General availability for Magento 2.3.5 was on April 28. This release introduced new security and performance improvements. Like any patch release, if you want to improve your Magento performance, it’s recommended that you update to the latest version of the Magento application at your earliest convenience to apply not only functional enhancements but, most importantly, all the recent security fixes. To help you plan and budget software updates, let’s first clarify types of Magento code releases.
Types of Magento versions
As stated in the release policy, Magento uses ordinal (in sequence) numbers for versioning. This makes it easy for any merchant to track Magento and know if their version is the latest and up to date. Note: to verify the current version, check the Admin Panel page.
- A major version is changed infrequently (in this case, since Magento 2 was introduced in 2015). It is important to note that Magento 1’s end of life was in June 2020, making it highly recommended by Magento to migrate to Magento 2 as soon as possible. This recommendation is made to keep your website secure and compliant, as well as to minimize the total long-term cost of ownership.
- A minor version release should be expected annually. The minor release provides a large update of the platform centered on maintaining compatibility for major system requirements such as PHP and platform upgrades such as Elasticsearch or Braintree. It introduces new features, but also may create changes that require additional Magento development. Such an update requires significant effort from your dev team to ensure that the website performs correctly and that all modules function and are compatible with the new version.
- A patch release is usually announced quarterly to ensure Magento website security is maintained at the highest level. A patch also includes quality improvements suggested by the Magento Community, and the Magento core team, where we participate. This version is backward compatible, meaning that code written for any 2.3.x Magento version works on the latest version.
- A security release is introduced occasionally to address serious vulnerabilities. Security releases should be applied as soon as possible. They are available on quarterly basis as an alternative to patch updates. Security releases only address security-sensitive issues and do not address functional fixes.
Release Type | Example | Estimated frequency | Responsible for Applying Update | Backward Compatibility |
Major | 2 | Once | Merchant | No |
Minor | 2.3 | Annual | Merchant | No |
Patch | 2.3.5 | Quarterly | Merchant | Likely |
Security | 2.3.5-p1 | As Needed | Merchant | Likely |
Generally, the key reasons to perform Magento 2 upgrade are performance improvements, security compatibility, functional fixes, and of course new features availability. For more details check Why should you perform Magento 2 upgrade to the latest version?
What changes are available in Magento Commerce 2.3.5.
Release Type | April 2020 version |
Patch | Magento Commerce and Magento Open Source 2.3.5-p1 |
Security | Magento Commerce and Magento Open Source Security-only Patch 2.3.4-p2 |
Patch | Magento Commerce 1.14.4.5 |
Patch | Magento Open Source 1.9.4.5 |
Security | SUPEE-11314 to patch earlier Magento Commerce and Magento Open Source 1.x versions |
Magento Open Source and Magento Commerce include over 180 functional fixes to the core product and over 25 security enhancements in the 2.3.5 version. It presents significant platform upgrades, substantial security changes, and performance improvements; this is based on 46 GitHub issues resolved by Magento Community contributors, as well as a Magento core team.
The following are key changes covered in this version:
1. Security
- As stated above, a security-only patch (Magento 2.3.5-p1 (for 2.3.4) or 2.3.4-p2 (for 2.3.3) provides fixes for vulnerabilities that have been identified in the previous quarterly releases of Magento. 25+ security fixes included in this release help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities. Content security policy (CSP) and removal of session-id from URLs are also added in this version. The vulnerability details are listed in Adobe Security Bulletin documentation here.
2. Platform upgrades
To keep the website relevant with third-party platforms the following changes were applied:
- Compatibility with Elasticsearch 7.x
- Upgrade of Symfony Components to 4.4 version
- Core integrations of third-party payment methods (Authorize.Net, eWay, CyberSource, and Worldpay) are deprecated
- Core integration of the Signifyd fraud protection code is deprecated
- Dependencies on Zend Framework are migrated to the Laminas project
3. Performance
- A better invalidating of all customer sections data that avoids a known issue with local storage when custom sections.xml invalidations are active.
Also, the number of queries to Redis that are performed on each Magento request is minimized, which excessively boosts the performance.
4. Infrastructure
- The PayPal Pro payment method is compatible with the Chrome 80 browser now. A PHPStan code analysis check has been integrated into Magento static builds to enhance static code analysis.
5. Magento Page Builder (Magento Commerce only)
- Templates that can be created from existing content and applied to new content areas are added.
- Page Builder Rows, Banners, and Sliders now have the option to use videos for their backgrounds and a possibility to set their heights to the full height of the page.
- Content type upgrade library allows for backward compatibility.
6. Magento Inventory Management
- The ability to view allocated inventory sources from the orders list is presented together with a new extension point for SourceDataProvider and StockDataProvider.
7. Magento 2 GraphQL
- Staging queries now include Products and categoryList.
8. Magento PWA Studio 6.0.0
- Possibility to create an API for a storefront and modify storefront logic is presented in the extensibility framework.
- Caching and data fetching are improved.
- Shopping cart components that can be used for a full-page shopping cart experience are added.
9. Dotdigital
- Engagement Cloud and Magento B2B module are integrated to allow the B2B merchants to perform sync of company, shared catalog, quote, and custom product catalog data to Dotdigital.
- Improved importer performance and coupon code resend.
10. Google Shopping ads Channel
- It is no longer supported. Find alternative extensions on the Magento Marketplace.
To receive additional information on vendor-developed extension enhancements and fixed issues, check Magento 2.3.5 Open Source Release Notes and Magento 2.3.5 Commerce Release Notes. It is strongly recommended that you update any Magento 2 store to have the latest version. This is recommended to maintain security at the highest level. If you hope to begin the upgrade process now, contact your partner to learn more about , or freely contact our Atwix team.