Showing results for 
Search instead for 
Did you mean: 

Important Security and Performance Updates Now Available in Magento Commerce 2.4.1

Ben Marks
Certification Board Member

We are excited to announce the release of the latest versions of Magento Commerce and Magento Open Source: 2.4.1, 2.3.6, and 2.4.0-p1. With important updates to security and performance, we strongly recommend that you take advantage and upgrade as soon as possible to ensure your sites remain secure, compliant, and optimized for the highest level of performance ahead of this holiday season. 



Feature highlights of this release include: 



Continuing our commitment to B2B, this release includes multiple updates that enhance the user experience and increase security. Buyers now benefit from personalized shipping methods, faster requisition list creation, and approval workflow usability enhancements. Sellers can charge to company credit using payment on account when creating orders in the admin and Google reCAPTCHA is included on the new company request form to reduce creation of fraudulent accounts. 


Site-Wide Analysis Tool 

In September, Adobe launched automated monthly delivery of Site-Wide Analysis Tool (SWAT) reports to Magento Commerce Cloud customers. With the release of Magento v2.4.1, the Site-Wide Analysis Tool Portal is now fully integrated with the Magento Admin Panel.  With this integration, Commerce Cloud customers will have real-time access to the Site-Wide Analysis Tool dashboard that shows and explains their site health, performance, functionality, and offers recommendations to fix issues found. 


Enhanced Security  

We have added CAPTCHA for improved security to order placement and WEB API endpoints related to payment information. Likewise, in 2.4.1, we added SameSite cookie attribute support.  


Faster Content Creation and Improved Storefront Experience 

We continue to improve the content workflow in Magento 2.4.1. The new Media Gallery, introduced in Magento 2.4, now allows bulk image operations, duplicate detection, and custom metadata. We're also lowering the cost and time to market for headless storefronts as we continue to build out PWA Studio components and expand GraphQL coverage for key Magento capabilities, including product reviews, gift options, and rewards. 



In addition to our latest features and enhancements, Adobe is updating our software lifecycle policy regarding supported minor versions. Starting 2021, supported versions that are no longer the most current minor release line of Magento (currently only 2.3) will move to security-only updates. All quality updates for 2.3.x will instead be distributed through the new Magento Quality Patches (MQP) tool. The most current release line (2.4 as of June 28, 2020) will continue to receive quality and security updates through the same existing quarterly release cycle until the release of 2.5, at which time it will move into a security-only cycle, as well. 



In December 2021, PHP 7.3 will reach its end of support. To ensure compatibility and compliance for the 2.3 release line, we will add support for PHP 7.4 to the release of Magento 2.3.7 in May 2021. This update will bring backward incompatible changes into 2.3.7 that may affect your site and extensions. To avoid unwanted interruptions, we encourage all merchants to adopt our latest minor release 2.4.x, which supports PHP 7.4 today, or update to 2.3.7 once available. You can learn more about PHP 7.4 support here. 


Review our blog post and release notes to read more about the latest enhancements and visit our Security Bulletins for more information about security updates included in these new versions. 


Best regards, 

The Magento Commerce Team