29/06/2019
Magento Open Source 2.3.2 Release Notes
Patch code and release notes published on June 25, 2019. Release notes last updated on June 26, 2019.
We are pleased to present Magento Open Source 2.3.2. This release includes over 200 functional fixes to the core product, over 350 pull requests contributed by the community, and over 75 security enhancements. It includes significant contributions from our community members.
Other release information
Although code for these features is bundled with quarterly releases of the Magento core code, several of these projects (for example, Page Builder, Inventory Management, and Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in separate, project-specific release information which is available in the documentation for each project.
Apply the Scope parameter for Async/Bulk API patch to address an issue with the Async/Bulk REST API
In certain versions of Magento Open Source and Magento Commerce, the Asynchronous and Bulk REST endpoints support the default store view scope only. After this patch is applied to deployments running those versions of Magento, the current Magento message queue implementation will factor in the store that executes queue operations. See Patch for Magento Framework Message Queue and Store Scopes for a full discussion of this scope-related issue and patch contents. See Applying patches for specific instructions on downloading and applying Magento patches. Navigate to the Magento Security Center, and select the patch associated with the version of Magento you are running.
Highlights
Look for the following highlights in this release:
Substantial security enhancements
This release is focused on substantial security enhancements:
75 security enhancements that help close cross-site scripting (XSS), remote code ex*****on (RCE), and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. See Magento Security Center for a comprehensive discussion of these issues. All known exploitable security issues fixed in this release (2.3.2) have been ported to 2.2.9, 2.1.18, 1.14.4.2, and 1.9.4.2, as appropriate.
Google reCAPTCHA module for PayPal Payflow checkout. The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. Configuration information can be found in Google reCAPTCHA.
Starting with the release of Magento Commerce 2.3.2, Magento will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This will allows users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment.
Performance boosts
Significant improvement to storefront page response time. The page response times for the catalog, search, and advanced search pages have been significantly improved under high load.
Improved concurrent access to block cache storage. We have optimized the logic of concurrent access to the block cache, which has improved the response of storefront pages under high load by approximately 20%.
Product page gallery load optimization. Product images are now loaded as quickly as other page content. In previous releases, although the product page loaded quickly, product images needed two to four additional seconds to load completely.
Improved page rendering through deferred loading and parsing of storefront JavaScript. All non-critical JavaScript code has been relocated to the bottom of storefront pages, which speeds up page rendering and allows users to see the complete page sooner while nonessential elements remain inactive. To enable this performance enhancement, you must navigate to Stores > Configuration > Developer > JavaScript Settings and enable the Move JS code to the bottom of the page option.
Infrastructure improvements
This release contains 130 enhancements to core quality, which improve the quality of the Framework and these modules: Catalog, Sales, Checkout/One Page Checkout, UrlRewrite, Customer/Customers, and UI. Here are some additional core enhancements:
Braintree payment method is now supported for checkout with multiple addresses. Previously, you could not use Braintree and Braintree PayPal when checking out an order that was being shipped to multiple addresses.
The CGI URL gateway in UPS module has been updated from HTTP to HTTPS. The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for information about using the UPS shipment method. Shipping method configuration settings are described in Shipping methods.
Google chart API updated to the Image-Charts. Magento now uses the Image-Charts free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019.
Merchant tool enhancements
Magento now performs the following tasks as asynchronous background processes and sends system messages to alert Admin users when tasks complete. Moving these common administrative tasks to the background frees administrators to work on other tasks while the initial tasks are processing.
Discount coupon generation. See Coupon Code.
Mass editing of products.
Data export. Previously, connection timeouts occurred during export of large data sets (for example, the export of 200,000 products). See Export for more information.
