Hosting Magento

2.4.3-p2 (versione principale) (release di sicurezza)
14 Aprile - 800MBPatch 2.4.3-p2 is a security release that provides two security fixes that enhance your Magento Open Source 2.4.3 deployment. It provides fixes for vulnerabilities that have been identified in the previous release.



Security

Resolution of the vulnerability addressed by MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip, MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip,MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch, and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch

Email variable usage was deprecated back in 2.3.4 as part of a security risk mitigation in favor of a more strict variable syntax. This legacy behavior has been fully removed in this release as a continuation of that security risk mitigation. As a result, email or newsletter templates that worked in previous versions of Magento may not work correctly after upgrading to Adobe Commerce 2.4.3-p2. Affected templates include admin overrides, themes, child themes, and templates from custom modules or third-party extensions. Your deployment may still be affected even after using the Upgrade compatibility tool to fix deprecated usages. See Migrating custom email templates for information about potential effects and guidelines for migrating affected templates.

OAuth access tokens and password reset tokens are now encrypted when stored in the database.

Validation has been strengthened to prevent the upload of non alpha-numeric file extensions.

Swagger is now disabled by default when Adobe Commerce is in production mode.

Developers can now configure the limit on the size of arrays accepted by Adobe Commerce RESTful endpoints on a per-endpoint basis. See API security.

Added mechanisms for limiting the size and number of resources that a user can request through a web API on a system-wide basis, and for overriding the defaults on individual modules. This resolves the issue addressed by MC-43048__set_rate_limits__2.4.3.patch. See API security.

Per saperne di più: https://devdocs.magento.com/guides/v2.4/release-notes/2-4-3-p2.html






2.4.3-p1 (versione principale) (release di sicurezza)
19 Ottobre 2021 - 800MBPatch 2.4.3-p1 is a security-only release that provides seven security fixes that enhance your Adobe Commerce 2.4.3 or Magento Open Source 2.4.3 deployment. Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides. Patch 2.4.3-p1 provides fixes for vulnerabilities that have been identified in our previous quarterly release, Adobe Commerce 2.4.3 and Magento Open Source 2.4.3.



Security

Session IDs have been removed from the database. This code change may result in breaking changes if merchants have customizations or installed extensions that use the raw session IDs stored in the database.

Restricted admin access to Media Gallery folders. Default Media Gallery permissions now allow only directory operations (view, upload, delete, and create) that are explicitly allowed by configuration. Admin users can no longer access media assets through the Media Gallery that were uploaded outside of the catalog/category or wysiwyg directories. Administrators who want to access media assets must move them to an explicitly allowed folder or adjust their configuration settings. See Modify Media Library folder permissions.

Lowered limits to GraphQL query complexity. The GraphQL maximum allowed query complexity has been lowered to prevent Denial-of-Service (DOS) attacks. See GraphQL security configuration.

Recent penetration test vulnerabilities have been fixed in this release.

The unsupported source expression unsafe-inline has been removed from the Content Security Policy frame-ancestors directive. GitHub-33101

Per saperne di più: https://devdocs.magento.com/guides/v2.4/release-notes/2-4-3-p1.html






2.4.1-p1 (versione principale) (release di sicurezza)
24 Febbraio 2021 - 800MBPatch 2.4.1-p1 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.4.1, plus hot fixes that were applied to that release. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.4.2) provides.
Per saperne di più: https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-1.html






2.4.1 (versione principale) (release di sicurezza)
16 Ottobre 2020 - 800MBMagento Open Source 2.4.1 introduces enhancements to performance and security.



Security

Over 15 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.

CAPTCHA protection has been added to: Place Order storefront page and REST and GraphQL endpoints; Payment-related REST and GraphQL endpoints.

Support for the SameSite attribute for cookies.

Enhanced Magento Scan Tool.



Improvements

Infrastructure improvements

Performance improvements

Adobe Stock Integration

New Media Gallery       

GraphQL

PWA Studio

Magento Functional Testing Framework (MFTF)

Vendor Developed Extensions



Bug Fixes

Installation, upgrade, deployment issues

Adobe Stock Integration

Amazon Pay

Bundle products

Cache

Cart and checkout

Catalog

Cleanup

CMS content

Configurable products

Cookies

cron

CSS

Customer

Directory

dotdigital

Downloadable

Email

Frameworks

GraphQL

Images

Import/export

Index

Infrastructure

Layered navigation

Logging

Media Gallery

MFTF

Orders

Payment methods

PayPal

Performance

Reviews

Sales

Search

Shipping

Sitemap

Store

Swagger

Swatches

Tax

Test

Theme

Translation and locales

UI

URL rewrites

Varnish

Vault

Web API framework

Wish list

Per saperne di più: https://devdocs.magento.com/guides/v2.4/release-notes/open-source-2-4-1.html



visualizzare più versioni




2.4.0 (versione principale)
24 Agosto 2020 - 800MBMagento Open Source 2.4.0 introduces support for PHP 7.4, Elasticsearch 7.6.x, and MySQL 8.0. Substantial security changes include the enablement of two-factor authentication in the Admin by default.



This release includes all the improvements to core quality that were included in Magento 2.3.5-p1, over 100 new fixes to core code, and 30 security enhancements. It includes the resolution of 226 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in Inventory Management and GraphQL.
Per saperne di più: https://devdocs.magento.com/guides/v2.4/release-notes/release-notes-2-4-0-open-source.html






2.3.7-p3 (release di sicurezza)
14 Aprile - 800MBPatch 2.3.7-p3 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release. It includes enhancements that were introduced in 2.3.7-p2 and the three hotfixes that have been released for Adobe Commerce 2.3.7 and Magento Open Source 2.3.7.
Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-7-p3.html






2.3.7-p2 (release di sicurezza)
19 Ottobre 2021 - 800MBMagento Open Source 2.3.7-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento Open Source 2.3.7. It includes enhancements that were introduced in 2.3.7-p1 and the two hotfixes that were released for Magento Open Source 2.3.7. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release provides.
Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-7-p2.html






2.3.7-p1 (versione principale) (release di sicurezza)
6 Settembre 2021 - 800MBMagento Open Source 2.3.7 offers significant platform upgrades, 40 security enhancements, and 10 functional fixes for the core product.
Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-7.html






2.3.6
18 Gennaio 2021 - 800MBMagento Open Source 2.3.6 offers significant platform upgrades, substantial security changes, and performance improvements.
Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/open-source-2-3-6.html






2.3.5-p2 (release di sicurezza)
3 Agosto 2020 - 800MBVersion 2.3.5-p2 is a security-only release that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.5, plus hot fixes that were applied to that release. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.5) provides.
Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-5-open-source.html






2.3.5-p1 (versione principale) (release di sicurezza)
28 Aprile 2020 - 800MBMagento Open Source 2.3.5 offers significant platform upgrades, substantial security changes, and performance improvements.



Security

Over 25 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.

Implementation of Content Security Policy (CSP). Content-Security-Policy is an HTTP response header that browsers can use to enhance the security of a web page. This added layer of security supports the detection and mitigation of attacks, including cross-site scripting (XSS) and data injection attacks.

Removal of session_id from URLs. Exposure of session-id values in URLs creates a potential security vulnerability in the form of session fixation. We are removing code from the classes and methods that add or read session_id from URLs.



Platform Upgrades

Support for Elasticsearch 7.x. Elasticsearch 7.x is now the supported catalog search engine for both Magento Commerce and Magento Open Source. With this release, Magento 2.3.x supports only Elasticsearch 6.x and 7.x. Elasticsearch 2.x and 5.x are now deprecated for Magento 2.3.x and will be removed in Magento 2.4.0.

Deprecation of core integration of third-party payment methods. With this release, the integrations of the Authorize.Net, eWay, CyberSource, and Worldpay payment methods are deprecated. These core features are no longer supported and will be removed in the next minor release (2.4.0). Merchants should migrate to the official extensions that are available on the Magento Marketplace. See the Deprecation of Magento core payment integrations devblog post.

Deprecation of the core integration of the Signifyd fraud protection code. This core feature is no longer supported. Merchants should migrate to the Signifyd Fraud & Chargeback Protection extension that is available on Magento Marketplace.

Upgrade of Symfony Components to the latest lifetime support version (4.4). (Symfony Components are a set of decoupled PHP libraries used by the Magento Framework.)

Migration of dependencies on Zend Framework to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated. Magento 2.3.5 contains the minimal number of changes to code and configuration that are required to support the use of the Laminas libraries. These changes are backward-compatible, and you can continue to use your current code. However, we recommend that extension developers and system integrators begin migrating their extensions to use Laminas. While this migration isn’t required for compatibility with this patch release, long-term solutions will require it.



Performance

Improvements to customer data section invalidation logic. This release introduces a new way of invalidating all customer sections data that avoids a known issue with local storage when custom sections.xml invalidations are active. (Previously, private content (local storage) was not correctly populated when you had a custom etc/frontend/sections.xml with action invalidations.) See Private content.

Multiple optimizations to Redis performance. The enhancements minimize the number of queries to Redis that are performed on each Magento request.



Inventory Management

New extension point for SourceDataProvider and StockDataProvider.

Ability to view allocated inventory sources from the Orders list.



GraphQL

With this release, you can now use products and categoryList queries to retrieve information about products and categories that have been added to a staged campaign.



PWA Studio 6.0.0

Launch of the PWA extensibility framework. This framework gives developers the ability to create an extensibility API for their storefront or write plugins that can tap into those API and modify storefront logic.

Caching and data fetching improvements. This release contains improved caching logic and other data fetching optimizations in the Peregrine and Venia UI component libraries. These components have been refactored to take advantage of Apollo cache features to reduce overfetching or prevent the storage of sensitive data.

Shopping cart components that can be used for a full-page shopping cart experience.



dotdigital

Integration of Engagement cloud and Magento B2B. A new B2B integration module integrates Engagement cloud and the Magento B2B module enable Magento B2B merchants to leverage their B2B commerce data and better engage with their prospective and existing customers. This will include: Company data sync (customer type, company, company status); Sync of shared catalog data. Syncing additional product catalog data (custom products and product attributes) to dotdigital. Merchants can turn additional product data into marketing campaigns or use it to make recommendations; Sync of quote data.

Improved importer performance and coupon code re-send.



Google Shopping ads Channel

The Google Shopping ads Channel bundled extension has reached end-of-life with this release (2.3.5 and 2.3.4-p1). It is no longer supported. Alternative extensions are available on the Magento Marketplace.



Vendor-developed extension enhancements: Klarna

With this release, the Klarna extension is now available in Australia and New Zealand. A new Oceania endpoint has been added to the existing API. This release also contains UX enhancements and minor bug fixes.



Vendor-developed extension enhancements: Vertex

Address Validation. Addresses that are created or edited in the Customer Account are now validated when the module is enabled.

Admin Configuration. Flexible Field dropdown options are now sorted alphabetically by the current Admin user’s locale.

Virtual Products. Vertex now uses an order’s billing address to calculate taxes on virtual products. Shipping-related flexible fields are no longer completed for virtual products.

Restorable configuration settings. The Use Vertex for orders shipping to, Summarize Tax by, and Global Delivery Term now provide an option to be restored to their default setting.

Port in WSDL. The WSDL URL now supports ports and basic authentication.

Best Practices in Code. Models intended to assist Observers have been relocated into the Model namespace to clean up the Observer namespace.



Fixed issues

We have fixed hundreds of issues in the Magento 2.3.5 core code.

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-5-open-source.html






2.3.4 (release di sicurezza)
12 Febbraio 2020 - 800MBMagento Open Source 2.3.4 offers significant platform upgrades, substantial security changes, and PSD2-compliant core payment methods.



Security

Over 30 security enhancements that help close cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities.

Removal of custom layout updates and the deprecation of layout updates to remove the opportunity for Remote Code Execution (RCE).

Redesigned content template features so that only whitelisted variables can be added to templates.



Bug Fixes

We have fixed hundreds of issues in the Magento 2.3.4 core code.



Platform Upgrades

Enhancements to the message queue framework.

Improved page caching and session storage.

Enhanced support for MariaDB 10.2.

The core integration of the Authorize.net payment method has been deprecated. Please use the official payment integration that is available on Marketplace.



Performance

Redundant non-cached requests to the server on catalog pages have been eliminated.

PHTML files have been refactored to better support parsing by the bundling mechanism.

