On Tuesday, July 28, Magento Commerce and Magento Commerce Open Source 2.4 will be released with General Availability. This release will include important updates to security, quality, and platform technologies along with several new capabilities. We encourage you to preview the release notes to evaluate what’s included in the latest version of Magento Commerce and plan upgrade efforts. Please be advised these release notes will continue to evolve ahead of the release and we recommend reviewing the finalized notes when the release is generally available.

On July 28, we will also make available our latest Security-only patch, 2.3.5-p2, providing your organization with another update strategy option.

Look for more information about what’s included in Magento Commerce 2.4 when we announce General Availability on July 28.

As an increasing number of businesses are forced to shift their operations to work-from-home digital solutions, hacking threats are rising. One of the most common – and basic – threats is from the account login page.

We are responding to the growing threat by supporting (and in some cases requiring) 2FA across multiple areas of the Magento Commerce ecosystem. 2FA is a key industry standard to protect your digital storefront against attacks that target the account login. Using 2FA security will better protect you and your clients from malicious outsiders attempting to perform unauthorized logins at three different points of entry to Magento Commerce:

  1. Services that use your Magento.com credentials such as My Account or the Magento Commerce Help Center. Available to configure now.
  2. Accessing the cloud admin using SSH, and the Magento Commerce Admin. Available in conjunction with the release of 2.4.
  3. Beginning with the release of 2.4, 2FA will be enabled by default for the Magento Commerce Admin and cannot be disabled. After upgrading, Admin users must configure 2FA before logging in.


Source: Magento