source extensions/tools:

– Helper script to aid upgrading Magento 2 websites
– Magento 2 Ultimate Module Creator – a standalone application for creating Magento 2 CRUD
– Yireo_ExtensionChecker – validates the code of other extensions via static code analysis tools
– Magento DevDocs integration with VS Code

In addition, starting from version 2.7.3 popular Smile_ElasticSuite modules are going towards GraphQL compatibility.

E-commerce

Checkoutless commerce in UK

How many touches do you need to purchase something on mobile? Checkoutless is about reducing this number to a minimum with payment solutions like Paypal Express or Apple Pay. Magento published an article with reports of state checkoutless commerce in the UK across different sectors.

More Info:
– [Magento] Switching Retailers Onto Checkoutless Commerce

Magento U

Experience Sharing

Passing Magento certifications are probably the best way to grow as professional and get a solid knowledge of Magento and E-commerce. However, not all of us want to pass them. Truth be told, a big part of us is just afraid of failing or simply don’t know how to start. This is awesome that Magento Community has people that are open to share their personal experience, both successes and failures. Fisheye and Integer_net wrote about their ways of passing Magento developer certifications.

More Info:
– [integer_net] About the Magento 2 Certified Professional Developer PLUS exam
– [John Hughes] How we trained 8 “Magento 2 Certified Professional Front End Developers” in 6 weeks…

New Magento Certifications

Last month Magento U announced that two more certifications are in progress and will be released soon. Now Magento Cloud masters and Magento Order Management specialists will be able to prove their skills and add one more badge to their profiles.

Developing the Magento Order Management course – coming in March and April! pic.twitter.com/QsCAILIl86

— Magento U (@MagentoU) January 2, 2019

Magento Certified Cloud Developer certification exam workshop completed this week in London! Fantastic work everyone – Look for the Cloud Developer certification exam coming soon!! pic.twitter.com/dBbPjSCvlx

— Magento U (@MagentoU) January 25, 2019

Security

Enhanced Magento Bug Bounty Program

Magento changed a service for reporting security issues. Before Bugcrowd had been used for such things, but now Magento moved to HackerOne which Adobe is using for their products. Moreover, the bug bounty program was updated and contains several improvements like payments right after verifications, but not after releasing patches. This should make a positive effect on the motivation of the community to report.

More Info:
– [Magento DevBlog] Enhanced Bug Bounty Program!

Authorize.Net said goodbye to MD5

Authorize.Net announced the end of life for their MD5 based hash for transaction responses in favor of SHA-512 based hash utilizing a Signature Key. The final transition to the new approach will be done in two phases to make it smooth for service consumers that are using legacy algorithm at this moment.

More Info:
– [Authorize.Net] MD5 Hash End of Life & Signature Key Replacement

Don’t copy-paste @escapeNotVerified!

Did you ever wonder, what "@escapeNotVerified" is doing all over the place in Magento templates? I've often seen it blindly copied from core code. Don't do this! Let me explain:

— Fabian Schmengler (@fschmengler) January 24, 2019

Be prepared to a new PCI Software Security Framework

PCI Software Security Framework will come to the payment industry to expand existing PCI DSS and address overall software security resiliency. Currently, PCI SSC published two parts of the new framework: PCI Secure Software Standard and the PCI Secure Software Lifecycle. Why new standards were introduced and how they affect stakeholders. If you’re looking for answers, check the following interview with PCI SSC CTO Troy Leach.

More Info:
– [PCI SSC] New PCI Software Security Standards

Community Experience

Magento 2 PWA Dev Tools

Since 2015 when the world started talking about PWA, 4 big players showed up on Magento 2 PWA scene: Magento PWA Studio, DEITY Falcon, Front-Commerce and Vue Commerce. What’s the difference between them all and what’s a perfect choice for you or your project can be found in an article from Onilab.

More Info:
– [Onilab]The Best PWA Dev Tool for Magento 2

Composer local override will rescue

Here is an interesting true story from Mark Shust life about overriding some module composer metapackage via Composer path repository to meet project needs.

More Info:
– [Mark Shust] Locally overriding or extending third-party Composer modules

Run your MFTF tests

Practical overview from Amasty Team on what needs to be kept in mind to use MFTF and write acceptance tests for your projects.

More Info:
– [Amasty] How to Make a Smooth and Quick Start with MFTF?

Best Practice for designing API

This article in Magento DevBlog helps to understand why Magento Multi-Source Inventory project was designed in a way it’s designed and not another way. Down below Igor Miniailo shares his experience from building such a huge system.

More Info:
– [Magento Forums] Best Practices for API Design

What are microservices?

Magento platform is going toward a microservice approach. This is a hot top in IT world nowadays.
Basically, this is another way of splitting huge monolithic systems into much smaller ones that communicate via the platform and programming language agnostic API. However, what are benefits and drawbacks? How can microservices be implemented and applied to E-commerce? Firebear is answering these questions in an article with a high-level overview of the approach.