Added the ability to disable statistic collecting for Reports module by default.



Merchant Tools

Integration with Adobe Stock image galleries.



Inventory Management

Addressed a known performance issue that caused higher than expected loads on the database server in scenarios involving the shopping cart.

Updated the Inventory Reservations CLI command to reduce memory usage when finding and compensating for missing reservations on large catalogs.

Resolved multiple quality issues, including those related to credit memos, grouped products, source and stock mass actions.



GraphQL

Guest carts can now be merged with customer carts.

A customer can start an order on one device and complete it on another.

Layered navigation can use custom filters.

You can search categories by ID, name, and/or URL key.

The ProductInterface supports fixed product taxes (such as WEEE).

The cart object has been enhanced to include information about promotions and applied discounts at the line and cart levels.



PWA Studio

Improved the getting-started experience through the use of @magento/create-pwa to scaffold your initial project using Venia as your template.

Separation of the logic (Talons) and presentation pieces (venia-ui) of certain React hooks in Peregrine. Developers can now swap out either the logic or the presentation side of a component.

Routing is now handled through the React Router (library of navigational components).

Refactored Venia state management to abstract and reduce dependency on Redux.

Continued migration from REST to GraphQL.

Performance improvements (service workers, cache, image optimization).

Breadcrumbs for improved storefront navigation.



dotdigital

Live Chat powered by dotdigital enables merchants to increase conversion rates, and keep customers coming back with real-time engagement.

Engagement Cloud includes a new Chat widget that makes it easy for shoppers to communicate in real time with customers as they shop in your store.

Merchants can now sync additional campaigns from Engagement Cloud to Magento.

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-4-open-source.html






2.3.3 (release di sicurezza)
10 Ottobre 2019 - 710MBThis release includes over 170 functional fixes to the core product and over 75 security enhancements. It includes over 200 contributions from our community members. These contributions range from minor clean-up of core code to significant enhancements to Inventory Management and GraphQL.



Security

PSD2 compliance to core payment methods

Fixes for 75 critical security issues

Significant platform-security enhancements that boost XSS (cross-site scripting) protection against future exploits. This effort is the culmination of several months of concentrated effort on Magento’s part to reduce our backlog of security enhancements.



Highlights

Core payment methods integrations are now compliant with PSD2 regulations



Platform

Magento 2.3.3 now supports PHP 7.3.x (tested with PHP 7.3.8) and PHP 7.2.x (tested with 7.2.21).

Magento now supports Varnish 6.2.0.

Zend Framework 2 Components have been upgraded to the Active/LTS versions. 



Performance

Merchants now have the ability to turn off the automatic URL rewrite generation.

Page load speeds have been improved by moving non-critical CSS elements to the bottom of the page. 

The jQuery/ui library has been refactored into separate widgets so that core modules load only the widgets they need.

Store pages now display text in readable system fonts while loading custom fonts, which significantly increases page load speed.



Infrastructure

Magento is introducing the tracking of user actions and events on the Admin.

The WYSIWYG editor has been upgraded to TinyMCE v. 4.9.5​.

Expanded GraphQL functionality and improved coverage for PayPal payment integrations, gift cards, and store credit features.

PWA Studio 4.0.0 contains new hooks in Peregrine. 

The Google Shopping ads Channel Marketplace extension is now available as a bundled extension. 

Magento Shipping: Improvements to batch-order processing, carrier integration, shipping method preview in the shipping portal, checkout.

Magento Shipping: Support for bundled products and prepackage options.

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/ReleaseNotes2.3.2OpenSource.html






2.3.2 (release di sicurezza)
25 Giugno 2019 - 710MBThis release includes over 200 functional fixes to the core product, over 350 pull requests contributed by the community, and over 75 security enhancements.



Security

75 security enhancements that help close cross-site scripting (XSS), remote code execution (RCE), and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. See Magento Security Center for a comprehensive discussion of these issues. All known exploitable security issues fixed in this release (2.3.2) have been ported to 2.2.9, 2.1.18, 1.14.4.2, and 1.9.4.2, as appropriate.

Google reCAPTCHA module for PayPal Payflow checkout. The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. Configuration information can be found in Google reCAPTCHA. 



Highlights

Merchant tool enhancements

Inventory Management enhancements

Improvements to GraphQL coverage

GraphQL caching

GraphQL performance test scenario coverage

Improved modular component library

Amazon Pay is now compliant with the PSD2 directive for UK and Germany

fixed hundreds of issues in the Magento 2.3.2 core code



Performance

Significant improvement to storefront page response time

Improved concurrent access to block cache storage

Product page gallery load optimization

Improved page rendering through deferred loading and parsing of storefront JavaScript



Infrastructure

Braintree payment method is now supported for checkout with multiple addresses

The CGI URL gateway in UPS module has been updated from HTTP to HTTPS

Google chart API updated to the Image-Charts

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/ReleaseNotes2.3.2OpenSource.html






2.3.1 (release di sicurezza)
27 Marzo 2019 - 700MBMagento Open Source 2.3.1 offers significant new tools for both merchants and developers as well as over 30 core security improvements. Merchants will appreciate the improved Admin order creation workflow. This release also provides support for Elasticsearch 6.0, a new Authorize.Net extension to replace the Authorize.Net Direct Post module, and enhancements to Progressive Web Apps (PWA) Studio and GraphQL. We strongly recommend that all merchants upgrade as soon as possible.



Highlights and Bug Fixes

Merchant tool improvements

Substantial security enhancements

Performance 

Infrastructure improvements

Bundled extension

Vertex

Analytics

Authorization

Backend

Bundle

CAPTCHA

Cart and checkout

Cart Price rules

Catalog

CatalogInventory

Catalog Rule

Catalog URL rewrite

Cleanup and simple code refactoring

cron

Customers

Customer attributes

Dashboard

Developer

Directory

Downloadable

EAV

Email

Email

Frameworks

Gift cards

Gift message

Gift registry

Gift wrapping

Google Analytics

Import/export

Infrastructure

Integration

Magento Shipping

MSRP

Newsletter

Orders

Page cache

Payment methods

Performance

Product video

Quote

Reports

Reviews

Rewards

Return Merchandise Authorizations (RMA)

Sales

SalesRule

Search

Shipping

Sitemap

Store

Swatches

Tax

Theme

Translation and locales

UI

URL rewrites

VAT

Visual Merchandiser

Web API

Wishlist

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/ReleaseNotes2.3.0OpenSource.html






2.3.0 (versione principale)
29 Dicembre 2018 - 700MBMagento Open Source 2.3.0 is a new major release, including a wealth of new features as well as hundreds of enhancements and fixes to the core product.



Known Issues

After installing a module and running 'setup:upgrade', you must run 'cache:clean config'.

When installing or upgrading Magento and upgrading PHP to 7.2, you must specify an encryption key value of 32 symbols (256 bits) or Magento will throw an error, and any sensitive, unsaved configuration data will be lost. When upgrading Magento and upgrading PHP to 7.2, make sure that your encryption key is exactly 32 symbols. To do this, navigate to 'System > Other Settings ** > **Manage Encryption Key' and either enter a new key or generate a new one. To change the key, make sure that 'app/etc/env.php' is writable.

Magento throws the following error when you try to use the API to create two products with the same name without specifying the URL key: 'URL key for specified store already exists'. However, when you try to create these products through the Admin, Magento does not throw an error, but instead appends a number to the converted URL key if two products have the same name.

For Inventory Management, ElasticSearch is supported only in Single Source mode for the Default Source. It is not supported in Multi Source mode with custom sources.

For Inventory Management, Single Source merchants may experience performance degradation with all products assigned to the Default Source and Default Stock. As a workaround for best performance, we recommend creating and assigning all products to one custom source and stock. This will affect bundled products support. To continue with bundled products, continue using Default Source and Stock in Single Source mode. We plan to have a resolution and bundled product multi-sourcing support in a later release. This does not affect Multi Source merchants.

The 'bin/magento setup:install — convert-old-scripts' command, which is used to create declarative schema files, has the following limitations. These limitations will be addressed in a future release: 1/ Only tables and columns are currently supported. 2/ Renaming of tables is not supported.



Security

More than 30 security fixes to core Magento code

Cache flush ACL provides granular access to cache management settings to prevent accidental changes that could potentially affect system performance

2FA/CAPTCHA protects the Admin panel against stolen passwords and affects stores against bots



Highlights

Merchant tool: Inventory Management now available

Improved developer experience: PWA Studio

Improved developer experience: Declarative schema now available

Improved developer experience: GraphQL API now available

Improved developer experience: Asynchronous Web APIs

Improved developer experience: Bulk Web APIs

Improved developer experience: Updates to Magento’s tech stack

Core extensions: Amazon Payments

Core extensions: dotmailer

Core extensions: Klarna

Core extensions: Magento Shipping

Core extensions: Vertex

Elasticsearch support for Magento Open Source version

Improvements to release packaging

Upgrade of Magento Functional Test Framework



Bug Fixes

web server configuration

Analytics

Backend

Bundle

CAPTCHA

cart and checkout

Cart Price rules

Catalog

Catalog Rules

code cleanup and refactoring

Configurable products

Cookies

Customers and Customer attributes

Dashboard

Directory

dotmailer

EAV

Email

Frameworks: Application framework

Frameworks: Configuration framework

Frameworks: Database framework

Frameworks: JavaScript framework

Frameworks: Session framework

Giftcards

Google Analytics

Google Tag Manager

HTML

Image

Import/export* many changes to 11

Klarna Payments

Locale

Messages

Newsletter

Order

Page cache

Payment methods

Performance

Pricing

Product video

Quote

Reports

Review

Rule

Sales

SalesRule

Sample data

Search

Shipping

Staging

Store

Swagger

Swatches

Tax

Testing

Theme

Translation and locales

UI

URL rewrites

Visual Merchandiser

Web API

Wishlist

Per saperne di più: https://devdocs.magento.com/guides/v2.3/release-notes/ReleaseNotes2.3.0OpenSource.html






2.2.11 (release di sicurezza)
12 Febbraio 2020 - 700MBMagento 2.2.11 offers platform upgrades and substantial security changes.



NOTICES

This release (Magento 2.2.11) marks the final supported software release for Magento version 2.2. Magento 2.2 will no longer receive security updates or product quality fixes now that its support window has expired.

Magento 2.2.11 has not been tested with PHP 7.1. PHP 7.1 reached EOL (End of Life) on December 1, 2019. We recommend updating your deployment to a supported version of PHP.



Cart and checkout

Administrators with appropriate but restricted privileges can now view the list of CMS pages at Content > Pages. Previously, Magento displayed this error: You cannot define a correlation namestore_table more than once.

A shopping cart that contains items no longer displays a subtotal and order total of zero when the Clear Persistence on Sign Out setting is disabled and the Redirect Customer to Account Dashboard after Logging in setting is enabled.



CMS content

You can now upload a video from the WYSIWYG editor.



Configurable products

You can now add new options with new images to an existing configurable product. Previously, when you clicked Save, Magento threw an error and did not save the new variations.

Simple products no longer disappear from the Admin configurable product list when you set the product quantity to 0.

Out-of-stock configurable product options are now listed as expected on the storefront when the Display Out of Stock Products setting is enabled on Admin > Store > Configuration > Inventory > Stock Options.



Inventory

You can now save an edited product when max_sale_qty is set to the Magento default value. GitHub-23319



Import/export

Magento now adds newly imported images after previously imported ones. Previously, Magento added these most recently imported images randomly.

The import process now maintains custom option prices that were assigned to different websites and scope before import. Previously, after import, these custom option prices were set to the default scope values.

Magento now correctly processes product prices during export when the All Store Views scope is set. Previously, the logic for updating the price of custom options in non-default websites was missing when the Catalog > Price setting was set to Website.



Indexing

The POST /V1/products/tier-prices endpoint now considers account indexer mode as expected.



Payment methods

You can now successfully complete an order using Braintree with PayPal when Shipping Flat Rate is activated. Previously, Magento displayed an informative error.

For orders paid with Payflow Pro, if the Vault Enabled option is set to Yes, Magento now displays accurate stored card information as expected on the order information page.



Persistent

Guest users can now check out after persistent shopping cart has been disabled. Previously, Magento displayed this error: No cart with such entityId=0.

