Adobe Commerce brings multiple security and product updates in Q4 releases

Graphic of Online Security

Peak selling season is right around the corner for many businesses and online purchases are expected to reach new highs. Your campaigns, special offers, and operations are ready for an influx of orders, but did you think of your storefront's security?

Reviewing your security plans and ensuring your software is up-to-date are important steps to prepare for a successful peak season. Today, we are introducing important new security updates in Adobe Commerce and Magento Open Source with our Q4 release of versions 2.4.3-p1 and 2.3.7-p2 to help you harden your defenses for this critical period.

With these security-only releases, we’ve changed the way session IDs are handled, preventing unauthorized users from performing actions as an authorized user. We have also restricted admin access to media gallery folders to prevent indirect deletion of .htaccess files, and we have lowered the threshold for complex GraphQL queries to help prevent DOS attacks. Also, we have added validation of custom variables to prevent dangerous HTML tags and attributes.

In addition to these security enhancements, we are also announcing several exciting updates outside of the core release on October 12.

OTHER Q4 PRODUCT ANNOUNCEMENTS

Product Recommendations powered by Adobe Sensei (Commerce)

Product Recommendations powered by Adobe Sensei brings several improvements in Q4. Merchants using Adobe Experience Manager or other headless storefront options like React or Vue.js can now integrate Adobe Commerce Product Recommendation units in their sites. New recommendation units are also available to highlight recently viewed products and those with high view-to-purchase and view-to-cart conversion rates, giving merchants new ways to drive sales. We have also added support for B2B sites with customer-specific catalogs and pricing.

Live Search powered by Adobe Sensei (Commerce)

With this update of Live Search powered by Adobe Sensei, catalog onboarding and reindexing times are dramatically reduced, ensuring that search results feature the latest product data. We have improved search relevancy by introducing partial word search along with the full-word search. And coming later in Q4, the Live Search reporting function manages reports tailored for unique searches, zero results, and top products.

Progressive Web Applications (Commerce and Open Source)

With the release of PWA Studio 12, you can say goodbye to spinning wheels for slow-loading pages. We will introduce a new “shimmer” effect that animates the loading elements of your page’s layout, thus improving user experience by letting the shopper know what to expect once the content is loaded. Also with this release, we will deliver an “Add to Cart” button on the category listing pages to drive conversions and aid in purchase flow. Lastly, PWA Studio 12 will deliver improved best practice and SEO scores as measured by Google Lighthouse. Check out the PWA Studio release notes for more information.

Payment Services (Commerce and Open Source)

Coming later in Q4, we will introduce Payment Services for Adobe Commerce and Magento Open Source in North America. Merchants of all sizes will soon have access to a robust, secure, and easily integrated payment solution that can be directly managed from their product Admin.

Asynchronous (High Throughput) Order Processing (Commerce)

We are also introducing enhancements to the Adobe Commerce checkout and cart functionality that support customers with exponentially larger scale needs. With the proper configuration and set up, this optional configuration allows asynchronous order processing, which dramatically increases order throughput and line items in cart. This feature is currently in beta, and will become generally available in December.

You can review the 2.4.3-p1 security release notes, 2.3.7-p2 security release notes, and our Security Bulletin for more information about these security-only releases.

Lastly, on October 18, we will be releasing the first beta for our 2.4.4 release (GA planned for March 8, 2022). We want to remind those partners who have not signed up for our Beta Program that we provide access to our pre-production code ahead of pre-release and general availability. After joining this program, you will be able to evaluate upcoming enhancements and changes included in our next release prior to pre-release and general availability. Our Beta Program is only available to our partners. If you are interested in learning more, review the Beta Program page.