More Info:
– [Firebear Studio] Microservices In eCommerce And Magento

Magento Architecture

Future of Magento front-end applications

Magento 2 frontend stack is being changed dramatically within the last couple of years. It started from prototype.js in Magento 1, moving to Knockout.js for first Magento 2 releases and now looking for React.js future. What’s next? This architectural proposal helps understand how modern Magento front-end technology stack will look like and what you need to know about it.

More Info:
– [Magento Github] Front-End Technical Vision

Marketplace Technical Review can be changed

Some discussions are going on around an architectural proposal that reviewing ways of grouping CodeSniffer rule by severities. CodeSniffer rules are used to perform an automatic code review of submitted extensions. Now everyone can bring some brand new ideas or share thoughts on how it should be done.

More Info:
– [Magento Github] Rules Severities for Marketplace Technical Review

Auto Config File Cache Invalidation

How many times have you forgotten to clean the cache after adjusting some XML config files? This is a common issue and there are already a couple of workarounds that help make it automatically. Now Magento Team brings up a new architectural proposal with a proof of concept how such automatic cache invalidation can be implemented out-of-box in Magento 2.

More Info:
– [Magento Github] Automated configuration file cache invalidation

Make Magento 2 module declaration simpler

We may need to rewrite our Magento 2 hello world module articles soon as module declaration is going to be changed. Magento Team has an intention to eliminate Magento infrastructure that loads module classes and make them sorted in dependency sequence. Composer and some 3rd-party libraries may be used instead. So composer.json may be the only one file that will survive among the current three of them after the changes.

More Info:
– [Magento Github] Simplified module declaration

Upcoming Events. Don’t Miss!

– February 12-13th – Magento Live AU, Sydney, Australia
– February 19-22th – eTail West, Palm Springs, CA
– February 21th – Power Retail All Star Bash, Melbourne, Australia
– February 27-28th – Magento 2 Developer Training by Max Pronko, London, UK
– March 5-8th – MageTestFest, Florence, Italy

Make sure to be the first for our March MageNews digest – subscribe to our blog (form in the right sidebar)!

Cookie	Duration	Description
__jid	1 day	Used to add comments to the website and remember the user's Disqus login credentials across websites that use said service.
cf_ob_info	past	The cf_ob_info cookie is set by Cloudflare to provide information on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
li_gc	2 years	Linkeding cookie that stores the user's cookie consent state for the current domain
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	Google Analytics cookie. Used to identify unique users and expires after two years
_gat	1 day	Used by Google Analytics to throttle request rate
_gid	24 hours	Google Analytics cookie. Used to identify user and expires in 24 hours.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar cookie. Used to detect the first pageview session of a user. 30 minutes duration. Boolean true/false data type.
_hjFirstSeen	User session	Hotjar cookie. Identifies a new user’s first session. Used by Recording filters to identify new user sessions. Session duration. Boolean true/false data type.
_hjIncludedInPageviewSample	30 minutes	Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's pageview limit. 30 minutes duration. Boolean true/false data type.
_hjIncludedInSessionSample	30 minutes	Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's daily session limit. 30 minutes duration. Boolean true/false data type.
_hjRecordingLastActivity	User session	Hotjar cookie. Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes
_hjSession_2881021	30 minutes	Hotjar cookie. Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. 30 minutes duration. JSON data type.
_hjSessionRejected	User session	Hotjar cookie. If present, set to '1' for the duration of a user's session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload. Applied in extremely rare situations to prevent severe performance issues. Session duration. Boolean true/false data type.
_hjSessionUser_2881021	1 year	Hotjar cookie. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type.
_hjTLDTest	User session	Hotjar cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
AnalyticsSyncHistory	29 days	Linkedin cookie. Used in connection with data-synchronization with third-party analysis service.
disqus_unique	1 year	Disqus cookie. Collects statistics related to the user's visits to the website, such as number of visits, average time spent on the website and loaded pages.
https://#.#/	User session	leadfeeder.com cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
juggler/event.gif	User session	Disqus cookie. Identifies the visitor across devices and visits, in order to optimize the chat-box function on the website.

Cookie	Duration	Description
aet-dismiss	User session	Disqus cookie. Necessary for the functionality of the website's comments system
drafts.queue		Disqus cookie. Necessary for the functionality of the website's comments system
lang		Linkedin cookie. Remembers the user's selected language version of a website
submitted_posts_cache	User session	Disqus cookie. Necessary for the functionality of the website's comments system

Cookie	Duration	Description
_hjRecordingEnabled	User session	Hotjar cookie. This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange.
_lfa	2 years	Leadfeeder cookie. Used to store and track audience reach and expires in 2 years.
_lfa_expiry	persistent	Leadfeeder cookie. : Contains the expiry-date for the cookie with corresponding name
_lfa_test_cookie_stored	1 day	Leadfeeder cookie. Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes
ads/ga-audiences	User session	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
badges-message	Persistent	Disqus cookie. Used for comments functionality
bcookie	2 years	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
bscookie	2 years	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
lidc	1 day	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
UserMatchHistory	29 days	Linkedin cookie. Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.