Magento no longer creates a persistent cart session for logged-in users when the persistent cart feature has been disabled. Previously, Magento did not empty shopping carts for users when the user logged out.



Sales Rule

Select All on the coupon list of the Manage Coupon Codes page now works as expected.



Shipping

Shipping notification emails sent to customers now contain a link to order tracking.

Magento now displays the correct cost for shipping in the shopping cart when you return to the cart from the checkout page for an order being shipped to multiple addresses.



Search

Magento no longer throws an exception when search queries contain decimals.



URL rewrite

Category-specific URL rewrites are now generated as expected when importing and assigning a product to a category.

A category schedule update no longer unchecks the Use default value setting on the URL key for the store view.



Wishlist

Wishlists now accurately reflect product availability when a product has been added to a wishlist and then subsequently disabled. Previously, the wishlist displayed these contradictory messages: You have no items in your wish list and 1 item in wish list.

Products that are deleted from a wishlist from the Admin are now deleted from the storefront wishlist.

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/release-notes-2-2-11-open-source.html






2.2.9 (release di sicurezza)
26 Giugno 2019 - 700MBThis release includes 75 critical enhancements to product security, over 100 core code fixes and enhancements.



Security

75 security enhancements that help close cross-site scripting (XSS), remote code execution (RCE), and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. See Magento Security Center for a comprehensive discussion of these issues. All known exploitable security issues fixed in this release (2.2.9) have been ported to 2.3.2, 2.1.18, 1.14.4.2, and 1.9.4.2, as appropriate.

Google reCAPTCHA module for PayPal Payflow checkout. The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. Configuration information can be found in Google reCAPTCHA.



Infrastructure

Braintree payment method is now supported for checkout with multiple addresses

The CGI URL gateway in UPS module has been updated from HTTP to HTTPS

Google chart API updated to the Image-Charts



Bug Fixes

Includes dozens of bug fixes

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.9CE.html






2.2.8 (release di sicurezza)
27 Marzo 2019 - 700MBMagento Open Source 2.2.8 addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. Functional enhancements include support for Elasticsearch 6.0 and improved order creation workflow in the Admin. We strongly recommend that all merchants upgrade as soon as possible. 



Security

patch PRODSECBUG-2198 to address critical SQL injection vulnerability



Highlights

Merchant tool enhancements

Substantial security enhancements

Infrastructure improvements

Bundled extension enhancements



Bug Fixes

Backend 

Bundle products

CAPTCHA

Catalog

Catalog rule

Cart and checkout

Clean up and minor refactoring

Configurable products

CMS

Customer

Customer custom attributes

Directory

Downloadable

EAV

Email

Frameworks

General

Gift card

Gift registry

Google Analytics

Image

Import/export

Infrastructure

Integration

Layered navigation

Magento Shipping

Newsletter

Offline shipping

Payment methods

Pricing

Quote

Reports

Review

Reward

RMA

Sales

Sales rule

Search

Shipping

Store

Swatches

TargetRule

Tax

Theme

UI

URL rewrite

Visual Merchandiser

Web API framework

Widget

Wishlist

WYSIWG

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.8CE.html






2.2.7 (release di sicurezza)
6 Dicembre 2018 - 630MBSecurity

More than 30 critical security fixes.



Highlights

Core code highlights; General improvements / Wishlist

Shipping

Magento Functional Test Framework (MFTF)



Bug Fixes

More than 150 core code fixes and enhancements and over 350 community-submitted changes.

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.7CE.html






2.2.6 (release di sicurezza)
18 Settembre 2018 - 600MBHighlights

Substantial improvements to performance

Improvements to the reliability and ease of the checkout process

Configurable products are now sorted by visible prices as expected. 

Magento no longer sends duplicate delete requests as a result of an unstable Internet connection.



Magento Cloud highlights

We’ve added a Docker Compose configuration to the Cloud ece-tools repository for deploying a local development environment.

Merchants can now change store locales without the exporting and importing configuration process.

A new workflow lets merchant add a robots.txt file and generate a sitemap.xml file for a single domain configuration without requiring a change to the infrastructure.

Merchants can now define multiple locales for each theme using the new SCD_MATRIX environment variable, which reduces the amount of theme files to deploy.

Zero-downtime deployment has been implemented through a “connection holding” capability, which ensures no lost connections or site unavailability, providing smooth shopper experience even during deployments involving database schema changes.

We’ve fixed an issue that caused downtime between the deploy and post-deploy phase. Now, the post_deploy phase begins immediately after the deploy phase ends.



Amazon Pay highlights

Implementation of the Magento payment provider gateway, which provides developers a mechanism for integrating stores with payment providers.

Improved handling of virtual products.

New entry in the Admin that allows Amazon Pay to be displayed in the list of payment options.

Combined Synchronous, if possible and Asynchronous settings for authorization mode into one setting. Current settings are now Immediate (previously Synchronous) and Automatic (a combination of the previous Synchronous, if possible and Asynchronous).



dotmailer highlights

You can now request and capture the consent of customers and guests using dotmailer’s new Consent Insight.

You can import only those Magento contacts who have opted in (customer subscribers, guest subscribers, and other subscribers).

A warning alerts you when you are about to sync non-subscribers into a dotmailer account.

Improvements have been made to the retry process that results after a failed attempt to access EDC.



Klarna highlights

The Klarna Payments section now includes a link to Klarna automated onboarding and account sign in.

If an approved order is later identified as fraudulent, Klarna notifies the merchant and requests that they try to stop the order from being delivered. In addition, Klarna attempts to cancel the order automatically by sending notification to the merchant. See Managing Your Account for more information.

Shipping and discount order lines have been added to order management calls.

Klarna now passes shipping details in capture requests.

The Klarna API now returns the name and logo URL to use for each payment method instead of hard-coding the payment method names into the module.

For more information on these new features, see Klarna.



Magento Shipping highlights

Provide Click & Collect as a shipping option to customers, enabling them to directly collect shipments from designated source locations and stores

Configure source locations available for Click & Collect pick-ups

Updates to Shipment Form for UPS (US only)

Specify and modify packages and experiences for orders assigned to a batch

Book shipments for a batch

Print all packing slips and printing labels for the batch

New Shipment Reference field associates bookings between a carrier and a customer



Magento Social

Magento has removed the Magento Social Facebook integration, and no longer supports the extension.

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.6CE.html






2.2.5 (release di sicurezza)
28 Giugno 2018 - 560MBThis release includes multiple enhancements to product security plus bug fixes and enhancements.



Highlights

Enhancements that help close stored XSS, SQL injection, and cross-site request forgery (CSRF) vulnerabilities. See Magento Security Center for more information.

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.

Substantial improvements to indexing performance.

Over 150 community contributions.

Improvements to our core bundled extensions.

Merchants can now run the catalog search full text indexer and category product indexer in parallel mode by store view, which can significantly decrease indexer:reindex execution time when running Magento with multiple store views and shared catalogs.

Refactoring of the catalog full text indexer has improved indexing performance up to 15% for very large profiles (600,000 products) and product catalogs with many configurable options (5,000 configurable products and 500 options).

Improving the behavior of swatch product attributes has improved search result page performance up to 31% for catalogs with many configurable product options (for example, 5,000 configurable products and 500 options).

Customers can now create an account from the Order Confirmation page. Previously, a customer could not populate the required fields to create an account from this page, and Magento displayed an error.

Magento now correctly applies coupon codes that exclude bundle products. Previously, Magento applied these coupons but did not exclude bundle products as expected.

When sorting simple products, which catalog promo price rule is applied for, these products are sorted by a regular price instead disregarding the applied promo price. 


When sorting simple products with a required custom option, which catalog promo price rule is applied for, these products are sorted by a regular price instead disregarding the applied promo price.



Shipping

With core returns, merchants can select carriers to use for returns and send a return label along with forward fulfillment.

Batch processing increases automation and merchant efficiency by making it easier to process a large volume of shipments in batches.

Collection points provide the ability for customers to designate a drop point rather than residence for delivery by carrier.



Bug Fixes

Magento no longer permits you to re-run an already running cron job.

You can now successfully delete an option from a bundle product.

Magento now correctly applies coupon codes that exclude bundle products. Previously, Magento applied these coupons but did not exclude bundle products as expected.

Merchants can now run the catalog search full text indexer and category product indexer in parallel mode by store view.

The Category\Collection::joinUrlRewrite method now returns the URL of the store whose storeId is set on the collection. Previously, this method returned the name of the default store. Fix submitted by Alessandro Pagnin in pull request 13716. GitHub-13704

Sorting products by price now applies catalog rules as expected.

Sorting products with required custom options by price now works as expected.

Tier pricing for a single product unit now works as expected. If a tier price is set for one product unit, and this price is lower than the product price or special price, then the product price index table is populated with the tier price.

Magento now successfully saves products when using a locale that formats dates in this way: DD/MM/YYYY. Previously, when you tried to save a product in a locale where dates were formatted this way, Magento did not save the product, and displayed this error: Invalid input datetime format. GitHub-10485

When you import new products using a CSV file, Magento no longer lists as in stock any products whose CSV values indicate that they should be represented as out-of-stock.

When working in the media gallery, you can now successfully delete any files and folders that are symlinked in pub/media.

Magento now displays the correct status for a backordered configurable product on the order view page.

Magento now displays the correct image for a configurable product on the wishlist.

The Hide from Product Page option now works for the child product of a configurable product.

The Update on Save re-index operation now works as expected when re-indexing configurable products after changing options.

The product repository now uses store_id (if set) when saving attributes for an existing product. Previously, Magento always saved attribute values for an existing product at the default store level.

The placement of Google Tag Manager code now follows the guidelines in the Google Tag Manager Developer Guide. (Previously, the Google Tag Manager code was inserted before the dataLayer variable was defined.) 

The Related Products rule for up-sell products with customer segments set to Specified now works as expected. 

The data check on imported customer information now completes as expected. Previously, when you clicked Check Data on a large CSV file created by System > Data Transfer > Import, the request failed, and Magento displayed the timeout spinner. 

If you remove a product’s custom options from the CSV file created during product import, Magento no longer displays the custom options on the storefront. 

The search indexer is now scoped and multithreaded, which improves layered navigation, search, and indexing actions for complex sites with multiple store views and shared catalogs. 

Magento now filters recent orders by store on the customer account page as expected.

The performance and logic of Magento\Sales\Helper\Guest has been improved.

In multistore environments, Magento now retrieves the correct PayPal Payflow Pro credentials. Previously, Magento always retrieved the credentials that are configured for the default store. 

We’ve removed the count() method from the condition section for some loops in a small subset of backend files. When this method is used in a loop condition, it will be executed at every iteration, which can degrade performance.

Out-of-stock options for configurable products no longer show up in search and layered navigation results. 

Magento now caches popular search results for faster response time on popular searches. A system administrator can configure how many top search queries can be cached. 

Merchants can now choose whether to request and include tax information from UPS in the rate charged to the customer during checkout. (This permits merchants to pass on the tax costs to their customer as part of the overall shipping rate.)

Swagger now displays the text area that contains the payload structure of all POST and PUT operations. 

You can now use JavaScript mixins to extend swatch functionality in all supported browsers.

You can now use REST to update the available_payment_methods company extension attribute. Previously, Magento set to null any value you passed to the database company_payment table. 

The phpunit.xml configuration file is now blacklisted during schema validation static tests (particularly Magento/Test/Integrity/Xml/SchemaTest.php). 

The \Magento\Test\Php\LiveCodeTest::testCodeStyle method now uses whitelist files.

Magento no longer throws a 404 error when a customer navigates from the Catalog page of the default store to a custom Catalog page on a different store. 

The correct tax amount is now included as expected in the Order Total that is listed under the Order Summary section of the Orders page. Previously, the Tax amount field was missing from the Order Summary section, which resulted in an incorrect Order Total. 

The including tax and excluding tax fields on the Checkout page now contain correctly calculated prices. Previously, Magento displayed the same price in these fields. 

Magento now displays the Tax amount field in the Order Summary section of the Checkout page for orders that contain virtual products. 

Merchants can now create a Vertex invoice refund as expected after an order has been canceled. 

We’ve improved the performance of the Admin Create Order and Performance Compare Report in Plain Text - Catalog (server side) actions. 

Magento now prompts you to select order status if a customer does not select an option from the Order Status drop down list when setting the When to send Invoice to Vertex option. 

