Hello and welcome to #MageNews!
The year has just started, but we have already got a lot of news to write about π
Let’s go through the latest updates…
Content
- [Not To Miss] Magento 2.3.4
- [Not To Miss] Magento 2.3.x Release Schedule
- [Not To Miss] CCPA
- [Not To Miss] Adobe Solution Partner Program
- [Not To Miss] PreImagine in 2020
- [Not To Miss] Community Awards
- [Security] Magento 2.3.4 Security Enhancements
- [Security] Magecart. Interpol Strikes Back
- [Open Source] Magento PWA and PageBuilder Updates
- [Open Source] Helpful Projects
- Upcoming Events. Don’t Miss!
- Want More?
Not to Miss
Magento 2.3.4
Magento released new versions of the platform: 2.3.4, 2.3.3-p1 (a security patch version for 2.3.3) and 2.2.11. This update includes:
– support of the latest stable version of RabbitMQ 3.8 and Redis 5.0.6
– partial support of MySQL 8
– deprecation of the bundled Authorize.net integration (use the official integration from the Magento Marketplace)
– integration with Adobe Stock to streamline the use of high-quality images directly from Magento Admin
– Live Chat for real-time helping customers and potentially upselling products. It’s powered by dotdigital Engagement Cloud, that offers a free chat agent exclusively for Magento merchants without a need to subscribe to the full Engagement Cloud.
The upgrade also includes more than 30 security improvements. It should be noted that all fixed vulnerabilities require access to the Magento Admin to be exploited. Since Magento 2.3.4 and further, all security details will be documented in the Adobe Security bulletins.
Among the rest, Magento 2.3.4 has a bunch of performance improvements:
– statistic collection is now disabled for the built-in Report modules (it triggers database locking on the concurrent pageviews) (Merge Request).
– the password-strength estimator library (zxcvbn.js) was refactored and a huge dictionary with common passwords was removed. This change reduced the library size from 395 KB to 11.3 KB and sped up loading of the customer dashboard pages (Merge RequestΒ ).
– the customer section invalidation mechanism has been refactored to eliminate workload on the server of redundant non-cacheable requests (Merge Request).
– phtml templates have been refactored to explicitly define JS components inside templates which improves the default bundling quality (Merge Request).
– ProductMetadata::getVersion() is now cached which brings performance improvements on the website where 3rd-party modules may call this resource-consuming method (Merge Request).
– EAV attribute retrieval is now cached (Merge Request).
New experiences with Page Builder and #PWA studio, integration with #AdobeStock, Chat powered by @dotdigital, and more! Learn about the latest release of #MagentoCommerce here: https://t.co/tajeA7bMqT pic.twitter.com/mwEqRrUur7
— Adobe Commerce (@AdobeCommerce) January 28, 2020
More Info:
– [Magento] Magento 2.3.4: Building More Engaging Customer Experiences
– [Magento DevDocs] Magento Open Source 2.3.4 Release Notes
– [Magento DevDocs] Magento Commerce 2.3.4 Release Notes
– [Magento MerchDocs] Engagement Cloud Chat
– [Magento Marketplace] Official Authorize.Net integration
– [Adobe Security Bulletin] Security Updates Available for Magento | APSB20-02
Magento 2.3.x Release Schedule
Magento has set a schedule of when they plan to release the remaining 2.3.x patch versions of Magento:
– 2.3.5 on Apr 28th, 2020
– 2.3.6 on Jul 28th, 2020
– 2.3.7 on Oct 15th, 2020
Prereleases will be available 2 weeks before the general release date.
Release dates #Magento 2.3.4, 2.3.5, 2.3.6 and 2.3.7 for 2020.
2.3.4 on January 28 2020
2.3.5 on April 28 2020
2.3.6 on July 28 2020
2.3.7 on October 15 2020Pre-release is always 2 weeks before GA.
source: https://t.co/ybNPA0ak3I
— mark walravens (@MarkWalravens) January 7, 2020
More Info:
– [Magento DevDocs] Upcoming Releases
CCPA
The California Consumer Privacy Act (CCPA) went into effect on January 1st. The aim is to extend the rights of Californian consumers to determine how their personal information (PI) will be used, processed and stored on the websites, protecting it from unauthorized processing and selling.
