Release 2.4.3-3.0
TAG: R2.4.3-C3.0
branch: main
Release date: August 31st 2021
This release upgrades version R2.4.2-C2.7
Contents
- Issues with upgrade
- New in this version
- Removal of CSP
- New with Magento 2.4.3
- Code on a branch
- Deployment
- Google reCAPTCHA
- Essentials for release
Issues with upgrade
Dependency injection - missing classes
We perform the upgrade on version 2.4.2-p2. It turns out that we need to activate modules that we did not use before. A new version might add modules that introduce dependencies on other modules that we disabled and removed from our earlier Magento 2 configuration. When this occurs, the application will not build or produce an error on missing classes when run.
The dependency injection system helps in finding the modules to activate.
Cookie status message
The new version does not hide the cookie status message. Investigation of the original code concluded that the new version removed the code to hide the message (by javascript). We hide the message by CSS rather than by Javascript. CSS probably alleviates CLS (Cumulative Layout Shift) since the block is not visible while the browser builds the page.
The missing code in Magento_Theme::js/cookie_status.phtml
<?php
$script = 'document.querySelector("#cookie-status").style.display = "none";';
?>
<?= /* @noEscape */ $secureRenderer->renderTag('script', ['type' => 'text/javascript'], $script, false); ?>
We chose not to add this code as it causes delay and Cumulative Layout Shift (CLS). Our solution is to use CSS to hide the element:
#cookie-status {
display: none;
}
You can also remove the block entirely from the head element by adding the following to
app/code/<vendor name>/Theme/layout/default_head_blocks.xml
:
<body>
<referenceContainer name="after.body.start">
<referenceBlock name="cookie-status-check" remove="true"/>
</referenceContainer>
</body>
When the user has not enabled cookies, this solution may present a problem.
New in this version
Since this release upgrades the former versions, it contains all updates from those versions. The updates concern all changes made in version Release 2.4.2-p1-2.6 and Release 2.4.2-p2-2.7.
Removal of CSP
We have removed the Content Security Policy module from the platform. We do not need to use CSP since we do not gather any customer payment details. All payments are handed over to third parties, like Rabo Omnikassa or PayPal. Thus, the dreaded Magecart does not present a vulnerability in our system.
The deployment system automatically builds the new version without the CSP-module. No further action is required. As a result, the system will no longer report CSP issues to our reporting endpoint.
CSP issues detected by certain browsers caused the form-key message. Users of our platform will no longer see the message in browsers like Safari.
New with Magento 2.4.3
Database scheme check
You can verify the database after updating to a new version:
bin/magento setup:db:status
Page builder
Starting with Magento 2.4.3 you can use the Page Builder in setting up product and category texts. The current settings from the TimeMCE editor have been transformed into HTML code. You can use this to recreate the layout and save it as e Page Builder entry.
The Page Builder allows you to save your layouts as templates for later use.
More information
You can find more detailed information on Magento 2.4.3 at: Magento 2.4.3 release notes
Code on a branch
The code for this version is available on the m2.4.3
branch. We have tagged the version(s) on this branch as release
candidate RC243-xx
, where xx
denotes the release candidate version.
Ultimately, the tested version will be merged to the main
branch and tagged with a release tag: R2.4.3-C3.0
).
Deployment
From this version on, you can use composer2
to build the system. We have adapted the tools to now use the new composer
version. Note that you need a copy of the latest version of the deployMagento.sh
script when you deploy this version.
Google reCAPTCHA
Magento 2.4.3 extends the Google reCAPTCHA functionality. You will get a Javascript error on binding Knockout when Checkout/Placing Order does not define a Google reCaptcha. Setting it to (in our case reCAPTCHA V3 Invisible) alleviates the error.
Essentials for release
- Remove temporary CSS from the backend.
- Update the URL definitions for the tags.
- Generate sitemaps.
- Import the pages (Release notes).
- Import the blocks.
- Remove no longer used blocks and pages.
- Define the usage of the correct blocks and pages in the backend.
- Follow the steps to remove the Data Migration tool (ubtool).
- Deployment scheme has changed: the link to magento2 must be made after deployment (see Wiki).
- Upgrade to PHP 7.4 (tested on development hypernode).
- Store -> Configuration -> Security -> Enable for Checkout/Placing Order: set to reCAPTCHA V3 Invisible.
Goto the webstore release notes site