The Allow tax quote request at shopping cart page option has been removed from the Vertex Setting tab. 

Magento now disables Vertex API Status as expected when you set the Enable Vertex Tax Calculation option to no. 

Magento now displays the green checkmark and Vertex invoice has been sent message as expected when you set an order’s status to Suspected Fraud. 

Customers no longer receive a notice about negative tax amount after a merchant creates a refund on Vertex Cloud. 

We’ve improved the performance of editing or saving products in large categories (more than 18,000 products per category).

Per saperne di più: https://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.5CE.html






2.2.4
2 Maggio 2018 - 450MBThis release includes new tools and numerous functional fixes and enhancements, plus a substantial number of contributions from the wider Magento community.



Highlights

plugin: Amazon Pay added

plugin: Vertex added

plugin: Klarna Payments added

Numerous fixes and enhancements to the Magento Shipping and dotmailer bundled extensions. Merchants can now use dotmailer to create their own transactional email templates. Magento Shipping capabilities have been expanded, too.

Fixes and enhancements to core features, including performance improvements that enable faster shopping with image loading and search performance enhancements.

Almost 200 community bug fixes and enhancements.

Per saperne di più: http://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.4CE.html






2.2.3 (release di sicurezza)
28 Febbraio 2018 - 450MBThis release includes 35 enhancements to product security, a change to the Magento Admin to support recent USPS shipping changes, and a copyright update.



Highlights

Enhancements that help close cross-site request forgery (CSRF), unauthorized data leaks, and authenticated Admin user remote code execution vulnerabilities.

Support for Elasticsearch 5.x. See Install and configure Elasticsearch for more information about using Elasticsearch with Magento.

Change to Magento Admin to support recent USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied. If you require USPS postage printing capabilities, please visit Magento Shipping to learn more, and explore various shipping extensions on Magento Marketplace.

New layers of control for cache management tasks managed through the Magento Admin. This release introduces finer permissions for cache management tasks such as flushing cache storage, flushing the Magento cache, and refreshing cache types.

Updated copyright to 2018.

Per saperne di più: http://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.3CE.html






2.2.2
11 Febbraio 2018 - 450MBHighlights

Significant new features that streamline the customer experience and provide merchants with greater insight into their online business.

Numerous fixes and enhancements to core features, including significant improvements to the payment process.

Over one hundred community-submitted bug fixes and multiple pull requests.



New Features

Advanced Reporting powered by Magento Business Intelligence. Access easy-to-use order, product, and customer reports right from the Magento Admin to gain new insights and enable data-driven decision making.

Magento Shipping (powered by Temando). This new feature provides integrated advanced multi-carrier shipping and fulfillment.

Streamlined Instant Purchase checkout (contributed by Creatuity). Our new streamlined Instant Purchase option uses previously stored payment credentials and shipping information to bypass steps in the checkout process.

Integrated dotmailer marketing automation software. Magento is one of the first ecommerce solutions to include the dotmailer marketing automation with their core product.

Magento Functional Testing Framework. The Magento Functional Testing Framework (MTFT) is our open-source, cross-platform testing solution. Its purpose is to facilitate functional testing and minimize efforts to perform regression testing.



Bug Fixes

Significant enhancements for payment methods. We’ve added support for the Indian Rupee (INR) to PayPal Express Checkout. We’ve also added a fix for an issue where some Braintree refunds did not work.

Improvements to multi-storeview sites. Switching store views multiple times no longer results in an error on the storefront.

New functionality for the command-line interface. We’ve added interactivity to the admin:user:create command and added the ability to handle CLI setup interactively (with prompts).

You can now use the Enter key (in addition to a mouse click) to search tables in the Admin.

Magento no longer creates duplicate shipments when merchants create shipments with bundled products via API.



This release also includes dozens of bug fixes plus a substantial number of contributions from the wider Magento community.
Per saperne di più: http://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.2CE.html






2.2.1 (release di sicurezza)
7 Novembre 2017 - 450MBThese releases contain almost 15 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. They also contain over 40 functional enhancements, including significant contributions from community members.



Highlights

Integrated Signifyd Fraud Protection is now available in Magento Open Source. See Signifyd fraud protection for more information.

Ability to implement translations from themes. We've also significantly reduced JavaScript-related translation issues.

Improvements to how the PayPal Express Checkout payment method processes virtual products.

Multiple enhancements to product security. See Magento Security Center for more information.

Twenty-two community-submitted bug fixes and multiple pull requests.



Security

Magento 2.2.1 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.






2.2.0 (versione principale)
30 Ottobre 2017 - 450MBThis release includes hundreds of functional fixes plus a wealth of new features: a bundled extension, upgraded technology stack, performance gains from improvements in indexing, cart, and cache operation, and significant enhancements in platform security and developer experience.



Highlights

Bundled extensions. This release of Magento includes the first third-party extension that we are bundling with Magento Commerce – Magento Social. This extension establishes a connection between your store and your corporate Facebook account, and creates a page with products from your catalog. When shoppers click a product, they are redirected to the corresponding product page in your Magento store.

Significant enhancements in platform security and developer experience. Security improvements include the removal of unserialize calls and protection of this functionality to increase resilence against dangerous code execution attacks. We have also continued to review and improve our protection against Cross-Site Scripting (XSS) attacks.

Upgraded technology stack. We’ve dropped support for PHP 5.6, and Varnish 3. We now support PHP 7.1 Varnish 5, and MySQL 5.7. All third-party libraries have been upgraded to the latest stable version.

Pipeline deployment, a new deployment process, enables build and deployment stages to minimize production system downtime for site updates. Resource-intensive processes can run on the build server. Pipeline deployment supports easy management of configuration between environments, too. Read more about pipeline deployment here.

Performance gains from improvements in indexing, cart, and cache operations. Customers can browse and shop on a storefront while indexers are running with no visible impact to their experience. Additionally, long-running indexers operate in batches to better manage memory and run times. Cart improvements enable a buyer to create a cart with more than 300 line items, and merchants can process a cart with at least 300 line items. Varnish cache configuration now includes saint and grace mode to ensure Varnish is always presenting a cached page to a shop’s customers. Enhancements to cache invalidation logic and optimization of edge side include blocks for frequently changing data that significantly boost cache hit ratios.

Substantial contributions from our Community members. Our Community Engineering Team has been working with skilled and enthusiastic community members, and together they’ve added hundreds of pull requests to the Magento code base. For more information about our Community Engineering Team. see Magento Community Engineering.






2.1.18 (release di sicurezza)
26 Giugno 2019 - 530MBThis release includes multiple enhancements to product security.



Security

This release include security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.



Highlights

The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for a discussion of using the UPS shipment method. Shipping method configuration settings are described in the Shipping methods.

Magento now uses the Image-Charts free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019.

The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. No additional configuration is needed to deploy this feature.

We have modified the required permissions for updating the design fieldset of categories, products, and CMS pages:

Existing roles that have save permission for these entities can save everything.

New roles must be granted permission to edit design manually.

If you do not have permission to edit the design fieldset or use web API endpoints to update a category, Magento does not save your changes and the design properties remain unchanged.

Per saperne di più: https://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.18CE.html






2.1.17 (release di sicurezza)
27 Marzo 2019 - 530MBMagento Open Source 2.1.17 addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. We strongly recommend that all merchants upgrade as soon as possible.



Security

patch PRODSECBUG-2198 to address critical SQL injection vulnerability



Notes

Magento’s implementation of the Authorize.Net Direct Post payment method currently uses MD5-based hash for all M1 and M2 installations. As of June 28, 2019, Authorize.Net will stop supporting MD5-based hash usage.

Per saperne di più: https://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.17CE.html






2.1.16 (release di sicurezza)
6 Dicembre 2018 - 530MBMagento 2.1.16 contains over 30 security fixes and enhancements.



Highlights

Magento 2.1.16 now provides support for PHP 7.1.

The Magento UPS module has been updated to support new UPS API endpoints.

Per saperne di più: https://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.16CE.html






2.1.15 (release di sicurezza)
19 Settembre 2018 - 480MBThis release tains 25 security fixes and enhancements.
Per saperne di più: https://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.15CE.html






2.1.14 (release di sicurezza)
28 Giugno 2018 - 450MBThis release includes multiple enhancements to product security plus bug fixes and enhancements.



Highlights

Magento 2.1.14 contains 38 security fixes and enhancements. The enhancements help close stored XSS, SQL injection, and cross-site request forgery (CSRF) vulnerabilities. See Magento Security Center for more information.



Bug Fixes

The magento cron:run command now runs scheduled jobs as expected. Previously, cron generated only one job, no matter how many jobs were scheduled.

The misspelling in the name of the namespace in Magento\Cron\Observer\ProcessCronQueueObserver.php has been fixed. Previously, this misspelling resulted in a fatal error when this class was instantiated and run.

The magento setup:di:compile command now supports quoting for base paths. Previously, this command tried to exclude paths from the compilation process via regex in the excludedPathsList property. However, that property does not use quoting but instead contains the full path to Magento, which resulted in the failure to exclude some paths (for example,/var/www/magento (1)/).

Store getConfig() now respects valid false return values. Previously, the system represented the no setting as a string value of 0 (and 0 equals false), and as a result, this method fetched the default configuration values when a configuration value was set to no.

All console commands now return status.

We’ve added the web/unsecure/base_url config to both website and store scopes.

Magento now checks if storeId is not null rather than checking if it is empty. Previously, when storeId 0 is_empty returned true, Magento could not create a CMS page for all store views.

Magento no longer displays HTML tags in product meta descriptions.

The layout of catalog_rule_promo_catalog_edit.xml has been changed to adjust sidebar settings. Specifically, the layout attribute value has been changed from admin-2columns-left to admin-1column.

The Catalog Price rule’s contains condition now works as expected when the contains condition allows multiple options.

Enhancements to LESS code include moving several LESS variables to .lib-dropdown() variables and adding font-weight variable to navigation.less.

We’ve improved the display of the Payment Methods section of the checkout page on mobile devices. Previously, the layout of page elements was not correctly spaced.

You can now successfully override settings in module-directory/etc/zip_codes.xml. Previously, when you tried to override these settings, Magento displayed only the last pattern from the module’s zip_codes.xml.

Magento now displays accurate configurable product prices in multi-store environments. Previously, Magento displayed the same configurable product prices for all stores after the first store emulation.

You can now successfully save an address with a blank address field. Previously, when you saved an address that contained no text in an optional address field, Magento threw this error, 'Exception' with message 'Notice: Array to string conversion on line 2903 in lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php will be raised.

We’ve removed Billing Agreements from the customer_account.xml file in the PayPal module.

The color of the button on the email template when a user hovers over it has been changed from @button-primary__color to @button-primary__hover__color.

We’ve added JSON and XML support to the post method in the \Magento\Framework\HTTP\Client\Socket class.

Navigation menus without the display: inline-block setting now work as expected on deployments running on Internet Explorer 11.x. Previously, after a page refresh, navigation menus on pages running Luma or Blank themes would not work.

You can now successfully prevent the removal of a block or container by setting the remove attribute to false. Previously, setting this attribute to false did not cancel the removal of a block or container.

String type was added to \Magento\Framework\HTTP\Client\Curl to support sending JSON or XML requests.

We’ve improved the ability to store passwords using different hashing algorithms. These improvements include changes to \Magento\Framework\Encryption\Encryptor::getHash, which previously ignored the specified hashing algorithm version that was supplied.

You can now cancel the removal of a block or container from a layout by setting the remove attribute value to false.

You can now add an XML comment node as a parameter when adding a new widget declaration to widget.xml. Previously, if you added a comment as a parameter to a widget declaration, Magento displayed a 500 error.

The setAttributeFilter method now specifies the relevant table when calling the addFieldToFilter method. This method is called as part of the process of adding a field to the filter for the collection Eav/Model/ResourceModel/Entity/Attribute/Option/Collection.php. Previously, Magento displayed an error (ambiguous column name) when you joined tables containing column attribute_id.

We’ve added a CodeTriage badge to the magento/magento2 GitHub repository. See CodeTriage for more information.

The catalog gallery allowfullscreen setting In the theme’s view.xml file now works as expected. Previously, when you set the gallery’s allowfullscreen variable to false, Magento displayed a white page (instead of the product page) when a customer tapped on a product image while using a mobile device.

