On 28 July 2020, Magento Commerce and Magento Commerce Open Source 2.4 will be released with General Availability.  This release will include important updates to security, quality, and platform technologies along with several new capabilities…

We encourage you to preview the release notes to evaluate what’s included in the latest version of Magento Commerce and plan your upgrade.  Please be advised these release notes will continue to evolve ahead of the release and we recommend reviewing the finalised notes when the release is generally available.  These will be made available by Adobe & Magento Commerce soon.

They will also make available the latest Security-only patch for Magento, 2.3.5-p2, providing you with another update strategy option.


Key feature: Two Factor Authentication in Magento Commerce

As an increasing number of businesses are forced to shift their operations to work-from-home digital solutions, hacking threats are rising.  One of the most common – and basic – threats is from the account login page.

Therefore Adobe & Magento are supporting (and in some cases requiring) 2FA across multiple areas of the Magento Commerce ecosystem.  2FA is a key industry standard to protect your digital storefront against attacks that target the account login.  Using 2FA security will better protect you and your clients from malicious outsiders attempting to perform unauthorised logins at three different points of entry to Magento Commerce:

  1. Services that use your Magento.com credentials such as My Account or the Magento Commerce Help Center.  These are available to configure now.
  2. Accessing the cloud admin using SSH, and the Magento Commerce Admin.  Available in conjunction with the release of 2.4.
  3. Beginning with the release of 2.4, 2FA will be enabled by default for the Magento Commerce Admin and cannot be disabled.  After upgrading, Admin users must configure 2FA before logging in.


Where can I find out more?

You can find the latest release notes from Magento at https://devdocs.magento.com/guides/v2.4/release-notes/release-notes-2-4-0-open-source.html.  If you specifically interest in the security-only patch, read the notes at https://community.magento.com/t5/Magento-DevBlog/Introducing-the-New-Security-only-Patch-Release/ba-p/141287.

For those who are hosted with us, we’ll make these changes for you.  If you want to talk to us about your site and how we can help you, get in touch today.