In Magento 2.3 version upgrade, they have placed their stakes according to the latest design- and mobile-related eCommerce trends, like convenient mobile web development, and easier page building for users with little to no programming skills.

But, before you enjoy your updated admin panel and comfortable coding experience, something might go wrong right from updating process. What are the pitfalls of Magento 2.3?

Magento 2.3 in a nutshell

First, let’s break down the features that are crucial for new version users. According to the official release notes, new Magento 2.3.0 includes hundreds of new features for both Open Source and Commerce editions.

New features for the merchants

1. Multi-Source inventory (MSI)

Now the merchants can manage multiple warehouses stock levels from the admin panel without third-party instruments. Most importantly, the stock management works with a reservation system, allowing the merchants to see more precise stock numbers at peak order times and for the store to have better checkout performance.

2. CMS improvements

The enhancements mostly concern the banner content (the banner is now referred to as a ‘dynamic block’). The users can use highly-customizable native Magento WYSIWYG or integrated TinyMCE. What that means: media instances like gallery and widgets now work as plugins, and can be configured as plugins.

3. New editing drag and drop tool

This is a long-awaited user-friendly feature named PageBuilder. It does what is stated in its name. With PageBuilder, any user can build and customize comprehensible store pages surprisingly, without coding or editing HTML and CSS.

New features for the Magento developers

1. PWA Studio

It is a suite that allows developing app-like experiences using web technologies. It is expected that PWA-optimized stores will be chosen by shop owners more often than the actual shopping application. To mention the technical side of it: PWA is powered by React, Vue.js or AngularJS on the frontend and Magento 2 REST API on the backend.

2. GraphQL API language

The users can request a very specific piece of data they want and join all data in one request. That means, fewer API requests and Magento PWA getting quicker and more stable in a mobile network.

3. Elasticsearch in Magento Open Source

It was already available for the Commerce edition users, but now it finally allows all Magento-based merchants to have a powerful faceted search in their online stores, created in Java and is fitted with a full-text search and HTTP interface.

4. Easier installation with the declarative DB schema

This feature is intended to simplify the initial installation of Magento 2.3 and working with the modules. Declarative schema allows the developers to perform changes to the database structures and in XML files without running multiple scripts. The declarative schema supports the rollback of database schema changes, which was impossible before, and both split and shared DB structures.

5. Asynchronous Web APIs and Bulk Web APIs

Multiple API requests can be processed asynchronously. Earlier being enabled only for the Commerce edition, in Magento 2.3 this feature will help the users check the status of each request and make the waiting for the response from the server shorter due to now possible queues conjunctions.

6. PHP 7.2.x support and PCI compliance

An important step towards better cybersecurity is the upgrade of PHP 7.2.x compatibility, which will support PCI compliance. The tech stack upgrades consider Redis and MySQL.

What are the hidden pitfalls that developers should consider?

While release notes only mention what has changed for the best and what features were implemented, but they give one a very limited understanding about what awaits the developer who is determined to update to Magento 2.3. Does your store absolutely need this upgrade or it can be put off? How do you approach this release and use it for good? To point out, here is what is known by now.

1. There are more composer packages

Version 2.3 is not a light upgrade, and it changes the way modules are installed and work. For every new feature, there is a new extension you can choose to install. For example, there are multiple modules for MSI and PWA, and there are supporting modules that enable new features for already existing ones. Beware that compatibility issues with third-party extensions are not obligatory but possible.

2. Every new feature is an option

The fewer extensions actively used or disabled, you have installed, the fewer chances there are to encounter bugs. New features like GraphQL, PWA and many more arriving with Magento 2.3 are actually installed by choice. Earlier there was a trick that allowed to remove the core extensions you want to get rid of with replace composer, and it is expected to be easier in future Magento releases.

3. PWA is optional and not a must

If you aren’t planning on working with it, you can skip installing it. The rest of the frontend is left untouched since PWA is only introduced as a future-proof solution that is gaining recognition.

4.Can’t rollback extensions like before

Since the setup way is changed by Declarative, downgrading is complicated. Similarly, the same goes for the whole Magento 2.3, once you arrived there, it will be uneasy to switch to Magento 2.2.x. So, prepare for an extensive round of testing before upgrading production.

5. MySQL switched to ElasticSearch

A proper text search for an online store with attributes and great performance still remains an unsolved issue for Magento. Be aware that the MySQL search engine is no longer a preferred search engine for Magento and in the future, the search will be a microservice.