We’ve removed the ability of the Magento Framework to explicitly set file and directory permissions from the default cache backend. Removing this functionality allows permissions to be inherited properly from the file system, and respects SETGID bit and Magento umask settings.

Magento now installs the AdminGws module after it installs Magento_Authorization.

We added a RewriteBase directive template to the .htaccess file in the pub/static folder. Previously, if you set this directive in the .htaccess file in your Magento root directory, the Apache web server would miss files.

The robots.txt response header content type is now plain text.

Load query no longer uses requireJS to print.

You can now use a parameter to change the store code in Swagger, which makes it possible to test API calls in Swagger for different storeviews.

You can now use JavaScript mixins to extend swatch functionality in all supported browsers.

You can now translate the text associated with rating stars in product reviews.

We’ve fixed issues with the JavaScript translation regex file that previously led to untranslatable strings or parts of strings.

We’ve added a mage/translate component to the customer AJAX login action component, which enables the translation of the message that Magento displays if an AJAX call fails (Could not authenticate. Please try again later). Previously, Magento printed that message in English only, regardless of the storefront’s language setting.

Per saperne di più: https://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.14CE.html






2.1.13
3 Maggio 2018 - 450MBThis release includes both bug fixes and enhancements. 



Bundle

You can now specify a Bundle option title on a store-view level with changes to more than one store view. Previously, after making a change to the store view title of a second store view, the previous store view would show the default title for the store view title. 



Catalog

Magento now displays the correct final price of configurable products associated with catalog rules. Previously, the final price of a configurable product did not reflect any catalog rules associated with it. 

You can now successfully re-save a product attribute using a new name. Previously, an attempt to re-save the product attribute resulted in an error.

Magento now flushes the full page cache for all products that have been reindexed (both child and parent products). Previously, the configurable product page cache was not cleaned as expected.

Category page X-Magento-Tags headers no longer contain product cache identities when category display mode is set to Static block only.

When you set the category_ids attribute to be visible in the storefront catalog, Magento now displays catalog listings as expected. Previously, Magento threw an exception.

Magento now saves images as expected when you create a new category that contains an image, and then edit and re-save that category. Previously, it appeared that Magento saved the category as expected, but exception.log stated that there was a problem saving the images.

The category filter used for layered navigation for configurable products with no available options now counts products accurately. 

Magento now correctly displays product information after you perform an operation on more than one item. Previously, product information was not correctly aligned on the page.

The \Magento\Quote\Model\ResourceModel\Quote\Item\Collection now returns items that have existing relations only in catalog_product_entity table. 

The Hide from Product Page option now works for the child product of a configurable product. 

Product page attribute labels are now translated as expected when languages other than English are used. Previously, these fields were empty.



Cart and checkout

Magento now displays the expected state in the Multishipping New Address form when a customer enters information on the Ship to Multiple Addresses page.

When two customers check out concurrently for the same product, one of the check outs now succeeds. Previously, when two customers checked out concurrently for the same product, and the total quantity being ordered was greater than the quantity available, the stock became negative.

Display issues no longer prevent a user from adding a shipping address when checking out when running Internet Explorer 11.x. Previously, a registered user could not add a new shipping address in the shipping step of the checkout process due to display issues. 

Magento no longer caches warning messages as often as a customer clicks the Update Shopping Cart button while the shopping cart page loads. Previously, Magento cached a warning message each time a customer clicked this button while the page loaded in FireFox or Chrome, and this action resulted in multiple warning messages appearing on the top of the shopping cart page. 

You can now create unique checkbox IDs for the Terms and Conditions part of the checkout process.



Configurable products

Magento now reorders configurable attribute options as expected on the product page.

You can now disable a child product from a configurable product’s edit page. Previously, the child product’s status did not change after you selected Disable product. 

LowestPriceOptionsProvider now returns products with the tax_class_id attribute, which is used for price calculation operations such as tax adjustment.

 

Customers

window.checkout.customerLoginUrl now contains a URL that includes the referer in base64 encoding (for example, https://myshop.com/customer/account/login/referer/aHR0cHM6Ly9teXNob3AuY29tL2NoZWNrb3V0). Previously, the login URL did not include a referer (for example, https://myshop.com/customer/account/login).

Administrators can now reset customer passwords as expected when the max wait time between password resets setting has been disabled. Previously, when an administrator attempted to reset a customer’s password from the Admin, Magento displayed this error, Too many password reset requests, even when the max wait time between password resets setting had been disabled.

The Arabic language locale now uses the correct date format. Previously, when Magento was deployed using the JavaScript calendar and the Arabic (Kuwait) locale, It did not correctly display dates on the product page. (Date format was shown as 182017/05 instead of 18/05/2017.) 

Magento now refreshes customer data in localStorage upon customer log in, which results in proper loading of the customer’s cart. Previously, when a customer with existing cart items logged in using the authentication popup, the mini cart did not display her cart items.



Framework

vendor/magento/framework/composer.json now declares a dependency on magento/zendframework1. Previously, packages depending on magento/framework packages failed to execute.

configuration framework: Scope-based configuration now decrypts data as expected. Previously, scope-based configuration failed to decrypt data on the default store only.

session framework: When you add a product to your wish list after logging out, Magento now redirects you to your account wish list page and adds the product. Previously, you were redirected to your wish list page, but Magento did not add the product.

web API framework: When you used REST to create a paginated search of products, Magento now includes category_ids as expected in the custom_attributes section of listed products.

zend: We’ve upgraded the Zend framework Zend_Service component.



General

The htmlentities function has been replaced with the htmlspecialchars function. 

You can now delete more than one record using the content block manager. Previously, when working in the content block manager in the Admin, Magento threw a fatal error when you tried to delete more than one record.

The newsletter title string in the block template is no longer hardcoded.

The \Magento\Quote\Model\ResourceModel\Quote\Item\Collection now returns items that have only existing relations in catalog_product_entity table, which prevents the loading of quote items for non-existing products. 

In environments running Varnish, the menu item of the active category page is now handled as the active class as expected. Previously, activating the cache interfered with Magento setting the appropriate CSS class to active in environments where Varnish was enabled.

The currency switcher now works for widgets on the home page. Previously, if your website supported multiple currencies, the currency switcher did not update the currencies for widgets on the home page. 

Customers can now add a new address during the shipping step of the checkout process when accessing the store from Internet Explorer 11.x. Previously, when a customer tried to create a new address from the checkout page, the Add address button was not visible. 

Magento now creates a URL rewrite when you save a newly created CMS page. Previously, when you tried to access a newly created CMS page using information from the URL Key field, Magento displayed a 404 error.

You can now use the custom layout handler form (cms_page_view_id_cms_page). Previously the cms module added an additional layout update handler with an identifier on page view, and problems occurred when slashes were used in the page identifier.

Duplicate array keys in app/code/Magento/Bundle/Block/Adminhtml/Catalog/Product/Edit/Tab/Attributes/Extend.php and app/code/Magento/Downloadable/Helper/File.php have been removed.



Index

You can now view the state of the mview queue in real time, which can be useful when debugging indexing issues. You can now view how many items are in the queue pending processing, as well as view information from the mview_state table.



Newsletter

Merchants can now successfully unsubscribe customers from a newsletter from the Admin.



Order management

Invoices now display coupon code information as expected.

The cancel order and restore quote methods now accurately calculate the amount of stock to be returned to inventory when an order is canceled. Previously, when you canceled an order, some of these methods did not accurately calculate the amount of restored stock.

You can now alter the transport variable in the email_invoice_set_template_vars_before event.



Payment methods

The is_active and is_visible columns now default to true even when column default values are not set in the vault_payment_token installation script.

Magento now processes credit memos as expected when refunding an order from PayPal. Previously, when Magento refunded an order from PayPal, it created a credit memo, but the credit memo was not assigned a status (that is, the database status field is null), and the order status remained as processing. 

Administrators can now create orders in the Admin for stores other than the default when using Paypal Payflow Pro. 

You can now implement a product attribute that sets Catalog Input Type for Store Owner equal to Fixed Product Tax in a multistore environment.



Reports

When generating the output of Reports > Marketing > Products in Cart, Magento no longer calls the data of products that have been deleted from the cart.

The Admin’s Most Viewed Products tab now displays all relevant information about products, even when they are not in the default attribute set.

You can now successfully export the Ordered Products report to a CSV file. Previously, the export file contained no report data. 



Scope

Products are now activated only for specified websites after a scheduled update has run. Previously, Magento incorrectly activated the product for all websites when the scheduled update event ended. 



Search

Layered navigation now displays the correct product count. Previously, the layered navigation product count incorrectly included only in-stock products. 

When you switch between multiple currencies on the storefront, Magento now converts the product price into the correct currency.



Shipping

We’ve resolved an issue where Magento did not display applicable flat-rate USPS box methods during checkout.



Swagger

The code formatting in the Swagger block and template has been updated. 



Swatches

You can now use REST to import visual swatch attribute options. Previously, you could not add swatch options using service contracts unless a swatch option already existed for the attribute.



Translations

Inline translations and custom translators now work for knockout templates.



UI

Magento now validates XML against the schema file when saving custom layout update XML in the CMS page in production mode.

Creating a new product with a custom attribute set now works as expected.

Magento no longer displays the current date when a product’s date attribute has an empty value.



Wish list

The default value for a wish list item’s buyRequest data is now always an array. Previously, this value was set to null.

Per saperne di più: http://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.13CE.html






2.1.12 (release di sicurezza)
28 Febbraio 2018 - 450MBThis release contains 38 security fixes and enhancements.



Highlights

Enhancements that help close authenticated Admin user remote code execution, unauthorized data leaks, and cross-site request forgery (CSRF) vulnerabilities.

Change to Magento Admin to support upcoming USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied. If you require USPS postage printing capabilities, please visit Magento Shipping to learn more, and explore various shipping extensions on Magento Marketplace.

Updated copyright to 2018.

Per saperne di più: http://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.12CE.html






2.1.11 (release di sicurezza)
11 Gennaio 2018 - 450MBThis release includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.



2.1.11



Highlights

Significant enhancements for payment methods. We’ve fixed an issue where some Braintree refunds did not work. Braintree online refunds now work when you are using two Braintree accounts on two separate websites.

Corrected sitemap generation. Magento no longer generates the sitemap in the wrong directory when vhost is connected to /pub. Previously, Magento generated the sitemap in the root folder instead of the pub folder. GitHub-2802

When a simple child product on a configurable product has a lower price (either regular, or special price) than the other options (variations), the configurable product without any selected options now indicates that the price could be “As low as” = . Previously, if a simple child product has a price that is lower than the other options, and no options on the configurable product have been selected yet, the configurable product will be shown with with the lowest available price.

You can now add a configurable product to your cart from the Category page. Previously, you had to review the product on the Product page before adding it to your cart.



New Features

Support for the Indian Rupee (INR) in PayPal Express Checkout

New commands and functionality for the command-line interface. We’ve added interactivity to the admin:user:create command, and added the ability to handle CLI setup interactively (with prompts).



This release also includes dozens of bug fixes plus a substantial number of contributions from the wider Magento community.



2.1.10



Highlights

Significant reduction in JavaScript-related translation issues.

Improvements to how the PayPal Express Checkout payment method processes virtual products.

Multiple enhancements to product security. See Magento Security Center for more information.

Forty-four community-submitted bug fixes and multiple pull requests. These pull requests feature improvements in cacheing for configurable products (pull request 9809) and enhancements to the URL rewrite mechanism (pull request 10164).

Support for management of multiple instances in the same crontab. These two new CLI commands (cron:install and cron:remove) were submitted by community member adrian-martinez-interactiv4.



This release also includes dozens of bug fixes and multiple security fixes.
Per saperne di più: http://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.11CE.html






2.1.9
30 Settembre 2017 - 450MBMagento 2.1.9 contains almost 40 security fixes and enhancements.



Highlights

Enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. See Magento 2.0.16 and 2.1.9 Security Patches for a comprehensive discussion of these issues.

Support for changes to the USPS API that USPS implemented on September 1, 2017

Fixed issue with logging information about exceptions caused by payment failures

Change to how Magento displays status updates during upgrade.