The CCPA grants new rights to consumers:
– right to know (about sharing, collecting and processing PI)
– right to delete (PI from businesses and their internal services)
– right to opt out (from selling PI)
– right to non-discrimination (businesses can’t charge more or provide a lower quality of their products or services to CCPA protected consumers)
Businesses are subject to the CCPA if:
– their gross annual revenue is over $25 million
– they buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices
– their revenue derives 50% or more of the annual revenue from the sale of consumer PI
[CCPA] With the legislation having kicked in on January 1, at least half of US companies may still be struggling to comply. Here's a closer look at the current state of the CCPA adoption across the US companies and the potential cost of noncompliance. https://t.co/EPEkyGxtqR
— Smaato (Now part of Verve Group) (@Smaato) January 7, 2020
Get more details about CCPA processes, implications and how Magento advises on becoming compliant below.
More Info:
– [eMarketer] CCPA Is Here, But Many Companies Are Still Not Compliant
– [Office of the Attorney General] California Consumer Privacy Act – Fact Sheet
– [Magento MerchDocs] CCPA Compliance Guide
– [Magento DevDocs] California Consumer Privacy Act
– [Magento DevDocs] Personal Information Reference
Adobe Solution Partner Program
Adobe is going to retire Magento Solution Partner Programs on March 1st. All existing Magento partners will be mapped to Adobe partner levels, ranging from Platinum to Community, based on FY19 performance.
Explore the benefits of the new partnership program and how to qualify below.
More Info:
– [Adobe Solution Partners] Join the Solution Partner Program
– [Adobe Solution Partners] Magento and Marketo Partners: Transition to Adobe SPP
– [Adobe Solution Partners] All benefits of Adobe partnership
– [Adobe Solution Partners] The financial benefits of Adobe partnership
PreImagine In 2020
Magento Imagine is coming! As you remember, Magento Imagine in 2020 will be aligned with Adobe Summit and will take place at the end of March. This time Magento Association will be organizing PreImagine event. Tickets and more information are available on the MA’s website.
With #MagentoImagine moving to a new venue this year, we're proud to announce that the Magento Association will be organizing & hosting #PreImagine this year. Save the date for Sunday March 29th, 7 to 9PM. Details to be announced soon. #Magento
— Magento Association (@MagentoAssoc) January 16, 2020
Community Award
Traditionally, at the end of January, Magento announces Magento Community awards: Magento Master awards and Top 50 Contributors. We would like to congratulate all community members that were recognized and say thank you for the great effort, time and energy they put to grow our community in all possible ways!
We are super happy to add that this year, Atwix got two Magento Masters:
– Yaroslav Rogoza, Magento Master 2019/2020 (Mentor)
– Dmytro Cheshun, Magento Master 2020 (Maker)
#ICYMI: Help us congratulate the 2020 Magento Masters: Mentors >@aleron75
@max_pronko@barbanet@avstudnitz@RakeshJesadiya@rogyar@manthandave32https://t.co/DIaZJCVNM2#MagentoMasters #MagentoCommunity pic.twitter.com/hDtE0mFiIT— Adobe Commerce (@AdobeCommerce) February 6, 2020
#ICYMI: Help us congratulate the 2020 Magento Masters: Makers >@verite_office@dmitry_ch @Vijaygolani @OleksKravchuk @kalpmehta @molme @ronak2ram@OSrecio @IhorSviziev@Orlanguruhttps://t.co/ZHSRj014hA#MagentoMasters #MagentoCommunity pic.twitter.com/pA96AwL4Yy
— Adobe Commerce (@AdobeCommerce) February 7, 2020
#ICYMI: Help us congratulate the 2020 Magento Masters: Movers >
Ignacio Riesco @ignacioriesco
Oleksandr Lyzun @nuzil
Riccardo Tempesta @RicTempesta https://t.co/NgAwAspuTQ#MagentoMasters #MagentoCommunity pic.twitter.com/gWnxNPdd3M— Adobe Commerce (@AdobeCommerce) February 5, 2020
Also, 6 people from Atwix got into the Top 50 Contributors 2019 list:
Including more than 8,000 pull requests and meetups in over 30 countries, the #MagentoCommunity made so many amazing contributions in 2019. Help us recognize and thank the Top 50 contributors. https://t.co/wsj1ulqo26 pic.twitter.com/0e4SLIp2dH
— Adobe Commerce (@AdobeCommerce) February 4, 2020
Security
Magento 2.3.4 Security Enhancements
Starting from Magento 2.3.4, Magento Admin will not have the ability to specify custom layout updates. This way Magento wants to reduce the vector of possible RCE attacks. See below how that functionality will look after the upgrade.
βοΈ WTF Happened to Custom Layout Updates in Magento v2.3.4 https://t.co/x4FXGWIsEP
— Max Chadwick (@maxpchadwick) January 31, 2020
More Info:
– [Max Chadwick] WTF Happened to Custom Layout Updates in Magento v2.3.4
Magecart. Interpol Strikes Back
Interpol helped The Indonesian National Police to arrest three suspects which are related to the Magecart-like skimmer group. Cybersecurity experts believe that the same group is behind the credit card skimming of more than 571 online stores. This skimmer group seems to be much bigger than 3 people as they proceed to operate even after the arrest.