6. There are changes to saving the products

It is not an actual issue nor it is a hidden change, but the way catalog_product_super_link table is handled became different and you probably should pay extra attention to this because it is no longer updated every time you re-save a configurable product. It might cause you some issues if there is no way to check every product is working as expected.

7. Zend Framework changes

There are multiple dependencies removed and replaced in the 2.3 upgrade. So, above all take your time to check the full list of Zend dependencies affected with your own code and third-party modules.

Pay attention to the release notes

Until you start working with this update on your own, regardless of what you know, you can’t for sure predict what issues you should expect. The ones listed above are pretty general and in no way depicts every change, and the official Magento 2.3. release notes doc is huge.

Magento 2.3 bugs faced by developers

We picked out a few most wanted 2.3 upgrade questions that developers and users ask in Magento communities and matched them with working solutions. Most of these issues stand at 1k and more in views on the forums.

1. External Request, Invalid Form Key Magento 2.3

Issue: it is a known Magento 2.3 bug that appears after sending a POST request to The internal server response is “Invalid Form Key. Please refresh the page.” in Magento 2.2, both GET and POST requests worked as expected. After the upgrade to Magento 2.3, POST requests now do not call the execute() method of the controller but responds with the 200 OK message.

Solution: Your controller   should implement two of Csrf Aware Action Interface methods:

use Magento\Framework\App\CsrfAwareActionInterface; use Magento\Framework\App\RequestInterface; 
use Magento\Framework\App\Request\InvalidRequestException; class MyController extends \Magento\Framework\App\Action\Action 
implements CsrfAwareActionInterface { public function createCsrfValidationException(RequestInterface $request): 
?InvalidRequestException { return null; } public function validateForCsrf(RequestInterface $request): 
?bool { return true; } }

Sidenote: this helps this issue, but the solution is not compatible with Magento versions earlier than 2.3. That means the same custom module will stop working on Magento 2.2.x.

2. Magento 2.3 issue on the local server

Issue: there are a lot of errors after an attempt to install Magento 2.3 using the command line. It results in multiple in a browser console and on both backend and storefront. The admin panel doesn’t work. The PHP version is 7.2.

Solution: this is a commonplace issue Magento has with Windows, which hasn’t been fixed by Magento yet. The thing is, Windows uses “\” as a separator, and the check fails if there are containers that have “/”.

This can be fixed by a replacement in the core file. The following line


replaces the line of code below in isPathInDirectories function:

$realPath = str_replace(‘\\’, ‘/’, $this->fileDriver->getRealPath($path));

Other solution: there is another quick fix to this problem. It is a small change in the for each loop:

#/vendor/magento/framework/View/Element/Template/File/Validator.php:139 foreach ($directories as $directory) 
{ // Add this line $realDirectory = $this->fileDriver->getRealPath($directory); // and replace 
`$directory` with `$realDirectory` if (0 === strpos($realPath, $realDirectory)) { return true; } }

3. Magento 2.3 technical issue with the server while uploading files

Issue: after trying to upload the logo image on the backend at Content > Design > Configuration > Header, there is an error that looks like this: “technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later”. Actions like cache cleaning and reindexing don’t help. There are no relevant clues in the logs either, but the image is actually displayed on the server as uploaded.

Solution: this is a known bug of Magento 2.3. It can be fixed by replacing the code. Go to /vendor/magento/module-theme/view/adminhtml/ui_component/design_config_form.xml,to the line number 154 and replace “fileUploader” with “imageUploader” like in here:

<collapsible>true</collapsible> <label translate="true">HTML Head</label> </settings> <!-- Remove this code --> 
<!-- <field name="head_shortcut_icon" formElement="fileUploader">--> <!-- Add this code --> 
<field name="head_shortcut_icon" formElement="imageUploader"> <settings> <notice translate="true">
Not all browsers support all these formats!</notice> <label translate="true">Favicon Icon</label> 
<collapsible>true</collapsible> <label translate="true">Header</label> </settings> <!-- Remove this code --> 
<!-- <field name="header_logo_src" formElement="fileUploader"> --> <!-- Add this code --> 
<field name="header_logo_src" formElement="imageUploader"> <settings> <label translate="true">
Logo Image</label> <componentType>imageUploader</componentType>

Sidenote: Magento is aware of this issue and there will be a patch for it in Magento 2.3.1. The fix above is temporary. If you would like a more profound solution, turn to composer patching way described here.

