Release 2.4.3-3.0

TAG: R2.4.3-C3.0

branch: main

Release date: August 31st 2021

This release upgrades version R2.4.2-C2.7

Contents

• Issues with upgrade
  • Dependency injection - missing classes
  • Cookie status message
• New in this version
• Removal of CSP
• New with Magento 2.4.3
  • Database scheme check
  • Page builder
  • More information
• Code on a branch
• Deployment
• Google reCAPTCHA
• Essentials for release

Issues with upgrade

Dependency injection - missing classes

We perform the upgrade on version 2.4.2-p2. It turns out that we need to activate modules that we did not use before. A new version might add modules that introduce dependencies on other modules that we disabled and removed from our earlier Magento 2 configuration. When this occurs, the application will not build or produce an error on missing classes when run.

The dependency injection system helps in finding the modules to activate.

Cookie status message

The new version does not hide the cookie status message. Investigation of the original code concluded that the new version removed the code to hide the message (by javascript). We hide the message by CSS rather than by Javascript. CSS probably alleviates CLS (Cumulative Layout Shift) since the block is not visible while the browser builds the page.

The missing code in Magento_Theme::js/cookie_status.phtml

<?php
   $script = 'document.querySelector("#cookie-status").style.display = "none";';
?>
<?= /* @noEscape */ $secureRenderer->renderTag('script', ['type' => 'text/javascript'], $script, false); ?>

We chose not to add this code as it causes delay and Cumulative Layout Shift (CLS). Our solution is to use CSS to hide the element:

#cookie-status {
    display: none;
}

You can also remove the block entirely from the head element by adding the following to

app/code/<vendor name>/Theme/layout/default_head_blocks.xml:

<body>
    <referenceContainer name="after.body.start">
        <referenceBlock name="cookie-status-check" remove="true"/>
    </referenceContainer>
</body>

When the user has not enabled cookies, this solution may present a problem.

New in this version

Since this release upgrades the former versions, it contains all updates from those versions. The updates concern all changes made in version Release 2.4.2-p1-2.6 and Release 2.4.2-p2-2.7.

Removal of CSP

We have removed the Content Security Policy module from the platform. We do not need to use CSP since we do not gather any customer payment details. All payments are handed over to third parties, like Rabo Omnikassa or PayPal. Thus, the dreaded Magecart does not present a vulnerability in our system.

The deployment system automatically builds the new version without the CSP-module. No further action is required. As a result, the system will no longer report CSP issues to our reporting endpoint.

CSP issues detected by certain browsers caused the form-key message. Users of our platform will no longer see the message in browsers like Safari.

New with Magento 2.4.3

Database scheme check

You can verify the database after updating to a new version:

bin/magento setup:db:status 

Page builder

Starting with Magento 2.4.3 you can use the Page Builder in setting up product and category texts. The current settings from the TimeMCE editor have been transformed into HTML code. You can use this to recreate the layout and save it as e Page Builder entry.

The Page Builder allows you to save your layouts as templates for later use.

More information

You can find more detailed information on Magento 2.4.3 at: Magento 2.4.3 release notes

Code on a branch

The code for this version is available on the m2.4.3 branch. We have tagged the version(s) on this branch as release candidate RC243-xx, where xx denotes the release candidate version.

Ultimately, the tested version will be merged to the main branch and tagged with a release tag: R2.4.3-C3.0).

Deployment

From this version on, you can use composer2 to build the system. We have adapted the tools to now use the new composer version. Note that you need a copy of the latest version of the deployMagento.sh script when you deploy this version.

Google reCAPTCHA

Magento 2.4.3 extends the Google reCAPTCHA functionality. You will get a Javascript error on binding Knockout when Checkout/Placing Order does not define a Google reCaptcha. Setting it to (in our case reCAPTCHA V3 Invisible) alleviates the error.

Essentials for release

1. Remove temporary CSS from the backend.
2. Update the URL definitions for the tags.
3. Generate sitemaps.
4. Import the pages (Release notes).
5. Import the blocks.
6. Remove no longer used blocks and pages.
7. Define the usage of the correct blocks and pages in the backend.
8. Follow the steps to remove the Data Migration tool (ubtool).
9. Deployment scheme has changed: the link to magento2 must be made after deployment (see Wiki).
10. Upgrade to PHP 7.4 (tested on development hypernode).
11. Store -> Configuration -> Security -> Enable for Checkout/Placing Order: set to reCAPTCHA V3 Invisible.

Goto the webstore release notes site