2.1.8
1 Settembre 2017 - 438MBMagento 2.1.8 contains over 100 functional fixes and enhancements as well as pull requests from the community. Look for the following highlights in this release:



Highlights

Multiple enhancements to static content deployment and generation

Improvements to indexing of large catalogs, cache tuning, and **URL re-writes

Reduction in the amount of memory that mass actions require, and performance optimization

Faster deployments for multi-language sites






2.1.7 (release di sicurezza)
1 Giugno 2017 - 438MBMagento 2.1.7 contains over 15 security enhancements as well as critical enhancements to the security of your Magento software.



Highlights

Support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN), and this release of Magento provides support for transactions made with cards using these new BINs. MasterCard describes the issue here.

Resolution of multiple high priority and critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento 2.0.14 and 2.1.7 Security Patches for a comprehensive discussion of these issues.

Reversion of the changes to image resizing that we introduced in 2.1.6. Certain image resizing changes introduced unanticipated problems. We have reverted these changes in this release, and will provide improvements to image resizing in a future product update.






2.1.6 (versione principale)
27 Aprile 2017 - 438MBHighlights

PayPal enhancements include PayPal in-context checkout and saved credit cards. In-context checkout helps to increase conversion rates 69 bps by allowing shoppers to pay with PayPal without leaving the merchant’s site. PayPal saved credit cards boost repeat purchases by allowing merchants to securely store credit card information with PayPal so customers do not need to re-enter it in checkout or when reordering items from the Admin interface.

Braintree Hosted Fields securely collect all sensitive payment information in checkout so merchants can qualify for the simplest set of PCI compliance requirements. Merchants retain complete control over their checkout style and layout because Braintree gathers credit card data using small, transparent iframes that replace individual payment fields. Braintree settlement reports are now also conveniently available within the Magento Admin.

Improved management interfaces make it faster and easier to search for information in the Admin, set up global search synonyms, and create new product, category, and CMS content.






2.0.18 (release di sicurezza)
28 Febbraio 2018 - 310MBThis release includes 35 enhancements to product security, a change to the Magento Admin to recent upcoming USPS shipping changes, and a copyright update.



Highlights

Enhancements that help close authenticated Admin user remote code execution, unauthorized data leaks, and cross-site request forgery (CSRF) vulnerabilities.

Change to Magento Admin to support upcoming USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied. If you require USPS postage printing capabilities, please visit Magento Shipping to learn more, and explore various shipping extensions on Magento Marketplace.

Updated copyright for 2018.






2.0.17 (release di sicurezza)
7 Novembre 2017 - 310MBMagento 2.0.17 contains almost 40 security fixes and enhancements.



Highlights

Ability to implement translations from themes. We've also significantly reduced JavaScript-related translation issues.

Improvements to how the PayPal Express Checkout payment method processes virtual products.

Multiple enhancements to product security. See Magento Security Center for more information.



Security

Magento 2.0.17 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.






2.0.16 (release di sicurezza)
15 Settembre 2017 - 310MBMagento 2.0.16 contains almost 40 security fixes and enhancements.



Highlights

enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. See Magento 2.0.16 and 2.1.9 Security Patches for a comprehensive discussion of these issues.

support for changes to the USPS API that USPS implemented on September 1, 2017

change to how Magento displays status updates during upgrade.






2.0.15
18 Luglio 2017 - 310MBMagento 2.0.15 includes only one enhancement: Support for changes in PayPal's Instant Payment Notification (IPN) service.





2.0.14 (release di sicurezza)
1 Giugno 2017 - 310MBMagento 2.0.14 contains over 15 security enhancements as well as critical enhancements to the security of your Magento software.



Highlights

Support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN), and this release of Magento provides support for transactions made with cards using these new BINs. MasterCard describes the issue here.

Resolution of multiple high priority and critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento 2.0.14 and 2.1.7 Security Patches for a comprehensive discussion of these issues.






2.0.13
17 Aprile 2017 - 310MBMagento 2.0.13 updates the copyright date in every file. It does not contain any functional changes or security improvements. Isolating these changes in a single release is intended to simplify future updates and developer workflow.





2.0.12 (versione principale) (release di sicurezza)
7 Febbraio 2017 - 310MBMagento 2.0.12 contains more than 20 functional fixes and enhancements and one security enhancement.



Highlights

Removal of vulnerability with the Zend framework Zend_Mail library. 

Updates to the catalog, payment, and sales modules.



Security

his release includes an important enhancement to the security of your Magento software. While there are no confirmed attacks related to the Zend framework Zend_Mail library vulnerability to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento software to the latest version as soon as possible.






2.0.10 (release di sicurezza)
26 Ottobre 2016 - 310MBSecurity

You can no longer delete a currently logged-in user.

Fixed issue that occurred during update with disclosure of the application's internal path.

Fixed issue that occurred during setup with disclosure of the application's internal path.

Sessions now expire as expected after logout.

Fixed issue with using the Magento Enterprise Edition invitations feature to insert malicious JavaScript and subsequently execute it in the Admin context.

You can no longer change or fake a product price from the Magento storefront and then complete an order with that fake price.

A user with lesser privileges can no longer use a JSON call to force an Admin user to add his private or public key.

Fixed remote code execution issue in checkout.

Upgrade now places stores in maintenance mode as expected. (GITHUB-3191)

Resolved issue with potential SQL injection through the use of the ordering or grouping parameters.

Fixed issue with retrieving potentially sensitive information through the use of backend media.

The Guest order view protection code is no longer vulnerable to brute force attacks.

Fixed vulnerability to DoS attacks by full page cache poisoning.

Removed vulnerability in cart checkout experience by enhancing server-side CSRF validation.

Resolved a potential vulnerability in which customer addresses could be deleted. You can no longer deceive a user into deleting his store address book entries.

Fixed issue with XSS reflection in the loading section of REST requests.

Fixed issue with potential storage of malicious XSS code in the body of an email template. (A malicious user could use this this script to steal user information and cookies, or to bypass cross-site request forgery protection.)



Sales API enhancements

We've added the ability to change the status of a shipment through the web API. The new ShipOrder interface support tasks you can already do through the Admin dashboard, including the ability to: create a shipment document (full or partial); add details about shipped items into an order; change status and state of an order according to; performed actions; notify customer about new shipment document.

We've added the ability to change the status of an invoice through the web API. The new InvoiceOrder interface supports tasks you can already do through the Admin dashboard, including the ability to: create an invoice document (full or partial); capture money placed with order payment; notify a customer about document creation; change order status and state.



Performance

We've improved the load speed of the configurable product form.

We've improved the load speed of the review step for the wizard used to create a configurable product.



Tracking and shipping

Changing the city field of an order now affects the shipping rate as expected. Previously, the shipping rate was not updated when you changed the city on your order form.

Magento now returns UPS shipping rates for Puerto Rico.

Magento no longer throws an exception if you enter an invalid FedEx shipment tracking number.



Cart and checkout

Magento now updates the mini cart as expected when you reorder an item. Previously, Magento added the reordered items to the shopping cart, but the mini cart did not update its item count. (GITHUB-6121)

You can now use an alternative Merchant Account ID when using Braintree as a payment method. (GITHUB-5910)



General fixes

Magento now returns you to the Admin dashboard after you've successfully changed your Admin password. Previously, Magento prompted you to change your password even after you just successfully changed it. (GITHUB-4331)

You can now update multiselect attribute values for multiple products from the server side. (GITHUB-5459)

State/Province field is now displayed as required on the Add New Address page. (GITHUB-5279)

Maestro credit card now passes validation.

The cursor now appears as expected when you edit a product description.

Visual swatches are now displayed when in search results.

GiftRegistry *.less file is not properly packaged in the composer package

Delete paging functionality for configurable product variations.

The order comment timestamp now correctly reflects the time that the comment was submitted, not when the page was last refreshed. (GITHUB-5719), (GITHUB-5890)



Known issues

Issue: Logo Email for transactional emails can not be uploaded successfully (GITHUB-6275). Workaround: Create a header template and reference the image location absolutely.

Issue: Cannot save a custom transactional email logo. Workaround: None.

Issue: The scope selector on the Product page does not display all websites associated with a restricted user. Workaround: None.






2.0.9
15 Agosto 2016 - 310MBFixed issues

Shopping cart: Magento no longer displays an incorrect price in the shopping cart when using multiple shipping addresses.
The Minicart Maximum Display Recently Added Item setting now works as expected. Previously, Magento displayed all the items in the shopping cart, even when the number of items exceeded this limit. (GITHUB-4750)
Performance: We've improved storefront performance when you use many variations of a configurable product.
Cart Price Rules are now applied as expected to Payment method conditions. Previously, discounts set in Cart Price Rules were not applied during checkout.
You can now save a product for which you've entered no Swatch attribute value when this attribute is not required. Previously, during product creation, Magento would not save the product unless you added a value to the swatch attribute even with "Values Required" set to No.
Attributes of the salesInvoiceRepository methods are now correctly type cast. (The datatype is now a float – not nullable float.) Previously, due to the use of an incorrect data type cast, Magento would produce an error when calling the salesInvoiceRepositoryV1GetList methods. (GITHUB-3605)
We've renamed the Tier Price option on the Advanced Pricing tab to Customer Group Price option.
Tier pricing now works correctly with full page cache. (GITHUB-5364)


Known issue

The Sales API does not currently support all the update operations on objects that you can execute from the Admin panel. (Objects in this context include orders, invoices, shipments, credit memos, and return merchandise authorizations.)






2.0.7
21 Giugno 2016 - 310MBFixed

The payment gateway now works as expected in a Magento installation running PHP 7.0.3. Previously, when you would place an order in an installation running PHP 7.0.3, the checkout page would become unresponsive, and the transaction would not appear in the payment gateway. (GITHUB-2984, GITHUB-2878, GITHUB-3305, GITHUB-4076).






2.0.5
28 Aprile 2016 - 310MBSecurity

Issue with persistent cross-site scripting through a user account has been resolved.
Magento now supports setting limits on password attempts. Previously, Admin and Customer Token API access did not limit the number of attempts to enter a password, inadvertently allowing brute force attempts to guess passwords.
APIs that previously granted access to anonymous users are now configured to require a higher permission level. Default product behavior does not permit anonymous access to Catalog, Store and CMS APIs. However, if you would like to allow anonymous access, you can change this setting.
Magento now prevents the arbitrary execution of PHP code through the language package CSV file.
The encryption keys that are generated in System > Manage Encryption Key have been strengthened.
Reflected XSS can no longer occur through the Authorizenet module's redirect data.


Upgrade and Installation

Magento no longer creates store data inconsistently during installation.
During upgrade, the setup:config:set script no longer deletes values in the env.php file.


Import

Magento now successfully imports existing products as well as products that use custom URLs.
Product import now works successfully in a multi-store environment. Previously, Magento would display the following error message, "URL key for specified store already exists", when importing products into a multi-store configuration.


Export

Export performance has been enhanced. Pages no longer hang randomly, and CPU usage is no longer pegged. (GITHUB-3217)


APIs

The Orders API now exposes the shipping address. This corrects an issue with using this API to integrate with third-party systems.
The SOAP API now returns attributes of type "text swatch" and "visual swatch" when you use the API to add attribute options. Previously, this feature did not work for these attribute types.


PHP

Magento now allows you to use arguments of url type in nested arrays. Previously, you could pass route parameters only if the url argument was declared at the top level.


Database

Magento no longer duplicates queries to the database from the Catalog page. Instead, if Magento has already loaded specific data during request processing, it re-uses it instead of duplicating the query.
Magento no longer duplicates SQL queries on CMS and Category pages. Previously, significant duplications occurred.


Miscellaneous

Magento no longer displays HTML tags in messages.
Product performance has been enhanced when loading catalog products with multiple color swatches.
Magento now successfully saves and displays new customer attributes.
Magento performance has been improved by the removal of redundant get requests that previously occurred during shopping cart refresh.
Selecting the Use Aggregated Data option now correctly displays Dashboard data. (GITHUB-3459)
Magento now displays the expected color swatch when you select a color swatch for a configurable product. Previously, Magento did not change the color when you selected a swatch.
HTML template minification now properly handles commented code.
Deleting one of several custom options no longer deletes all options. Previously, deleting one option from the Product page also deleted all other custom options. (GITHUB-2989)
When Full Page Cache (FPC) is enabled, the CAPTCHA image differs for every user. Previously, the CAPTCHA image on the registration page remained the same for every customer after FPC was enabled.
Google no longer indexes the Admin URL. Previously, Google indexed the Admin side meta tag. The frontend meta tag was not affected.
Magento no longer sends a subscription success email whenever a customer enters his email address to subscribe to a newsletter. Users receive a "thank you for your subscription" message and a subscription success email only when registering for the first time.
Guests can now successfully click on the product page link for any item in an emailed shared wishlist.
Custom customer attributes are now saved at checkout.






