Atwix MageNews – October 2019

It’s October edition of Atwix #MageNews!
Read us and be updated about the most important news from Magento community.
Let’s get it started!

Content

[Not To Miss] Security-Only Patches
[Not To Miss] Update From the Magento Association
[eCommerce] The State of CBD & eCommerce Platforms
[Security] PHP Core Vulnerabilities Detected
[Community Experience] State of Magento PWA Studio
[Community Experience] Conference Month
[Community Experience] MM19UK Videos
[Community Experience] MageCONF 2019
[Open Source] Smart JS Bundler
[Open Source] Contribute to MerchDocs
[Magento U] Magento OMS Certification
Upcoming Events
Want More?

Not to Miss

Security-Only Patches

Magento continues to focus on security improvements. Starting from 2.3.3 Magento will be providing security-only patches that should make it possible to apply security improvements with minimal impact on the custom codebase and reduce release time. According to ZDNet statistic, about 83% of all hacked Magento instances were outdated. So it’s super important to make the process of patching as quick and less resource-consuming as possible.

Based on merchant and partner feedback, we'll be offering a "security only" option for quarterly patches for Magento 2.3.3 and beyond: https://t.co/oFuX8ksf8f

— Chris Hedge (@ChrisHedge4) September 6, 2019

More Info:
– [DevBlog] Introducing the New Security-only Patch Release

Update from the Magento Association

We also got some news from the Magento Association. During the summer period, Magento Association mostly focused on acquiring Title Partners and funds to support its activity, which turned out to be a difficult task. The key goal now is to have each partner provide not more than 30% of the overall budget to keep the association independent. Another goal is to relaunch MagentoAssociation.org to be based on an association management system that will bring all needed features to the members (like content, member management, event support, etc.). It’s great to mention that more than 600 people registered as volunteers. Magento Association will proceed to engage with them utilizing SmithBucklin’s expertise. Another crucial thing is to support and establish best practices for Magento events organization, which formerly existing Meet Magento Association used to handle. Taking that, we will hear more about the Magento Association in the near future. Join the Magento Association and stay tuned!

More Info:
– [Magento Association] State of the Magento Association – September 2019
– Atwix MageNews June 2019 – Magento Association Membership [Previous Update]
– [Magento Association] Join the Magento Association

eCommerce

The State of CBD & eCommerce Platforms

Recently the topic of cannabis-based products and their selling on different eCommerce platforms got viral. CBD seems to be still a pretty risky niche and not everyone wants to be a part of it yet. Magento Cloud is one example of a platform with zero-tolerant policies regarding CBD. However, merchants can use Magento Open Source and Magento Commerce in on-premise installation way to power CBD business.

More Info:
– [Netalico] The State of CBD in eCommerce

Security

PHP Core Vulnerabilities Detected

A couple vulnerabilities in PHP core were reported. Potentially, they could help hackers to execute an arbitrary code in applications that use affected PHP versions which are: <7.1.32, <7.2.22, <7.3.9 and possibly all older versions. Magento is also based on PHP, so make sure you have your PHP patched.
More Info:
– [Magento Support] Magento Recommendations for PHP Vulnerabilities
– [CIS] Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
– [HackerNews] Multiple Code Execution Flaws Found In PHP Programming Language

Community Experience

State of Magento PWA Studio

A writeup from Kristof Ringleff about the current state of Magento PWA studio, their plans and roadmap.
More Info:
– [Fooman] PWA Studio – Where are we at September 2019?

Conference Month

September was really rich for conferences. We have collected all published presentations in case you missed them:
– [MM19NYC] John Hughes – The Ultimate Guide to Caching in Magento 2
– [MM19NYC] Ivan Chepurnyi – How to import 1 million SKUs under 10 minutes
– [MM19NYC] Tom Robertshaw – MageCart Defence Strategies
– [MageX] Paul Byrne – Using Elm to write flawless javascript on Magento
– [MM19PL] Piotr Siejczuk – Global Reference Architecture: Infrastructure & Application
– [MM19PL] Riccardo Tempesta – Awesome Architectures in Magento 2.3

MM19UK Videos

Meet Magento UK published recordings from this year event. Go and check them out! There are plenty of talks from technical and business tracks.

Fancy learning something new this lunchtime? 💡

Head to the #MM19UK Online Hub to watch talks on a variety of #Magento development topics – from indexing with @JohnHughes1984, to automated testing with @TomMagento and GraphQL with @sergeivaschenko: https://t.co/Fa4etP6Raa pic.twitter.com/qq1Bx7CR63

— Meet Magento UK (@MeetMagentoUK) September 11, 2019

More Info:
– [Youtube] MM19UK – Talk Playlist
– [Meet Magento UK] Talks

MageCONF 2019

MageCONF conference took place in Kyiv gathering over 650 participants. This makes MageCONF the largest technical Magento event worldwide. Contribution Day predating the MageCONF also set a record with over 100 participants. Pictures are available on event’s Facebook Albums.

