Atwix MageNews – February 2020

Hello and welcome to #MageNews!
The year has just started, but we have already got a lot of news to write about πŸ™Œ
Let’s go through the latest updates…


  1. [Not To Miss] Magento 2.3.4
  2. [Not To Miss] Magento 2.3.x Release Schedule
  3. [Not To Miss] CCPA
  4. [Not To Miss] Adobe Solution Partner Program
  5. [Not To Miss] PreImagine in 2020
  6. [Not To Miss] Community Awards
  7. [Security] Magento 2.3.4 Security Enhancements
  8. [Security] Magecart. Interpol Strikes Back
  9. [Open Source] Magento PWA and PageBuilder Updates
  10. [Open Source] Helpful Projects
  11. Upcoming Events. Don’t Miss!
  12. Want More?

Not to Miss

Magento 2.3.4

Magento released new versions of the platform: 2.3.4, 2.3.3-p1 (a security patch version for 2.3.3) and 2.2.11. This update includes:
– support of the latest stable version of RabbitMQ 3.8 and Redis 5.0.6
– partial support of MySQL 8
– deprecation of the bundled integration (use the official integration from the Magento Marketplace)
– integration with Adobe Stock to streamline the use of high-quality images directly from Magento Admin
– Live Chat for real-time helping customers and potentially upselling products. It’s powered by dotdigital Engagement Cloud, that offers a free chat agent exclusively for Magento merchants without a need to subscribe to the full Engagement Cloud.

The upgrade also includes more than 30 security improvements. It should be noted that all fixed vulnerabilities require access to the Magento Admin to be exploited. Since Magento 2.3.4 and further, all security details will be documented in the Adobe Security bulletins.

Among the rest, Magento 2.3.4 has a bunch of performance improvements:
– statistic collection is now disabled for the built-in Report modules (it triggers database locking on the concurrent pageviews) (Merge Request).
– the password-strength estimator library (zxcvbn.js) was refactored and a huge dictionary with common passwords was removed. This change reduced the library size from 395 KB to 11.3 KB and sped up loading of the customer dashboard pages (Merge RequestΒ ).
– the customer section invalidation mechanism has been refactored to eliminate workload on the server of redundant non-cacheable requests (Merge Request).
– phtml templates have been refactored to explicitly define JS components inside templates which improves the default bundling quality (Merge Request).
– ProductMetadata::getVersion() is now cached which brings performance improvements on the website where 3rd-party modules may call this resource-consuming method (Merge Request).
– EAV attribute retrieval is now cached (Merge Request).

More Info:
[Magento] Magento 2.3.4: Building More Engaging Customer Experiences
[Magento DevDocs] Magento Open Source 2.3.4 Release Notes
[Magento DevDocs] Magento Commerce 2.3.4 Release Notes
[Magento MerchDocs] Engagement Cloud Chat
[Magento Marketplace] Official Authorize.Net integration
[Adobe Security Bulletin] Security Updates Available for Magento | APSB20-02

Magento 2.3.x Release Schedule

Magento has set a schedule of when they plan to release the remaining 2.3.x patch versions of Magento:

– 2.3.5 on Apr 28th, 2020
– 2.3.6 on Jul 28th, 2020
– 2.3.7 on Oct 15th, 2020

Prereleases will be available 2 weeks before the general release date.

More Info:
[Magento DevDocs] Upcoming Releases


The California Consumer Privacy Act (CCPA) went into effect on January 1st. The aim is to extend the rights of Californian consumers to determine how their personal information (PI) will be used, processed and stored on the websites, protecting it from unauthorized processing and selling.

The CCPA grants new rights to consumers:
– right to know (about sharing, collecting and processing PI)
– right to delete (PI from businesses and their internal services)
– right to opt out (from selling PI)
– right to non-discrimination (businesses can’t charge more or provide a lower quality of their products or services to CCPA protected consumers)

Businesses are subject to the CCPA if:
– their gross annual revenue is over $25 million
– they buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices
– their revenue derives 50% or more of the annual revenue from the sale of consumer PI

Get more details about CCPA processes, implications and how Magento advises on becoming compliant below.

More Info:
[eMarketer] CCPA Is Here, But Many Companies Are Still Not Compliant
[Office of the Attorney General] California Consumer Privacy Act – Fact Sheet
[Magento MerchDocs] CCPA Compliance Guide
[Magento DevDocs] California Consumer Privacy Act
[Magento DevDocs] Personal Information Reference

Adobe Solution Partner Program

Adobe is going to retire Magento Solution Partner Programs on March 1st. All existing Magento partners will be mapped to Adobe partner levels, ranging from Platinum to Community, based on FY19 performance.

