Showing results for 
Search instead for 
Did you mean: 

Now Available: Important Security and Performance Updates, in the New Magento Commerce 2.4.2 Release

Ben Marks
Certification Board Member

We are excited to announce the release of Magento Commerce and Open Source 2.4.2, along with security-only patches 2.3.6-p1 and 2.4.1-p1. With important updates to security and performance, we strongly recommend that you take advantage and upgrade as soon as possible to ensure your sites remain secure, compliant, and optimized for the highest level of performance. 


MAGENTO 2.4.2 

Magento Commerce 2.4.2 includes several enhancements, quality improvements, and upgrades. Feature highlights of this release include: 


B2B (Magento Commerce only) 

Enhancements to the B2B buyer and seller purchase approval experience include support for online payments, which gives sellers the flexibility to accept purchasing policies regardless of payment method; and new GraphQL APIs to improve B2B headless capabilities. 


PWA Studio 

PWA Studio improvements enable merchants to accelerate the launch of international sites as high-performing PWAs with multi-language and multi-currency support. The latest 9.0.0 release also adds new “My Account” components for Venia, extensibility improvements, and performance optimizations. The added features and enhancements should result in faster time to market and a lower total cost of ownership with PWA Studio. 


Interactive in-Product Guidance (Magento Commerce only) 

Interactive In-Product Guidance has been added, providing your merchants with help and tips on better utilization of the product from within the Admin UI. Content such as new feature announcements, walk-through guides, onboarding information, tool tips and more will be available via this feature. If not already enabled, users must “opt-in” via the Admin UI to receive in-product guidance.   


Security, Quality, and Performance 

More than 35 security improvements and 280 performance issues have been included in 2.4.2, including but not limited to, all core cookies now support the SameSite attribute, malicious content warnings, expansion of GraphQL API, and scalability for eSKUs increased to 20x larger. Also, Media Gallery now supports web optimization for images to improve storefront performance. 




AWS S3 Remote Storage (Magento Commerce only) 

Magento Commerce hosted in the cloud has added new functionality for Remote Storage allowing merchants to use third-party file storage systems with native support for AWS S3 storage. For more on configuring Remote Storage see our DevDocs. 


Upgrade Compatibility Tool (Magento Commerce only) 

This release includes the ALPHA version of the Upgrade Compatibility Tool. This tool enables merchants to compare their current production system to a new release. The tool returns warnings or issues that may exist between any custom modules or codes that require modifications prior to upgrading. For more information, see our Magento blog.


Split Database (Magento Commerce only) 

Split Database functionality has been marked as deprecated in this release and will be removed in 2.5. For more information, see our DevBlog.


Vendor Bundled Extensions (VBE) 

Amazon Pay VBE is marked as deprecated and will be removed in Magento 2.5. The extension and all functionalities will continue to be available to merchants through their extension on the Magento Marketplace. 


To learn more about what’s included in this release and Magento Commerce 2.4.2, visitour blog,Prepare for Continued Digital Commerce Growthwith Magento 2.4.2.You can also review the release notes to read more about the latest enhancements and visit our Security Bulletins for more information about security updates included in these new versions. 

New Member

Ainda não é possível baixar a versão 2.4.2



Occasional Contributor

Lovely, except that Magento 2.3.6-p1 completely breaks compatibility with PHP 7.2, which is absolutely unacceptable for a patch update. Like, you can't even load a page without gettin the following exception:


Failed to set ini option “session.cookie_samesite” to value “Lax”.


Do you guys even quality control?


Yes, we would love to update to PHP 7.3 or 7.4, but we have extension compatibility issues that must be resolved (including our base theme), which will be a ton of internal dev work to resolve. Not being able to apply security updates is not cool.

Occasional Contributor

Not to be a debbie downer but the Magento doc says:


PHP 7.1 and 7.2 have reached End of Life. To maintain PCI compliance, Magento should not be run on unsupported software. Magento 2.3.x supports PHP 7.3 only and has not been tested with PHP 7.1 or 7.2.


Hello Magento Folks,


Great News for Magento Developers, Magento Merchants, and all those who love Magento


The latest release notes will bring security enhancements, performance enhancements, and platform improvements. Elaborating the support for SameSite attribute for cookies, support for Elasticsearch 7.9.x, and Redis 6.x are other major updates.


Magento 2.4.2 was pre-released on 26 Jan 2021 by the official Magento. The latest release contains 280 new fixes of core code and 30+ security enhancements. Solution for around 290 Github issues has been provided in the new release. Moreover, all the noted issues of Magento 2.4.1 has been resolved in this release. 


Let us unfold the latest Magento 2.4.2 release notes 


Security-only patch available:


All the vulnerabilities available in previous versions of Magento are fixed in Magento 2.4.2 with security-only patch The merchants can install time-sensitive security fixes without implementing hundreds of functional fixes.


Security Enhancements:


Above 35 security enhancements to support lose remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities. Furthermore, all core cookies support the SameSite attribute.


Infrastructure Improvements:


Improvements in quality of framework in functional areas like Customer Account, Catalog, CMS, OMS, Import/Export, Promotions and Targeting, Cart and Checkout, and Staging and Preview.


Platform Enhancements:


Enhanced support for Elasticsearch 7.9.x. Although the support for Elasticsearch 7.4.x will still be compatible. Enhanced support for Redis 6.x. Although the support for Redis 5.x will still be compatible. Magento 2.4.2 is tested with Varnish 6.4 and is compatible with Composer 2.x.


Performance Enhancements:


With code enhancements, it will help to boost API performance and admin response time implementing large catalogs. Support for complex catalogs up to 20x larger than previous versions.




It includes support for localization across stores. Includes optimization of product data retrieval for configurable products with many variants. It honors catalog permissions.


PWA Studio:


The PWA Studio release includes internationalization and localization, support for multiple stores, My Account for Venia, enhance extensibility, and performance optimization.


Media Gallery:


Allow admin to control media gallery for the actions like Insert media assets into content, upload, edit and delete assets, manage folder structure and web-optimized images in the content.


Magento Functional Testing Framework (MFTF):


MFTF 3.2.1 is now available. It involves error tolerance in both tests and test suit generation.


AWS S3 Support Enhancements:


The AWS S3 support enhancements for object storage, storage of media files, and future extensibility.


Magento Commerce 2.4.2 Highlights:


  • Magento 2.4.2 initiates B2B v1.3.1.
  • Support for online payments and bug fixes.
  • Substantial enhancement to Page Builder content migration and Page Builder CSS customization.


Final Words:


Hence, it was all about the Magento 2.4.2 latest pre-release notes. Hurry up and upgrade your store to the latest Magento version. << Snipped >>


Happy Reading!