What's new

Welcome to NullScriptz - NulledScriptz

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

Ask question

Ask Questions and Get Answers from Our Community

Answer

Answer Questions and Become an Expert on Your Topic

Requests

Can't find what you are looking for, request it in our request section our staff and members will do their best to help you!

  • Due to new payment rules, all accounts must have a 2-step verification.
Magento 2.4.0 (Open Source)

Clean code Magento 2.4.0 (Open Source) 2.4.0

No permission to download
Your advertisement here?
Magento Open Source 2.4.0 introduces support for PHP 7.4, Elasticsearch 7.6.x, and MySQL 8.0. Substantial security changes include the enablement of two-factor authentication in the Admin by default.

With this release, the Authorize.Net and Braintree payment method integrations have been removed from core code. Merchants should migrate to the official extensions that are available on the Magento Marketplace.

This release includes all the improvements to core quality that were included in Magento 2.3.5-p1, over 100 new fixes to core code, and 30 security enhancements. It includes the resolution of 226 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in Inventory Management and GraphQL.

Minor releases bring substantial code enhancements. Before upgrading to Magento 2.4.0, confirm that your environment meets the minimal technical stack requirements.


Quarterly releases may contain backward-incompatible changes (BIC). Magento 2.4.0 contains minor backward-incompatible changes. To review minor backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)


The package names of security-only releases are typically appended with -p1. However, we could not avoid deviating from these naming conventions with Magento 2.3.5, which in turn has had a temporary ripple effect on the subsequent security package names. Specifically, the full-feature Magento 2.3.5 release is Magento 2.3.5-p1. The security-only release that we will release when Magento 2.4.0 GAs will be Magento 2.3.5-p2. We hope to return to the usual naming conventions in future releases.

Security-only patch available
Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release (for example, Magento 2.3.5-p2) provides. Patch 2.3.5.2 (Composer package 2.3.5-p2) is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.5-p1. All hot fixes that were applied to the 2.3.5 release are included in this security-only patch. (A hot fix provides a fix to a released version of Magento that addresses a specific problem or bug.)

For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.5-p2), see Install Magento using Composer. Security-only patches include security bug fixes only, not the additional security enhancements that are included in the full patch.

Other release information
Although code for these features is bundled with quarterly releases of the Magento core code, several of these projects (for example, Inventory Management and Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.

Highlights
Look for the following highlights in this release:

Substantial security enhancements
This release includes over 30 security fixes and platform security improvements.

Over 30 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities
No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP allowlisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin, and good password hygiene. See Security Updates Available for Magento for a discussion of these fixed issues. for a discussion of these fixed issues.

Additional security enhancements
  • Implementation of 2FA for Admin accounts, Magento.com user accounts, and Cloud SSH access
    • Securing your Magento Admin account. Two-factor authentication (2FA) is now required for the Magento Admin. Admin users must first configure their 2FA before logging into the Admin through either the UI or a web API. 2FA is enabled by default. We strongly recommend against disabling the 2FA module. This extra step of authentication makes it harder for malicious users to log in to the Admin without authorization. See Two-factor Authentication (2FA).
    • Securing your Magento account. Two-factor Authentication (2FA) provides an added, optional layer of security to better protect your Magento.com account from unauthorized users who might want to use your account in ways you do not want. See Securing Your Account.
  • Securing Cloud SSH access. Magento Commerce Cloud provides multi-factor authentication (MFA) enforcement to manage authentication requirements for SSH access to Cloud environments. Multi-factor authentication for 2FA is not enabled by default on a project. Magento highly recommends enabling this feature. Contact Support for assistance. See Enable multi-factor authentication for SSH access.
  • Template filter strict mode is now enabled by default. Magento components (including CMS pages and blocks) that use the template filter in legacy mode can be vulnerable to remote code execution (RCE). Enabling strict mode by default ensures that RCE attacks cannot be deliberately enabled.
  • Data rendering for UI data providers is now disabled by default. This removes an opportunity for malicious users to execute arbitrary JavaScript.
  • New \Magento\Framework\Escaper class. This class is provided for .phtml templates and the PHP classes that are responsible for generating HTML. This class contains HTML sanitization methods relevant to multiple contexts. The $escaper local variable is available inside .phtml templates and should be used instead of the deprecated $block->escape{method}. Use $escaper rather than $block as the use of $block->escape{method} has been deprecated.
  • Support for new security.txt file. This file is an industry-standard file on the server that helps security researchers report potential security issues to site administrators.
Starting with the release of Magento Commerce 2.3.2, Magento will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This allows users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment. You can learn more about CVE identifiers at CVE.

