Magento 2.4.2 Release – Security Patches, and a Gotcha

Magento has recently released version 2.4.2 of both its open source and commerce editions. This release has many bug fixes, performance improvements, and security patches. The release also backports the security patches to 2.4.1-p1 and 2.3.6-p1.

On the security side of things, there are a number of exploitable vulnerabilities that were patched. The more serious issues require some level of admin access, but there are cross-site scripting issues, and a few other security areas where this patch is highly recommended.

Some of the highlighted improvements include:

  • Support for Elasticsearch 7.9, Varnish 6, Redis 6, and Composer 2.x
  • Performance boosts to API calls, PWA implementations
  • Improved reindex process that eliminates some serious bugs
  • Better control of cache flushes to avoid unnecessary full cache flushes
  • Many GraphQL fixes and improvements
  • Large exports now complete fully and are available for download in the admin panel
  • Redis memory management is greatly improved, avoiding memory bloat in Redis
  • Elasticsearch fixes that improve search systems

The 2.4.2 Gotcha

One thing that was changed in 2.4.2 is this version no longer supports the DocRoot being set to the main directory of Magento. This release removes the index.php file in the main directory. Merchants must now use the recommended DocRoot being set to “pub” with version 2.4.2.

If you use a Document Root set to the main directory of Magento, once you upgrade to 2.4.2, you’ll get a 404 “Not Found” error for all URLs. You just need to set the DocRoot to “pub” in your webserver, and then take a few other steps:

  1. If you use Apache, your main .htaccess file may have customizations you need to incorporate in the pub/.htaccess file
  2. Make sure you set the DocRoot setting in env.php. Specifically:
    'directories' => [
        'document_root_is_pub' => true
  3. If you use a physical robots.txt file, you will need to move this into pub.
  4. If you have any sitemaps or feeds that were off the main directory, you will need to move these into pub (or create symlinks).

This latest release from Magento is a good one to consider incorporating. With all the bug fixes, security patches, and improvements, it is well worth the time and “pain” to upgrade your store.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

Leave a Reply