Last Updated on 2021-02-11 by aeno
Today Magento has released the new Magento 2.4.2 version along with security updates for the 2.4.1 and 2.3.6 branches. The newly released versions affect both the Open Source and Commerce editions and have the version numbers:
- Magento 2.4.2 (new minor release)
- Magento 2.4.1-p1 (new security update)
- Magento 2.3.6-p1 (new security update)
See our Magento 2 version overview for a list of recent, current and upcoming Magento 2 releases.
Security vulnerability fixes
According to the Adobe security bulletin, all three updates contain fixes for 18 security vulnerabilities. These contained bugs allowing uploading arbitrary file types to the server, cross-site scriptings (XSS attacks), remote code execution (RCE-attacks), SQL injection, cross-site request forgery (CSRF attacks), several security bypasses and more.
Additionally, the dependency to AngularJS that is used in the Magento extension manager was updated to version 1.7.9.
Improved and new features in Magento 2.4.2
Magento 2.4.2 introduces a lot of new and improved features, such as:
- support for Composer 2
- a new media gallery usable in catalog and CMS content
- increased performance allowing over 200 million effective SKUs
- more GraphQL coverage
- PWA Studio enhancements
- updated bundled vendor modules (Amazon Pay, Braintree, dotdigital, Klarna, Vertex Cloud and Yotpo)
- Fixed issues across most of the core modules
Backwards incompatible (breaking) changes
Magento 2.4.2 introduced new methods for managing compare lists with the \Magento\Catalog\Model\ResourceModel\Product\Compare\Item\Collection class. These changes are accompanied by moving the storage of compare list data from session storage to the database.
These changes are purely additive but might affect third-party extensions that manage compare lists.