4. Upgrade from Magento 2.2.x to Magento 2.3.0 issue

Issue: the upgrading fails with the error from Web Setup Wizzard – System Upgrade. Here are the details

“Command “update” failed: You are running composer with xdebug enabled, therefore, it has a major impact on runtime performance. See Loading composer repositories with package information Updating dependencies (including require-dev) Your requirements could not be resolved to an installable set of packages.”

Solution: first, enable Developer Mode in the command line by ‘php bin/magento deploy:mode:set developer’ command. Before upgrading, execute the following commands:

composer config preferred-install dist composer config sort-packages true composer config prefer-stable true

Then, fix the composer.json file to Magento 2.3 release by the following command:

composer require –dev friendsofphp/php-cs-fixer:~2.10.0 –no-update

Then, proceed to the actual upgrade:

composer require –dev sebastian/phpcpd:~3.0.0 –no-updatephp -r ‘$autoload=json_decode(file_get_contents(“composer.json”), true); $autoload[“autoload”][“psr-4”][“Zend\\Mvc\\Controller\\”]= “setup/src/Zend/Mvc/Controller/”; file_put_contents(“composer.json”, json_encode($autoload, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES));’composer updatephp bin/magento setup:upgrade

5. Magento 2.3 composer upgrade fail

Issue: the upgrade from Magento 2.2.6 via composer results in the error that looks like this.

‘Your requirements could not be resolved to an installable set of packages.’

Problem 1 - magento/inventory-composer-installer 1.0.3 requires composer-plugin-api ^1.1 -> 
no matching package found. - magento/product-community-edition 2.3.0 requires magento/inventory-composer-metapackage ^1.0.3 -> 
satisfiable by magento/inventory-composer-metapackage[1.0.3]. - magento/inventory-composer-metapackage 1.0.3 
requires magento/inventory-composer-installer ^1.0.3 -> satisfiable by magento/inventory-composer-installer[1.0.3]. 
- Installation request for magento/product-community-edition 2.3.0 -> satisfiable by magento/product-community-edition[2.3.0]. 
Potential causes: - A typo in the package name - The package is not available in a stable-enough version 
according to your minimum-stability setting see <> for more details.

Solution: It is probably the composer of the outdated version, and it needs to be updated.

Sidenote: The upgrade process to Magento 2.3 is different from earlier and described here. Please note that Magento 2.3 requires PHP version 7.2 and higher.

Because of new dependency versions, you have to apply some changes to the composer.json file before any upgrades. However, If it is upgraded, then it is an incompatible version of composer-plugin-API is provided by Composer itself. Below is the output of the commands that are provided in the official upgrade instructions for Magento 2.3.

Before the upgrade (Magento 2.2.6):

$ composer –version Composer version 1.7.2 2018-08-16 16:57:12

Installed composer/composer package version:

$ composer show composer/composer | grep versions versions : * 1.4.1

Dependencies which have composer/composer requirements and their constraints:

$ composer depends composer/composer magento/composer 1.2.0 requires composer/composer (1.4.1) magento/framework 101.0.6 requires composer/composer (^1.4) magento/magento2-base 2.2.6 requires composer/composer (1.4.1) magento/product-community-edition 2.2.6 requires composer/composer (1.4.1) magento/project-community-edition 2.2.6 requires composer/composer (@alpha)

After the upgrade (Magento 2.3):

1) Composer package version:

$ composer show composer/composer | grep versions versions : * 1.7.3

2) Dependencies which have composer/composer requirements and their constraints:

$ composer depends composer/composer magento/composer 1.4.0 requires composer/composer (^1.6) magento/framework 102.0.0 requires composer/composer (^1.6) magento/magento2-base 2.3.0 requires composer/composer (^1.6) magento/product-community-edition 2.3.0 requires composer/composer (^1.6) magento/project-community-edition 2.3.0 requires composer/composer (@alpha)

Bottom line

Protip: Host your Magento store with a managed hosting provider to get the most out of M2. They will take care of speed, security, and scalability while you focus on your core business.

Although Magento 2.3 has some bugs, it has shown incredible improvements in page speed, checkouts, and overall browsing. What is clear, Magento developers team is doing the steps towards more user-friendly CMS.

Author’s Bio: Oksana Mikhalchuk is Content Manager at NEKLO, a software engineering company with a primary focus on eCommerce development for Magento.