While the buzz created by Magento 2.3 is not over yet, Magento has released Magento 2.3.1 with great features, critical bug fixes, 30 security enhancements, 200 core functional fixes and 500 pull requests contributed by the community.
Before we dive into Magento 2.3.1
Before we jump into the exciting features of Magento 2.3.1, every Magento store owner and developer must be aware of the critical problems in Magento which should be taken care of immediately.
1. SQL vulnerability
There is a critical SQL injection vulnerability in pre 2.3.1 Magento code.
SQL injection is the process of sending malicious code to gain access and modify data. In this case, hackers can gain access to sensitive banking information of customers.
To protect your site from this vulnerability, download and apply the patch available here.
2. PayPal Payflow Pro active carding
The PayPal Payflow integration in Magento is being targeted by hackers for carding activity, which means these hackers check the validity of the stolen cards by making $0 transactions.
Magento has recommended using Google reCAPTCHA on the Payflow Pro checkout. For more details click here.
3. Authorize.Net support end for MD5 hash
Also, if your Magento site is using Authorize.Net MD5 hash and if you don’t plan to update to 2.3.1, then you have to follow these steps to fix Authorize.Net payment method. Otherwise, your site won’t be able to process payments via Authorize.Net from June 28, 2019.
If you need any help in any of the problems mentioned above you can get help from our Magento experts.
Now let’s focus on Magento 2.3.1 features and advantages
What merchants should know about Magento 2.3.1?
1. Creating orders in the back-end is now easy
The delays in back-end for making changes to billing and shipping addresses are eliminated. This helps to achieve a faster order creation workflow.
2. PDP images can be uploaded without downsizing and compressing
Merchants can directly upload PDP (Product Detail Page) images larger than 1920 x 1200 without being downsized and compressed by Magento. In older Magento versions when a merchant uploads a product image larger than 1920 x 1200, Magento will resize and compress the image.
3. Inventory management 1.1.0
3.1 Distance-priority algorithm (SSA)
This feature analyses the shipping destination location with the source fulfillment shipments to find the nearest fulfillment location. The best part of this feature is that the nearest fulfillment location can be determined based on distance or time for traveling. In addition to that, Pick In Store option is added.
Future store pickup customer experience in Magento 2.3.1 #magento#magentomsi#MLAUpic.twitter.com/lpWmu2I3yt
— Aman Agarwal (@AmanAga31031991) February 14, 2019
3.2 Elasticsearch for custom stocks
Elasticsearch was only supported for Single Source mode for Default Source. With 2.3.1 it is also supported for custom stocks. In addition to that, filtering search results is also added.
Apart from these, Amazon sales channel and support for DHL are also added.
What developers should know about Magento 2.3.1?
1. Upgrade process dependency assessment automation
A composer plugin magento/composer-root-update-plugin which can automatically update all dependencies in composer.json during a Magento 2.x upgrade is introduced.
2. Enhancements
Significant improvements have been added in Progressive Web Apps (PWA) studio and GraphQL.
3. Performance improvements
- The admin order creating page can now handle 3000 addresses. This is made possible by rewriting customer address handling with UI components.
- Grid format has been enabled to display the list of additional customer addresses which are contained in the storefront customer address book.
- Billing and shopping data will not be cleared if the customer interrupts the checkout process. Earlier, if the cart was updated by the customer, the checkout data would be deleted.
4. Advancements in infrastructure
- Elasticsearch 6.0 is now supported.
- Redis 5.0 is now supported.
- Magento 2.3.1 is now compatible with PHP 7.2.x.
- For Authorize.Net payment, Accept.js library is used.
5. Security improvements
- 30 security enhancements.
- Protection against SQL injection.
- New Authorize.Net extension is added to replace Authorize.Net Direct Post Module.
Other Enhancements
1. Amazon Pay
Multi-currency support was added for merchants in EU and U.K region. Almost 12 currencies have been added.
2. Magento Shipping
- Merchants can cancel the shipment that has not been dispatched yet by accessing the shipment and clicking on Cancel Shipment.
- Magento Shipping portal can be accessed using Magento using the credentials that are saved in Magento instance.
3. Cart and checkout
- The special product price error is now fixed. Earlier Magento displayed the regular price when the special product price of the product was 0.00.
- Infinite loading indicator used to appear in case of an error during checkout and it is fixed in this Magento version.
- Clear shopping cart button only used to only reload the page and not clear the shopping cart. This problem is now solved.
- Another issue fixed is the force logout of the customer when an item is added to the cart and mini-cart icon is clicked multiple times.
- Configuring a product after adding it to a cart is now possible, earlier Magento caused errors.
4. Our Contributions to Magento 2.3.1
We at Codilar are a team of Magento experts, but how can we be experts if we haven’t contributed to making Magento better. Almost all Magento releases comprise fixes from our Magento developers.
This time there are two Magento 2.3.1 fixes from Codilar:
- Fixed an issue with
\Magento\Catalog\Model\Product::getQty()
where float/double was returned instead of a string in most cases in pull request 18149. - Fixed an issue with inaccurate floating point calculations during checkout in pull request 18185.
Should I upgrade my Magento store to Magento 2.3.1?
Unlike the previous version Magento 2.3 that came with awesome features like Magento PWA, Magento 2.3.1 is mainly about performance, security and bug fixes. One mandatory reason to upgrade to Magento 2.3.1 is the SQL injection vulnerability. If exploited, it can allow hackers to access sensitive data including credit card details. Magento has recommended switching to version 2.3.1 for all Magento stores below 2.0 that are planning for an update
“Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.1.” – Magento Security Team
Let us know what you think about Magento 2.3.1 in the comment section below!