📢 Magento 2.3.6, 2.4.0-p1 and 2.4.1 Security Update Now Available

Make sure you thoroughly test in your Development Environment before pushing into Production. As always, lets keep both you and your customers safe.

We are pleased to announce that the latest versions of Magento Open Source 2.4.1, Security-Only Patch 2.4.0-p1 plus Magento Open Source 2.3.6, are now available. With important updates to security and performance, we strongly recommend that you take advantage and upgrade as soon as possible to ensure your sites remain secure, compliant, and optimized for the highest level of performance ahead of this Holiday Season.


We are committed to improving the experience for our merchants and their customers while ensuring their sites perform at the highest level of security and reliability possible. Magento Open Source 2.4.1 includes several enhancements, quality improvements and upgrades.

Feature highlights of this release include:

Stay Secure & Remain Compliant
We have added CAPTCHA for improved security to order placement and WEB APIs endpoints related to payment information. Likewise, in 2.4.1, we added SameSite cookie attribute support.

Faster Content Creation and Improved Storefront Experience
We continue to improve the content workflow in Magento Open Source 2.4.1. The new Media Gallery, introduced in Magento Open Source 2.4, now allows bulk image operations, duplicate detection, and custom metadata. We’re also lowering the cost and time to market for headless storefronts as we continue to build out PWA Studio components and expand GraphQL coverage for key Magento Open Source capabilities, including product reviews, gift options and rewards.


In addition to our latest features and enhancements, Adobe is updating our software lifecycle policy regarding supported minor versions. Starting 2021, supported versions that are no longer the most current minor release line of Magento Open Source (currently only 2.3) will move to security-only updates. All quality updates for 2.3.x will instead be distributed through the new Magento Open Source Quality Patches (MQP) tool. The most current release line (2.4 as of June 28, 2020) will continue to receive quality and security updates through the same existing quarterly release cycle until the release of 2.5, at which time it will move into a security-only cycle, as well.


In December 2021, PHP 7.3 will reach it’s end of support. To ensure compatibility and compliance for the 2.3 release line, we will add support for PHP 7.4 to the release of Magento Open Source 2.3.7 in May 2021. This update will bring backward incompatible changes into 2.3.7 that may affect your site and extensions. You will therefore have a seven-month window between the launch of 2.3.7 and EOS for PHP 7.3 to either upgrade to 2.3.7 or 2.4.x. To avoid unwanted interruptions, we encourage all merchants to adopt our latest minor release 2.4.x, which supports PHP 7.4 today, or update to 2.3.7 once available. You can learn more about PHP 7.4 support here.

Please visit our release notes for more information, and don’t forget to visit our Security Bulletins to learn about the security updates included in these new versions.

Best regards,
The Magento Open Source Team

1 Like