While the buzz created by Magento 2.3 is not over yet, Magento has released Magento 2.3.1 with great features, critical bug fixes, 30 security enhancements, 200 core functional fixes and 500 pull requests contributed by the community.
Before we dive into Magento 2.3.1
Before we jump into the exciting features of Magento 2.3.1, every Magento store owner and developer must be aware of the critical problems in Magento which should be taken care of immediately.
1. SQL vulnerability
There is a critical SQL injection vulnerability in pre 2.3.1 Magento code.
SQL injection is the process of sending malicious code to gain access and modify data. In this case, hackers can gain access to sensitive banking information of customers.
To protect your site from this vulnerability, download and apply the patch available here.
2. PayPal Payflow Pro active carding
The PayPal Payflow integration in Magento is being targeted by hackers for carding activity, which means these hackers check the validity of the stolen cards by making $0 transactions.
Magento has recommended using Google reCAPTCHA on the Payflow Pro checkout. For more details click here.
3. Authorize.Net support end for MD5 hash
Also, if your Magento site is using Authorize.Net MD5 hash and if you don't plan to update to 2.3.1, then you have to follow these steps to fix Authorize.Net payment method. Otherwise, your site won’t be able to process payments via Authorize.Net from June 28, 2019.
If you need any help in any of the problems mentioned above you can get help from our Magento experts.
Now let’s focus on Magento 2.3.1 features and advantages
What merchants should know about Magento 2.3.1?
1. Creating orders in the back-end is now easy
The delays in back-end for making changes to billing and shipping addresses are eliminated. This helps to achieve a faster order creation workflow.
2. PDP images can be uploaded without downsizing and compressing
Merchants can directly upload PDP (Product Detail Page) images larger than 1920 x 1200 without being downsized and compressed by Magento. In older Magento versions when a merchant uploads a product image larger than 1920 x 1200, Magento will resize and compress the image.
3. Inventory management 1.1.0
3.1 Distance-priority algorithm (SSA)
This feature analyses the shipping destination location with the source fulfillment shipments to find the nearest fulfillment location. The best part of this feature is that the nearest fulfillment location can be determined based on distance or time for traveling. In addition to that, Pick In Store option is added.
3.2 Elasticsearch for custom stocks
Elasticsearch was only supported for Single Source mode for Default Source. With 2.3.1 it is also supported for custom stocks. In addition to that, filtering search results is also added.
Apart from these, Amazon sales channel and support for DHL are also added.
What developers should know about Magento 2.3.1?
1. Upgrade process dependency assessment automation
A composer plugin magento/composer-root-update-plugin which can automatically update all dependencies in composer.json during a Magento 2.x upgrade is introduced.
Significant improvements have been added in Progressive Web Apps (PWA) studio and GraphQL.
3. Performance improvements
4. Advancements in infrastructure
5. Security improvements
1. Amazon Pay
Multi-currency support was added for merchants in EU and U.K region. Almost 12 currencies have been added.
2. Magento Shipping
3. Cart and checkout
4. Our Contributions to Magento 2.3.1
We at Codilar are a team of Magento experts, but how can we be experts if we haven’t contributed to making Magento better. Almost all Magento releases comprise fixes from our Magento developers.
This time there are two Magento 2.3.1 fixes from Codilar:
Should I upgrade my Magento store to Magento 2.3.1?
Unlike the previous version Magento 2.3 that came with awesome features like Magento PWA, Magento 2.3.1 is mainly about performance, security and bug fixes. One mandatory reason to upgrade to Magento 2.3.1 is the SQL injection vulnerability. If exploited, it can allow hackers to access sensitive data including credit card details. Magento has recommended switching to version 2.3.1 for all Magento stores below 2.0 that are planning for an update
“Merchants who have not previously downloaded a Magento 2 release should go straight to Magento Commerce or Open Source 2.3.1.” - Magento Security Team
Let us know what you think about Magento 2.3.1 in the comment section below!