#SuccessGan Magento hackers still operate magecart[.]net despite 3 arrests on Dec 20th. File syncdb.exe is actually a text file with stolen UK cards, last modified Jan 7th. pic.twitter.com/rDTWIVWZU1
— gwillem (@gwillem) January 27, 2020
More Info:
– [The Hacker News] Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
– [Sanguine Security] Indonesian Magecart hackers arrested
Open Source
PWA and PageBuilder Updates
Magento PWA Studio v5.0.0 is out! One of the main functional changes is integration with PageBuilder.
Yesterday alongside 2.3.4 we released our official Page Builder PWA Studio integration, this enables any new PWA Studio store to utilize Page Builder within CMS Pages πππ https://t.co/mhieB9AOX3 pic.twitter.com/3hsCDxIWdQ
— Dave Macaulay (@HelloMacaulay) January 29, 2020
Magento 2 PWA Studio contains the PageBuilder PWA framework that determines whenever the current CMS content is PageBuilder-enabled or not and renders it properly for both cases. PWA Studio includes a component set to render the default set of PageBuilder content types on the Magento PWA Studio side with a possibility to add custom types.
With the latest updates, PageBuilder includes product slider content type:
#MagentoPageBuilder now includes product carousel slider and powerful product sorting mechanism to blend the content and commerce on your website! Get ready to upgrade to Magento 2.3.4 Commerce! Jan 28 is the date!
— olena tkacheva (@gella) January 23, 2020
The next important update from PWA Studio 5 is a scaffolding command to set up a new project in a quick and developer-friendly way. No need to fork Magento PWA Studio anymore. It uses a venia-concept package as a template because it’s a tiny project with most logic taken from @magento/venuia-ui and @magento/peregrine packages.
#Magento PWA Studio 5 π#magentocommunity pic.twitter.com/pdjojywUcD
— Roma π¦ (@roma_glushko) February 9, 2020
PWA Studio 5 also includes Peregrine talons. They include the UI component-specific logic separated from the presentation layer.
#PWAStudio 5 contains #peregrine talons which is a separation of component-specific business logic from #Venia UI components. Here is an example of the searchbar talon pic.twitter.com/kJNY7pulGH
— Roma π¦ (@roma_glushko) February 9, 2020
The state management in PWA Studio 5 relies now on the content providers and not on the Redux directly, separating data by the domain (like catalog, customer, cart data and so on).
#PWAStudio 5 includes refactored the state management part. Instead of directly using Redus, it uses context providers to access particular pieces of data like catalog, user, cart, checkout data #magento #peregrine #venia pic.twitter.com/LPi6KQaNfF
— Roma π¦ (@roma_glushko) February 9, 2020
Finally, in PWA Studio 5, the custom routing was replaced by React Router.
#PWAStudio 5 also replaces custom routing by React Router π #magentocommunity pic.twitter.com/GZ2L3cPmJV
— Roma π¦ (@roma_glushko) February 9, 2020
More Info:
– [Github] PWA Studio v5.0.0 – Release Notes
– [PWA Docs] Page Builder to PWA integration
– [PWA Docs] Scaffolding
– [PWA Docs] Talons
– [Github] PWA Studio – Page Builder PWA framework Implementation
– [Github] PWA Studio – Creating a custom PageBuilder component
– [PWA Docs] Peregrin Talons
– [PWA Docs] State Management
– [PageBuilder Docs] PageBuilder Release Notes
Helpful Projects
– shkoliar/magento-grid-colors – Magento 2 module for colorizing admin grids
– redchamps/clean-admin-menu – Magento 2 Extension to cleanup admin menu and Store > Configuration area by arranging third party extension items
– fballiano/homebrew-mageutils – a homebrew tap for installing Magento utilities
– extdn/installer-m2 – Universal extension installer for Magento 2
– n98-magerun2 – a new version 4.x is out
Upcoming Events. Donβt Miss!
– Feb 24-27 – eTail West, Palm Springs, CA
– Mar 17-19 – eCommerce One to One, Monaco
– Mar 29-Apr 2nd – Magento Imagine at Adobe Summit, Las Vegas, NV
Want more?
If you need help with customizing your Magento store, feel free to reach out to Atwix.
Make sure to be the first for our March MageNews digest β subscribe to our blog.
See you in a month!
Other Digests:
– Atwix MageNews β 2019 in Review
– Atwix MageNews β December 2019