Steamhaus at MagentoLive Europe
Last week members of the Steamhaus team were at MagentoLive Europe in Amsterdam. We were there not only as sponsors of the event, but to learn all about the new technologies Magento have in the pipeline. It was awesome to speak to so many passionate members of the Magento community—a community that we love working with and being a part of.
There’s far too much to highlight in this blog post, between the talks, workshops, and great conversations with attendees. A few key topics did stand out and I’ll outline them below.
Security Updates to Magento
The “Technical Track: Magento Product Roadmap” was hands down one of my favourite talks. It covered the upcoming updates to 2.3.3, as well as updates to the PWA studio.
What really stood out to us from an infrastructure point of view are the security updates.
Earlier this year in the 2.3.2 patch notes, Magento announced the use of CVE for security bugs and vulnerabilities. This was a welcome move from Magento, firmly showing the community that Magento is fully committed to ensuring the security of the platform as a whole.
Also in the aforementioned patch, Magento introduced “Security Only” updates. I cannot praise this move enough, because it means that merchants and sysadmins are not forced to rush out version updates to their Magento application in order to patch security. This gives the best of both worlds: security of the application is patched in a timely manner, and developers can spend their time ensuring that updates to the application are properly tested and functional.
Senguine Security reported the effects of the “PRODSECBUG-2198” bug back in May, resulting in Magento’s security update soon after.
Senguine reported on a huge spike in the number of compromised Magento stores. The method of compromise was published within 2 days of Magento releasing the emergency patch, and while Magento do deserve praise for their swift actions to resolve the issue, a lot of merchants were left vulnerable. It fell to the devs to get the patch in place as quickly as possible, and even with Agile project management, getting a site patched that quickly can be a struggle for any team.
Fortunately, the introduction of “Security-only” patches should make situations like the above a thing of the past. Whilst we did know about this update before the conference, it was awesome to hear that Adobe is listening to the community and really throwing their expertise in the enterprise space behind Magento wholeheartedly.
To summarise, in addition to the general version updates to Magento, they will also be releasing security-only patches.
These updates shouldn’t break application functionality, and will allow developers and sysadmins to get their application fully secure, quickly—and crucially before nefarious parties have time with the vulnerabilities to formulate attacks!
Additionally, Magento announced that vulnerabilities will be released to Magento Commerce users earlier than the public. All of these changes are intended to empower e-commerce business by giving them the right tools to ensure platform security.
Whilst this is no silver bullet for security management, it is definitely giving the right tools to Magento users.
At Steamhaus, when we build a platform for any client we always use the very best security practices—fully in line with the Security pillar of the AWS Well-Architected Framework.
However, this could all be for nought if a major security vulnerability in the application is left un-patched.
This move allows us and our clients to be more agile in upgrade development cycles.
You can read more about the security-only patch release on the Magento DevBlog here.
Progressive Web Apps (PWAs)
Progressive Web Apps (PWAs) has certainly been the biggest buzzword in the community recently—and MagentoLive 2019 was no exception. Adobe did remark on the phenomenal adoption rate of PWA in Magento in the technical track, something which looks set to grow even more over the next year.
Jordan Eisenburger, a Frontend Developer at Experius, gave a phenomenal talk on their experience with PWA. It can be hard to discuss the ups and downs on the development of projects like this, so it was refreshing to see someone share such an insightful story. You can check Jordan’s talk out here.
Praise should be given to Adobe and Magento for their fantastic workshops, talks, and stands which allowed people to get hands-on with PWA studio and page builder.
It’s one thing to deliver tools to the community, it’s another thing to put the time and effort to help your community take advantage of these tools.
It’s also worth checking out Adobe’s talk, “Early Adopters of Progressive Web Apps”.
The most notable talking point of PWA was “page builder”, and a drag-and-drop style extension designed to help build web pages without any code. Whilst this doesn’t replace the traditional role of the developer, it does mean content creators can very quickly design and publish content. This allows faster time to market and lower total cost of ownership—a win for both developers and e-commerce businesses.
You can find out more about page builder here.
It’s easy as a techie to assume that all users are as technically adept as ourselves. Obviously, this is not the case. By empowering not-so-technical users to get hands-on with content creation, Magento is cementing its place in the industry as the go-to platform for ecommerce.
There’s so much more that I could talk about, but then this post would turn into even more of an essay.
We massively enjoyed our time at MagentoLive Europe 2019, and are looking forward to future Magento events that we’ll no doubt be attending!