2.0.2
3 Febbraio 2016 - 310MBThis release resolves issues that some users encountered while upgrading from Magento 2.0.0 to Magento 2.0.1.





2.0.1 (versione principale) (release di sicurezza)
26 Gennaio 2016 - 310MBWe are pleased to present Magento Community Edition 2.0.1, the next generation of the world’s leading digital commerce platform. This patch release contains several important functional updates, including official support for PHP 7.0.2. This release also includes numerous enhancements to improve the security of your Magento 2.0 installation. While there are no confirmed attacks related to these issues to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. 



PHP 7 Compatibility

Magento 2.0.1 adds support for PHP 7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports new PHP language features.


USPS API Changes

On January 17, 2016, USPS made several changes to their services, rates, and package names. The updates are reflected in this release, and include the following changes: Standard Post renamed "Retail Ground", Flat Rate Box for Priority Mail Express Eliminated


Security Enhancements

SQL injection
Persistent XSS vulnerability for order comments made from Admin
Ability to save XSS code into database
Reflected XSS in cookie HTTP header
CSRF vulnerability on cart checkout
Ability for users to bypass filter by editing inline translations
Ability to access core system information using CMS blocks and cache entries
Ability to save XSS code through custom options
Ability to bypass Magento storefront CAPTCHA
Persistent XSS using customer name
Ability for unauthenticated users to delete any product review from the storefront
Attackers able to access order information in the store
Lack of password quality enforcement when changing admin passwords


General

Catalog price rule when specifying subproduct discounts.
Shopping cart for a registered user not returning a full list of selected products. The shopping cart of a registered user now operates as expected.
Failure to update minicart after completing an order using PayPal. Magento now clears the minicart as expected after you complete a purchase with PayPal.
Customer Edit form not appearing when you create a new Customer using a customer attribute. The Customer Edit form now appears as expected.
Sending messages using the wrong AMQP connection alias. Messages are now sent as expected.
Redundant calls to plugin methods.
Cart subtotal not including custom option prices in order calculations for configurable product. Shopping cart subtotal calculations now include custom option prices.
Catalog price rule not applied to the product created through the web API. Magento now applies the catalog price rule as expected.
Inconsistent application of discounts across all relevant configurable products. Magento now correctly displays discounts for all relevant options of a configurable product.
Incomplete display of category fields when working in store view scope. Magento now displays all scope information as expected.
Inability to create and save a new Content block. You can now add new blocks from the Admin.
Issue with checkbox component behavior. Checkbox component now displays expected behavior. Magento sends the checkbox input value (original) data only if the checkbox is checked upon form submission.
Selected country information not appearing at checkout.
Not all classes able to be intercepted in early stages of application life cycle.
JavaScript errors when loading product tables on a catalog page.
Failure during creation when Google experiments is enabled.
Unspecified resetting of product assignments after applying a filter from a category product listing.
Incorrect target for the "Learn More" link on the Payment Methods Configuration page.
Changes in the USPS API to match updated USPS method names.
Prices incorrect on product page for configurable product when catalog prices include tax.
Synonyms not working.
Orders not created when Include Tax in Order Total is set to "Yes."
Shipping address in the Orders API now exposes the shipping address value.
The Replace feature of the Import Product works in a multistore environment.
Magento now displays product tables correctly when an administrator navigates to Product > Inventory > Catalog after either of these two actions: 1) first time after product installation; 2) clearing cache and static file directories.
Creating a product with an empty file as a custom file option now works correctly.
Added autoload functionality instead of direct paths to load dependent files.
Product URL rewrites now works correctly when accessed from a Category page.


Import

Error during product import. Validation now works correctly.
Container components not disabled during import.


Testing

Legacy tests fail due to obsolete paths. References to classes in the legacy build removed.
Integration tests fail on Magento 2.0.


Performance

Redundant executions of MessageBox plugin.
Redundant executions of StoreCookie plugin.
Catalog pages in Magento installations running Varnish.
Swatch module on a category product listing page.
Large stores with a significant number of customers.


Installation and Upgrade

Issue with precompilation.
Product performance after an upgrade that modifies the database schema.
Accessing sample data after deploying Magento with composer create-project.
Travis Cl build failures due to authentication to repo.magento.com.


PHP

PHP syntax error prevents the collection of all phrases for translation.
Magento tries to save twice when a product is added to the catalog.
Code Migration tool randomly hangs and terminates with an error.






2.0.0 (versione principale)
24 Novembre 2015 - 310MBThe new Magento 2 platform empowers brands, retailers, and businesses across B2C and B2B industries to quickly and cost-effectively deliver engaging omnichannel shopping experiences. Magento 2 also offers enhanced performance and scalability,  new features to boost conversion rates, and business agility and productivity improvements. The new platform also builds on our open source heritage and offers unmatched flexibility and innovation opportunities to our global ecosystem of partners and developers.





1.9.4.5 (release di sicurezza)
28 Aprile 2020 - 200MBThis version (or patch SUPEE-11314, which applies to older versions of Magento) provides resolution of multiple critical security issues. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.



We recommend upgrading your Magento store to this latest version. See Magento | APSB20-22 for a comprehensive discussion of these issues.
Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.4.4 (release di sicurezza)
29 Gennaio 2020 - 200MBThis version (or patch SUPEE-11295, which applies to older versions of Magento) provides resolution of multiple critical security issues and functional fixes. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.



Fixed issues and enhancements

The Disable button present when you run the compiler from Admin > System > Tools > Compiler is now enabled as expected. Previously, when you click the Disable button, it did not change state.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.4.3 (release di sicurezza)
10 Ottobre 2019 - 200MBThis version (or patch SUPEE-11219, which applies to older versions of Magento) provides resolution of multiple critical security issues and functional fixes. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.



Bug Fixes

WebserviceX has been removed from the Magento 1.x code base.

This release adds two new currency services for currency rate import: CurrencyConverterAPI and FixerIO



Known Issues

This release includes a fix for a security vulnerability that potentially allowed changes to protected store settings. As a result, extensions or customizations that depend on saving configuration fields that are not defined in system.xml files may no longer work correctly.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.4.2 (release di sicurezza)
26 Giugno 2019 - 200MBThis version provides resolution of multiple critical security issues and functional fixes. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. We recommend upgrading your Magento store to this latest version.



Bug Fixes

The Magento logging feature now works as expected after the SUPEE-11086 patch is installed. Previously, after application of this patch, Magento could only write only to a file that already existed on the server, and did not create new log files. 

Magento 1.14.4.0 and the PHP7.2 support patch now include the same files as expected. The previous version of the patch did not include the following three files, which were included in Magento 1.14.4.0. Magento 1.14.4.0: lib/phpseclib/PHP/Compat/Function/array_fill.php, lib/phpseclib/PHP/Compat/Function/bcpowmod.php, and lib/phpseclib/PHP/Compat/Function/str_split.php.



Known Issues

You can no longer upload files with the extension .swf to the WYSIWYG editor.

Third-party checkout extensions and closed security cases will either not not work securely or will not work at all.

The Authorize.net Direct Post module  has been enhanced to support the replacement of Authorize.net’s MD5-based hash with a (SHA-512) signature key. Authorize.net will no longer support implementations using the MD5-based hash as of June 28, 2019. You will need to update your signature key after upgrading to this version of Magento. For information about updating your signature key, see the Get a New Signature Key discussion in the Update Authorize.Net Direct Post from MD5 to SHA-512 help article. Note that although this help article describes how to install the earlier patch, merchants upgrading to this release of Magento are not applying the patch and should consult only the Get a New Signature Key discussion. If you’ve applied the patch to your Magento installation while running an earlier version of Magento, uninstall the Update Authorize.Net Direct Post from MD5 to SHA-512 patch before upgrading to this release.

You can no longer preview JavaScript in a newsletter template in the Admin.

Sitemap names cannot exceed 32 characters.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.4.1 (release di sicurezza)
29 Marzo 2019 - 200MBMagento 1.9.4.1 provides resolution of multiple critical security issues and functional fixes. We recommend upgrading your Magento store to this latest version.



Security

Includes patch SUPEE-11086 as well as all previous security patches and PHP 7.2 compatibility patch



Highlights

Includes dashboard charts patch MPERF-10509.diff

Does not include Authorize.net Signature Key patch due to issues with signature generation for non-English characters in addresses 



Bug Fixes

Google Image Charts has been deprecated and replaced by Image-Charts for dashboard charts.

Layered navigation now works as expected when full page cache and block caching are enabled.

Errors caused by problematic PHP error logging have been resolved.

Magento now displays the following message when an invalid character is used, Attribute code is invalid.

You can now add to the cart products with custom options for which the custom option checkbox has not been checked.

URL redirects for products now work as expected.

Magento now displays payment information during the confirmation step of check out and successfully processes an order when inline translation is enabled.

You can now create a staging website when development mode is enabled.

You can now successfully delete a website by clicking Delete Website as expected.

You can now add a banner by clicking Add Banner from the Admin.

Magento no longer throws an Undefined index: is_recurring error when when you try to save a product when deploying Magento with development mode enabled.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.4.0 (release di sicurezza)
9 Dicembre 2018 - 200MBThis version provides resolution of multiple critical security issues and functional fixes. This release also provides support for PHP 7.2.



Security

Resolves security issues including remote code execution (RCE), cross-site scripting (XSS), and cross-site request forgery (CSRF).



Highlights

This release provides support for PHP 7.2.

We’ve removed the CC module. As a result, third-party modules that depend upon either the ccsave method or the xmlconnect method will not work as expected. Third-party themes that implement ccsave will not work as expected, either.

The Magento logo has been updated throughout the code base.

The Continue button now works as expected on the Payments step of checkout when paying with the PayPal payment method.

Google Tag Manager now logs sales information in Google Analytics as expected.

The product export CSV file now contains columns for super attributes.

Magento no longer throws an error when a customer accesses their shopping cart after items in their cart have been removed due to a timeout. Previously, Magento displayed this error, `Notice: Undefined variable: freePackageValue in /var/www/dev/htdocs/app/code/core/Mage/Shipping/Model/Carrier/Tablerate.php on line 130`.

Clicking on a configurable product’s swatch on the product list page now updates product price as expected.

Customers can now successfully add a grouped product to their shopping cart when category permissions are enabled. Previously, Magento did not add the product to the cart, but instead displayed a descriptive error message.

Magento no longer displays incorrect prices on the storefront after a failure of the enterprise refresh index.

We’ve resolved issues in the indexing locking mechanism that previously resulted in Magento throwing an exception after indexing completed.

Magento no longer throws a fatal error when a merchant uses an already reserved word to name a product attribute.

Magento now adds the correct sales tax to orders being shipped to U.S. addresses that use zip codes with the optional four-digit suffix (for example, 73365-1234). Previously, the Tax rule triggered a failure if the U.S. zip code that had this optional four-digit suffix.

Magento now displays all products on a production website that were edited by a role-restricted user on the associated staging website.

We’ve resolved an issue that caused Target Rules to throw an exception when a customer opened a product view page.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.10 (release di sicurezza)
3 Ottobre 2018 - 200MBThis release fixes multiple critical security issues. We recommend upgrading your Magento store to this latest version.



Known Issues

You cannot re-send the password for new customers who created their account during checkout.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.9 (release di sicurezza)
14 Agosto 2018 - 200MBMagento 1.9.3.9 provides resolution of multiple critical security issues. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.



Highlights

Magento no longer performs unnecessary write operations on the core_url_rewrite table.

Customers can now successfully register during checkout without being unexpectedly logged out.

Incorrect escaping in the cron.sh file no longer prevents cron jobs from running in parallel as expected.

Magento now cleans session data as expected after a customer logs out.



Known Issues

If your custom code or extension is using Zend/Filter/PregReplace.php with the modifier e, it will now return an error due to possible RCE issues.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.8 (release di sicurezza)
12 Marzo 2018 - 150MBMagento 1.9.3.8 provides resolution of multiple critical security issues. These critical security issues include authenticated Admin user remote code execution, unauthorized data leaks, and cross-site request forgery (CSRF) vulnerabilities. We recommend upgrading your Magento store to this latest version.