Platform upgrades
The following platform upgrades help enhance website security and performance. Supported versions of PHP and PHPUnit, Elasticsearch, MySQL, and other dependencies are listed in Magento 2.4 technology stack requirements.

  • PHP 7.4 support introduced and PHP 7.1 and 7.2 deprecated. Magento 2.4.0 introduces support for PHP 7.4.
  • Support for PHPUnit 9.x and deprecation of PHPUnit 6.5. PHP 7.4 requires the use of the latest PHPUnit testing framework, which is PHPUnit 9.x. Magento Marketplace extension vendors must confirm that all new extension versions are compatible with PHP 7.4 and that all unit and integration tests have been configured to be run with PHPUnit 9.
  • Elasticsearch 7.6.x support. Elasticsearch 7.6.x is now the default catalog search engine for Magento Commerce and Open Source. You cannot install or upgrade to Magento 2.4.0 without also installing Elasticsearch 7.6.x. Elasticsearch version 2.x code has been removed. Elasticsearch versions 5.x and 6.x have been deprecated and are no longer supported. See Elasticsearch.
  • MySQL 8.0 support. Magento 2.4.x supports MySQL 8.x. (Magento 2.4.0 was tested with MySQL 8.0.20.) Merchants are encouraged to migrate their deployments to MySQL 8.x to take advantage of its improved performance, security, and reliability. Although MySQL 5.7 is still supported for Magento 2.4.x, MySQL 5.6 is no longer supported. You cannot host Magento 2.4.x with a MySQL 5.6 database. See MySQL.
  • Removal of the MySQL catalog search engine. The MySQL search engine has been removed from Magento 2.4.0 and replaced as the default search engine with Elasticsearch. Elasticsearch provides superior search capabilities as well as catalog performance optimizations. All merchants must have Elasticsearch to install and deploy Magento 2.4.0. See Check the catalog search engine.
  • MariaDB 10.4 support. Support for MySQL 8.0 provides the opportunity for merchants to deploy MariaDB 10.4 with Magento. Although merchants can still use MariaDB 10.2 with Magento 2.4.0, we recommend upgrading to MariaDB 10.4 for improved performance and reliability. MariaDB 10.0 and 10.1 are no longer supported (as a result of removing support for MySQL 5.6 in this release).
  • Migration of dependencies on Zend Framework to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated. See the Migration of Zend Framework to the Laminas Project DevBlog post.
  • Decomposition of Magento Controllers allows extension developers to implement ActionInterface directly without “layer supertype” classes. See the Decomposition of Magento Controllers DevBlog post. Enhancement started by Vinai Kopp in pull request 16268 and finalized by Lukasz Bajsarowicz in pull request 26778. GitHub-9582
  • Removal of the core integration of the Signifyd fraud protection code. This core feature is no longer supported. Merchants should migrate to the Signifyd Fraud & Chargeback Protection extension that is available on the Magento Marketplace.
  • The core Braintree module has been removed from the code base. The Braintree Payments module now provides the same feature set. See Braintree Payments.
  • The Internet Explorer 11.x browser is no longer supported.
Infrastructure improvements
This release contains enhancements to core quality, which improve the quality of the Framework and these modules: Customer Account, Catalog, CMS, Import, Cart and Checkout, and B2B.

