Magento 2.4.2 enhances performance, security and fixes a lot of bugs. The security enhancements include the integration of SameSite attributes for all cookies as well as updated plugins.
Highlights
- Magento 2.4.2 contains over 280 fixes and 35 security enhancments that help to close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.
- Additional security enhancements:
- All core cookies now support the
SameSiteattribute. - Magento now displays messages that identify potentially malicious content in product and category description fields when the user tries to save values in these fields.
- File system operations across Magento components have been standardized and hardened to prevent malicious uploads.
- Core Content Security Policy (CSP) violations have been fixed.
- All core cookies now support the
- Elasticsearch 7.9.x is now supported.
- Magento 2.4.2 has been tested with Varnish 6.4.
- Redis 6.x is now supported.
- Magento 2.4.2 is now compatible with Composer 2.x.
- Adobe Stock Integration v2.1.1.
- GraphQL updates.
- New features for PWA Studio.
- Extension updates.
- Code enhancements that boost API performance and Admin response time for deployments with large catalogs.
- New Role Resources for Media Gallery.
- Web-optimized images in content.
- AWS S3 support enhancements.
- A lot of fixes.
All new features and fixes can be found on devdocs.magento.com. The security update is also available as patch without all the other updates.
Remember to create a backup before installing updates.