Explore the benefits of the new partnership program and how to qualify below.

More Info:
[Adobe Solution Partners] Join the Solution Partner Program
[Adobe Solution Partners] Magento and Marketo Partners: Transition to Adobe SPP
[Adobe Solution Partners] All benefits of Adobe partnership
[Adobe Solution Partners] The financial benefits of Adobe partnership

PreImagine In 2020

Magento Imagine is coming! As you remember, Magento Imagine in 2020 will be aligned with Adobe Summit and will take place at the end of March. This time Magento Association will be organizing PreImagine event. Tickets and more information are available on the MA’s website.

Community Award

Traditionally, at the end of January, Magento announces Magento Community awards: Magento Master awards and Top 50 Contributors. We would like to congratulate all community members that were recognized and say thank you for the great effort, time and energy they put to grow our community in all possible ways!

We are super happy to add that this year, Atwix got two Magento Masters:
Yaroslav Rogoza, Magento Master 2019/2020 (Mentor)
Dmytro Cheshun, Magento Master 2020 (Maker)

Also, 6 people from Atwix got into the Top 50 Contributors 2019 list:


Magento 2.3.4 Security Enhancements

Starting from Magento 2.3.4, Magento Admin will not have the ability to specify custom layout updates. This way Magento wants to reduce the vector of possible RCE attacks. See below how that functionality will look after the upgrade.

More Info:
[Max Chadwick] WTF Happened to Custom Layout Updates in Magento v2.3.4

Magecart. Interpol Strikes Back

Interpol helped The Indonesian National Police to arrest three suspects which are related to the Magecart-like skimmer group. Cybersecurity experts believe that the same group is behind the credit card skimming of more than 571 online stores. This skimmer group seems to be much bigger than 3 people as they proceed to operate even after the arrest.

More Info:
[The Hacker News] Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
[Sanguine Security] Indonesian Magecart hackers arrested

Open Source

PWA and PageBuilder Updates

Magento PWA Studio v5.0.0 is out! One of the main functional changes is integration with PageBuilder.

Magento 2 PWA Studio contains the PageBuilder PWA framework that determines whenever the current CMS content is PageBuilder-enabled or not and renders it properly for both cases. PWA Studio includes a component set to render the default set of PageBuilder content types on the Magento PWA Studio side with a possibility to add custom types.

With the latest updates, PageBuilder includes product slider content type:

The next important update from PWA Studio 5 is a scaffolding command to set up a new project in a quick and developer-friendly way. No need to fork Magento PWA Studio anymore. It uses a venia-concept package as a template because it’s a tiny project with most logic taken from @magento/venuia-ui and @magento/peregrine packages.

PWA Studio 5 also includes Peregrine talons. They include the UI component-specific logic separated from the presentation layer.

The state management in PWA Studio 5 relies now on the content providers and not on the Redux directly, separating data by the domain (like catalog, customer, cart data and so on).

Finally, in PWA Studio 5, the custom routing was replaced by React Router.

More Info:
[Github] PWA Studio v5.0.0 – Release Notes
[PWA Docs] Page Builder to PWA integration
[PWA Docs] Scaffolding
[PWA Docs] Talons
[Github] PWA Studio – Page Builder PWA framework Implementation
[Github] PWA Studio – Creating a custom PageBuilder component
[PWA Docs] Peregrin Talons
[PWA Docs] State Management
[PageBuilder Docs] PageBuilder Release Notes

Helpful Projects

shkoliar/magento-grid-colors – Magento 2 module for colorizing admin grids
redchamps/clean-admin-menu – Magento 2 Extension to cleanup admin menu and Store > Configuration area by arranging third party extension items
fballiano/homebrew-mageutils – a homebrew tap for installing Magento utilities
extdn/installer-m2 – Universal extension installer for Magento 2
n98-magerun2 – a new version 4.x is out

Upcoming Events. Don’t Miss!

– Feb 24-27 – eTail West, Palm Springs, CA
– Mar 17-19 – eCommerce One to One, Monaco
– Mar 29-Apr 2nd – Magento Imagine at Adobe Summit, Las Vegas, NV

Want more?

If you need help with customizing your Magento store, feel free to reach out to Atwix.

Make sure to be the first for our March MageNews digest – subscribe to our blog.

See you in a month!

Other Digests:
Atwix MageNews – 2019 in Review
Atwix MageNews – December 2019