Amazing #Magento 2.3 architectures by @RicTempesta… over 400 people in the room of this #MageCONF breakout section! pic.twitter.com/1FPkYCxuIU

— Slava Kravchuk (@slkra) September 28, 2019

More info:
– MageCONF 2019 Pictures
– Magento Contribution Day at MageCONF 2019 Pictures

Open Source

Smart JS Bundler

Baler is a new project aimed to handle the issue of lacking smart and optimal JS bundling in Magento 2 storefront themes. It’s not production-ready yet, but it’s definitely worth checking out.
More Info:
– [Github] magento/baler – AMD module bundler and preloader for Magento 2 stores.
– Atwix MageNews August 2019 – Magento 2 JS Bundling

Contribute to MerchDocs

Magento finally opened MerchantDocs for contributions!
Now this project is available on the Github and powered by Jekyll. Feel free to jump in and contribute!

You know our #Merchant #Docs are open source now… go contribute!

1. Go to repo https://t.co/nI55aBHhbt.
2. Find your file in /src.
3. Click pencil icon.
4. Edit + commit.
5. Add PR info + labels.
6. YAY! Wait for our review.

(Or click Edit this page in GH at top of any page.)

— Magento DevDocs (@MagentoDevDocs) September 23, 2019

More Info:
– [GitHub] Magento MerchDocs
– [Magento Slack] #merchdocs channel

Magento U

Magento OMS Certification

Magento U released a new certification that covers the developer’s knowledge, experience, best practices and integration flow of Magento Order Management System. The new exam has the same conditions as the rest of Magento professional exams.
More Info:
– [Magento U] Magento 2 Certified Order Management Developer
– [Magento DevDocs] Order Management System (OMS)

Upcoming Events. Don’t Miss!

– October 4th – Meet Magento Baltics, Riga, Latvia
– October 15th – Meet Magento Sweden, Stockholm, SE
– October 22-23rd – Magento Live, Amsterdam, NL
– October 28rd – Meet Magento Spain, Madrid, ES

Want more?

Make sure to be the first for our November MageNews digest – subscribe to our blog.

See you in a month!

Other Digests:
– Atwix MageNews – September 2019
– Atwix MageNews – August 2019

Cookie	Duration	Description
__jid	1 day	Used to add comments to the website and remember the user's Disqus login credentials across websites that use said service.
cf_ob_info	past	The cf_ob_info cookie is set by Cloudflare to provide information on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
li_gc	2 years	Linkeding cookie that stores the user's cookie consent state for the current domain
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	Google Analytics cookie. Used to identify unique users and expires after two years
_gat	1 day	Used by Google Analytics to throttle request rate
_gid	24 hours	Google Analytics cookie. Used to identify user and expires in 24 hours.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar cookie. Used to detect the first pageview session of a user. 30 minutes duration. Boolean true/false data type.
_hjFirstSeen	User session	Hotjar cookie. Identifies a new user’s first session. Used by Recording filters to identify new user sessions. Session duration. Boolean true/false data type.
_hjIncludedInPageviewSample	30 minutes	Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's pageview limit. 30 minutes duration. Boolean true/false data type.
_hjIncludedInSessionSample	30 minutes	Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's daily session limit. 30 minutes duration. Boolean true/false data type.
_hjRecordingLastActivity	User session	Hotjar cookie. Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes
_hjSession_2881021	30 minutes	Hotjar cookie. Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. 30 minutes duration. JSON data type.
_hjSessionRejected	User session	Hotjar cookie. If present, set to '1' for the duration of a user's session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload. Applied in extremely rare situations to prevent severe performance issues. Session duration. Boolean true/false data type.
_hjSessionUser_2881021	1 year	Hotjar cookie. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type.
_hjTLDTest	User session	Hotjar cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
AnalyticsSyncHistory	29 days	Linkedin cookie. Used in connection with data-synchronization with third-party analysis service.
disqus_unique	1 year	Disqus cookie. Collects statistics related to the user's visits to the website, such as number of visits, average time spent on the website and loaded pages.
https://#.#/	User session	leadfeeder.com cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
juggler/event.gif	User session	Disqus cookie. Identifies the visitor across devices and visits, in order to optimize the chat-box function on the website.

Cookie	Duration	Description
aet-dismiss	User session	Disqus cookie. Necessary for the functionality of the website's comments system
drafts.queue		Disqus cookie. Necessary for the functionality of the website's comments system
lang		Linkedin cookie. Remembers the user's selected language version of a website
submitted_posts_cache	User session	Disqus cookie. Necessary for the functionality of the website's comments system

Cookie	Duration	Description
_hjRecordingEnabled	User session	Hotjar cookie. This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange.
_lfa	2 years	Leadfeeder cookie. Used to store and track audience reach and expires in 2 years.
_lfa_expiry	persistent	Leadfeeder cookie. : Contains the expiry-date for the cookie with corresponding name
_lfa_test_cookie_stored	1 day	Leadfeeder cookie. Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes
ads/ga-audiences	User session	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.
badges-message	Persistent	Disqus cookie. Used for comments functionality
bcookie	2 years	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
bscookie	2 years	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
lidc	1 day	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
UserMatchHistory	29 days	Linkedin cookie. Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.