  • Removal of core integration of third-party payment methods. With this release, the Authorize.Net payment method integration has been removed from core code. Merchants should migrate to the official extension that is available on the Magento Marketplace. See the Deprecation of Magento core payment integrations devblog post.
  • Support for partial-word search for Elasticsearch (new default search engine). Elasticsearch now supports the use of partial words in search terms for product names and SKUs when using quick search. This capability was supported by the MySQL search engine, which has been deprecated and replaced by Elasticsearch in this release.
  • PayPal JavaScript SDK upgrade. We’ve migrated the PayPal Express Checkout integration to the latest PayPal JavaScript SDK, an SDK that automatically collects and passes needed risk parameters to PayPal. The behavior of the PayPal Express Checkout payment method remains unchanged. However, upgrading this SDK to the latest version let merchants access the latest features and security enhancements.
  • Deprecation and removal of the Web Set Up Wizard. You must use the command line to install or upgrade Magento 2.4.0. See Install Magento.
  • Composer update plugin. Composer plugin streamlines the upgrade process by resolving changes that must be made to the root project composer.json file before updating to a new Magento product requirement. This plug-in protects against overwriting customizations. See Upgrade using the Magento composer root plugin.
  • Seller-assisted shopping. This feature allows merchants to view the storefront on behalf of their customers. Customers opt to allow storefront access to their accounts. This community-developed feature includes an original extension developed by MAGEFAN. See Seller Assisted Shopping. Features include:
    • ACL to control which administrators can log in to customer accounts can be configured on a per-website basis
    • Compatibility with multiple websites and customer account scopes
    • Orders placed on behalf of customers are logged in the storefront and Admin
    • All sessions are destroyed following administrator logout, and administrators cannot access customer passwords.
Performance improvements
  • Improvements to customer data section invalidation logic. This release introduces a new way of invalidating all customer sections data that avoids a known issue with local storage when custom sections.xml invalidations are active. (Previously, private content (local storage) was not correctly populated when you had a custom etc/frontend/sections.xml with action invalidations.) See Private content.
  • Multiple optimizations to Redis performance. The enhancements minimize the number of queries to Redis that are performed on each Magento request. These optimizations include:
    • Decrease in the size of network data transfers between Redis and Magento
    • Reduction in Redis’ consumption of CPU cycles by improving the adapter’s ability to automatically determine what needs to be loaded
    • Reduction in race conditions on Redis write operations
  • See Use Redis for the Magento page and default cache and Configure caching.
  • Improved caching of results of SQL queries to inventory tables. These enhancements include:
    • Caching of SQL queries to the inventory_stock_sales_channel table (1 query instead of 16)
    • Caching of result of queries to the inventory_stock table (1 query instead of 16)
  • Improvement of up to 25-30% to Quick Order add-to-cart performance.
  • Merchants can now use lazy loading to load images. See Configure theme properties.
Adobe Stock Integration v2.0
Ability to license stock image previews from the Media Gallery. Merchants can now find any Adobe Stock preview image in the Media Gallery, which reduces the number of steps required to license stock preview image.

New Media Gallery
This replacement for the former Media Gallery offers a new, searchable interface for Magento media assets. Administrators can now search, filter, and sort images up to 30x faster than they could in the earlier version of this feature. Merchants can use this tool to evaluate storefront image usage. Extension developers should be aware that extensions that were developed for the Media Gallery will not work as expected with the new Media Gallery.

Inventory Management
Inventory Management enhancements for this release include support for in-store pickup and bundle product support. See Inventory Management release notes for a more detailed discussion of recent Inventory Management bug fixes.
  • Like
Reactions: lazersate
Author
WinSys32
Downloads
1
Views
53
Extention type
zip
File size
166.4 MB
Hash
f23df58d46d2b4f0191eb7168f3078a5
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from WinSys32

Similar resources
Resource starter Title Category Downloads Last update
WinSys32 Clean code Magento 2.4.0 (Open Source) + Sample Data Magento 2.x Releases 1
shape1
shape2
shape3
shape4
shape7
shape8
Top