The last major update to Magento for 2020 is now available. This release marks a policy shift that will reduce the total cost of ownership for the platform.

New Software Lifecycle Policy Reduces TCO and Vulnerabilities

As one of several efforts to reduce platform TCO, Magento has announced a shift in policy. Previously supported versions (2.3.x) will get security-only quarterly releases. This means that the current mainline versions (2.4.x) will be the only ones to receive new features, quality improvements AND security fixes with each quarterly release. By packaging security fixes only, Magento is significantly reducing the effort and risk for the quarterly upgrade process, making it cheaper for security-conscious merchants to stay secure.

The average cost of a data breach is $3.86 million, and 82% of eCommerce stores that had malware were running an unsupported version. Magento’s new approach of doing security-only quarterly releases makes it easier for merchants to reduce their vulnerability. 

Your choices: 

  • Want to maintain the security of your site and have lower upgrade costs? Then stay on the 2.3.x branch while it is supported. General bug fixes for the 2.3.x branch will be made available via the Quality Patches Tool where merchants can opt-in for installations as needed.
  • Want to take advantage of new features? Move to the 2.4.x branch.

More information on the new policy is available from Magento here.

Not Much In Terms of New Functionality … which is a good thing

This close to the 2020 holiday period, a large release would be difficult for merchants who need to guarantee site stability during peak season. What this release does give us is hundreds of quality improvements and more than 15 security fixes.

Security Vulnerabilities Addressed

We’ve seen recent brute force attempts on credit card forms across a range of sites.  Magento is addressing this major problem in this release through the inclusion of CAPTCHA on all payment related APIs.

This new feature allows for rate limiting and then CAPTCHA requirements through the checkout process to stop those bot attacks trying to guess credit card numbers and placing fraudulent orders. The good news is that this feature is also being made available to 2.3.6.

We are also seeing two critical security vulnerabilities being addressed with the release of 2.4.1 and 2.3.6 (also addressed in 2.4.0-p1). These are ranked by Adobe as Priority 2, meaning merchants should have these updates in place within 30 days to ensure their site is both compliant and secure, especially heading in to the holiday period.

Information on the vulnerabilities can be found on the Adobe Security Bulletin here.

Site-Wide Analysis Tool and Reporting

The Site-Wide Analysis Tool has been in the works for 12+ months. It will make its debut in 2.4.1. via the Magento Admin panel. This tool provides insights into the overall health of your Magento site and monitors the infrastructure and application stacks to highlight poor configuration, outdated services or extensions and general opportunities for improvement.

Currently this tool is only available for Magento Commerce customers but stay tuned next year for on-premise support.

A Crystal Ball for 2021

With the new policy in place, 2021 is shaping up to offer far simpler upgrades, allowing merchants to focus on other site improvements. Mark your calendar: 

February: Minor update to Magento 2.4.2 (with feature, quality and security improvements).

May: Security-only release. 

August: Minor update to Magento 2.4.3 (with feature, quality and security improvements). So you’ll have plenty of time to apply the update prior to the 2021 holiday period and focus on security-only patches in October.

October: Security-only release.

Release schedule

Note: exact dates are subject to change.

Need some guidance on getting the most out of Magento? Contact us to speak with one of our Magento and Adobe experts.

Want more eCommerce insight?

Receive the next publications by email.
Out of respect for your inbox, we are committed to delivering only highly-relevant content.

Please complete all fields.
Please enter a valid email address.
IDs are invalid.
Text inputs do not accept special characters.
A problem has occured. Please retry later.
Thank you, you should receive our next eCommerce publications by email.

You have Successfully Subscribed!

Perspectives eCommerce

Recevez les prochaines publications par courriel.
Par respect pour votre boîte de courriels, Absolunet s’engage s’engage à ne distribuer que du contenu hautement pertinent.

Remplissez tous les champs, s'il vous plaît.
S'il vous plaît, mettez une adresse email valide.
Les identifiants sont invalides.
Les entrées de texte n'acceptent pas les caractères spéciaux.
Un problème est survenu. Veuillez réessayer ultérieurement.
Merci, vous recevrez les prochaines perspectives eCommerce par courriel.

You have Successfully Subscribed!

Join our mailing list to receive the latest news and updates from our team.

Commencer votre projet
S’il vous plaît fournir les informations sommaires de votre projet eCommerce et nous indiquer comment vous joindre.

You have Successfully Subscribed!

Start Your Project
Please provide a basic description of your project, and tell us how to reach you.

You have Successfully Subscribed!

Get Our Internal eCommerce Brief

Be the smartest eCommerce person in the room by reading our monthly eCommerce Brief. 4 minutes well-invested.

You have Successfully Subscribed!

Recevez le rapport des perspectives eCommerce

Soyez la personne la plus à l’affût de tout ce qui touche au eCommerce en lisant notre compte-rendu mensuel. 4 minutes bien investies.

You have Successfully Subscribed!

Share This