Highlights

Changed Magento Admin to support recent USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied.

Updated copyright to 2018.



Notes

If you try to import products that contain HTML tags in the SKU attribute, Magento displays this error at the data validation stage (that is, when you click Check data): Invalid value in SKU column. HTML tags are not allowed.

If you try to create or edit a product in the Admin panel and the product’s SKU attribute value contains HTML tags, Magento throws this error when you try to save the product: HTML tags are not allowed in SKU attribute.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.7 (versione principale) (release di sicurezza)
29 Novembre 2017 - 150MBMagento 1.9.3.7 fixes multiple critical security issues. These issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version.



Highlights

Magento no longer displays the “Invalid Secret Key. Please refresh the page.” message when a user loads the Admin.

The one-page checkout page now displays the following message when a customer checks out an order for which no amount is due: No payment information required. Magento versions prior to 1.14.3.3 included this message, but it was missing from v1.14.3.3.

We’ve fixed a typo in the patch header information. (autocomplete="new-pawwsord” is now autocomplete="new-password”.) 



Notes

We no longer support custom file extensions for Mage::log(). Supported file extensions include .log, .txt, .html, .csv. For more information, navigate to Developers > Log Settings from the Admin. Magento displays this comment: Logging from Mage::log(). File is located in /var/log. Allowed file extensions: log, txt, html, csv.

Passwords for new users are now limited to 256 characters. If a new user enters a password that exceeds 256 characters, Magento displays this message: Please enter a password with at most 256 characters.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.6 (versione principale) (release di sicurezza)
27 Settembre 2017 - 150MBMagento 1.9.3.6 provides resolution of multiple critical security issues and several functional fixes. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.



Highlights

Fixed an issue where uploaded images were twice their original size after you applied SUPEE-9767 v2.

Per saperne di più: http://devdocs.magento.com/guides/m1x/ce19-ee114/ce1.9_release-notes.html






1.9.3.4 (versione principale) (release di sicurezza)
13 Luglio 2017 - 150MBMagento 1.9.3.4 addresses both security and functional issues discovered when using the SUPEE-9767 patch. We recommend upgrading.



Highlights

We've restored missing strip_tags functionality in the checkout JavaScript.

We've changed how Magento validates form keys during the generic five-step checkout process. Previously, customer registration failed during standard checkout processing if form key authentication was enabled.

Magento now displays the Allow_symlinks message in the Admin message area as expected.

Magento now preserves the background transparency of uploaded images as expected. Previously, transparency was lost after the image was uploaded, resulting in an unusable image.

You can now use Checkout with Multiple Addresses when checkout form validation is enabled.






1.9.3.3 (versione principale) (release di sicurezza)
1 Giugno 2017 - 150MB
Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7616, SUPEE-7405, SUPEE-7405 v1.1, SUPEE-8788, SUPEE-9652, SUPEE-8167, SUPEE-9767

There are known issues in this release: https://magento.com/security/patches/supee-9767






1.9.3.2 (release di sicurezza)
7 Febbraio 2017 - 150MB
Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7616, SUPEE-7405, SUPEE-7405 v1.1, SUPEE-8788, SUPEE-9652






1.9.3.1
21 Novembre 2016 - 150MB
Search results return all store products
Some integrations using Magento APIs no longer work
Bundled product prices do not update
Store-specific attribute labels disappear
Auto generated passwords do not work for some customers
Exceptions appear for stores with disabled breadcrumbs
Shipping rules may not be calculated correctly in some cases
PHP warnings occur with the session timestamp variable
CSRF form key is not changed after logout
Login attempts log protection table is not cleaned properly






1.9.3.0 (release di sicurezza)
26 Ottobre 2016 - 150MBIncludes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7616, SUPEE-7405, SUPEE-7405 v1.1, SUPEE-8788





1.9.2.4
26 Febbraio 2016 - 150MBThis release bundles improvements for issues reported by our merchants after installing the latest patch SUPEE-7405 (provided by version 1.9.2.3).



Bugfixes

Cart Merge Patch (SUPEE-7978): Carts with identical items now merge correctly. Previously, when a cart with one item was merged with another cart that contained the same item, Magento did not merge the cart totals correctly.The cart now includes only one item, and the total is correct.
SOAP API Patch (SUPEE-7822): The Magento SOAP API now works as expected. Previously after installing the SUPEE-7405 v1.0 patch, an API request would cause a 500 error, and Magento would log an exception.
PHP 5.3 Compatibility (SUPEE-7882): The patch was not compatible with PHP 5.3 for earlier versions of Magento that were still supporting this version. The issue experience by merchants was inability to view sales information in the Admin.
Upload File Permissions: The patch restores less restrictive file permissions (0666 for files and 0777 for directories) as more strict permissions introduced by the original SUPEE-7405 patch cause many merchants not to be able to view uploaded product images, depending on hosting provider configuration.






1.9.2.3 (release di sicurezza)
20 Gennaio 2016 - 150MBSecurity Enhancements

Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7616, SUPEE-7405






1.9.2.2 (release di sicurezza)
27 Ottobre 2015 - 150MBSecurity Enhancements

Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788






1.9.2.1 (release di sicurezza)
4 Agosto 2015 - 150MBSecurity Enhancements

SUPEE-6482 - This patch addresses two issues related to APIs and two cross-site scripting risks.






1.9.2.0 (release di sicurezza)
7 Luglio 2015 - 150MBSecurity Enhancements

SUPEE-6285 - This patch provides protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting.






1.9.1.1-2 (release di sicurezza)
15 Maggio 2015 - 150MBSecurity Enhancements

SUPEE-5994 - This patch addresses multiple security vulnerabilities in Magento Community Edition software, including issues that can put customer information at risk.






1.9.1.1
2 Maggio 2015 - 150MBApplications:

This is Magento's official release to patch the SUPEE-5344 issue which was previously patched by Applications with the release of Magento 1.9.1.0-2.






1.9.1.0-2 (release di sicurezza)
24 Aprile 2015 - 150MBSecurity Enhancements

SUPEE-5344 - Addresses a potential remote code execution exploit


Changes

SUPEE-4829 - This patch fixes an issue in which product images become larger when a shopper selects a swatch on a search result page.






1.9.1.0 (release di sicurezza)
24 Novembre 2014 - 150MBHighlights

Configurable Swatches: Configurable swatches help you optimize the way products are presented on your site. New "swatch" capabilities make products more appealing—and boost conversion rates—by offering shoppers quick access to information, like available colors, fabrics, sizes, and more. Clicking on a swatch automatically updates the product image so shoppers see exactly what a color or fabric looks like, giving them confidence to proceed with their purchase.
Responsive Design Improvements: It has never been easier to create a mobile-friendly site now that Magento's responsive design reference theme includes all core Magento features, including gift registries, downloadable products, multiple wish lists, add-to-cart by SKU, and private sales. It even boasts responsive default email templates so customers can read your order confirmation emails and newsletters on any device.
Technology Updates: Magento Community Edition boosts performance and security by adding support for MySQL 5.6 and PHP 5.5. With MySQL 5.6, you benefit from improved site speed and scalability, reduced memory usage on the database server, and enhanced debugging tools. PHP 5.5 provides security improvements and ensures you have continued access to code updates. And, for those of you who haven't already upgraded from PHP 5.3, there are potential performance improvements—up to 25% based on reports from some customers. Magento Community Edition 1.9.1 has been updated to support Universal Analytics, the new standard for Google Analytics. With this update, merchants can define more custom dimensions and metrics for tracking, incorporate offline and mobile app interactions, and gain access to ongoing feature updates that will only be available on Universal Analytics.
Other Improvements: Magento CE 1.9.1 includes updates to promotions, product import/export capabilities, security, and other features as part of our commitment to continually improve product quality.


Security Enhancements

SUPEE-1533 - Addresses two potential remote code execution exploits
Resolved potential issues as discussed in Resolving a Remote Code Execution Exploit.
Magento thanks Matt Barrah for contributing to this fix.
To change their password, a Magento administrator must first enter their existing password.
Resolved a potential XML External Entity Processing (XXE) exploit with the potential to cause a Denial of Service attack.
Customer passwords are no longer stored in clear text during registration.
Storefront users no longer see each others' user names in certain circumstances.
To change an administrator password using the Admin Panel, you must first enter your existing password.
Added a secure cookie flag for the storefront to prevent man-in-the-middle attacks. Configuration options haven't changed; they are still under System > Configuration > GENERAL > Web, option groups Secure and Unsecure.


Changes

Changed the following PayPal Express Checkout configuration options (System > Configuration > SALES > Payment Methods, PayPal Express Checkout):
Shortcut on Shopping Cart renamed to Display on Shopping Cart and moved from Basic to Advanced.
The recommended Display on Shopping Cart option is now worded Yes (PayPal recommends this option).
It's more important than ever for you to configure a Magento cron job. In addition to indexing and other core functions, all Magento e-mails (including order confirmation and transactional) are now queued and sent according to your configured cron schedule.
The PayPal Bill Me Later logo and name has been replaced by PayPal Credit.
Bill Me Later options now display only in U.S. stores.
The Zend Framework version has been updated to 1.12.7.
Check out with PayPal and PayPal Credit buttons now display on product pages for gift cards and dynamic bundled products.
Updated PayPal buttons for US-based stores.
Orders with PayPal viewed on the Admin Panel have a link that enables a Magento administrator to view the order on the PayPal site.
Magento thanks Florinel Chis of Elastera for contributing to this fix.
The PayPal Standard API has been replaced with the newer PayPal Express Checkout API.
Magento CE and EE now use Google Universal Analytics.
When defining a tax rate, you can now use a wildcard character for State in any locale.
Implemented responsive transactional e-mails.

Per saperne di più: http://magentocommerce.com/knowledge-base/entry/ce19-later-release-notes#ce19-1910






1.9.0.1
16 Maggio 2014 - 150MBFixed:

Customers can no longer apply a coupon from an inactive shopping cart price rule to a purchase.
Customers using a smartphone or other small viewport can expand subcategories in the web store that uses the new responsive theme.

Per saperne di più: http://magentocommerce.com/knowledge-base/entry/ce-19-and-ee-114-documentation-home






1.9.0.0 (versione principale)
14 Maggio 2014 - 150MBA new responsive design reference theme makes it easier and less costly for merchants to delight customers using mobile devices, and new payment options help merchants improve conversion and sales. Merchants also benefit by being better able to support customers across geographies, and from improvements in product quality, search and security.



Key benefits

Merchants can get a tablet and smart phone friendly responsive site in about half the time as before, speeding time to market and freeing up resources for other projects.

With a responsive site, merchants will be better able to participate in the fast growing mobile commerce space, and will have a site that is more easily adapted to new opportunities and less expensive to maintain. A responsive site also offers potential SEO benefits from using Google's preferred approach to mobile-optimizing sites.

Merchants can capture up to 18% more sales by providing customers access to financing through the Bill Me Later service. And they can offer their customers a smoother, more streamlined PayPal Express Checkout experience, which tries alternative payment options when a customer's credit card is rejected.

Updates available in Magento Enterprise Edition 1.14, give shoppers access to fresher search results because search indexing is performed automatically as the product catalog changes. Improved indexing also helps merchants work more efficiently, because incremental index updates no longer require manual intervention and admin performance is faster.

Merchants operating across regions and geographies can show their customers a single price. Pricing is clean and uncluttered regardless of tax structures and rates that vary from country to country.

Merchants benefit from greater security and ongoing support updates.

Per saperne di più: http://magentocommerce.com/knowledge-base/entry/ce-19-and-ee-114-documentation-home






1.8.1.0-2 (release di sicurezza)
24 Aprile 2015 - 218MBSecurity Enhancements

SUPEE-5344 - Addresses a potential remote code execution exploit
SUPEE-1533 - Addresses two potential remote code execution exploits






1.8.1.0 (release di sicurezza)
11 Dicembre 2013 - 218MBMagento CE 1.8.1.0 helps advance overall product quality and ease operations by providing significant tax calculation improvements, a wide range of bug fixes, and several security enhancements.
Per saperne di più: http://magentocommerce.com/knowledge-base/entry/ce-18-later-release-notes






1.8.0.0 (versione principale)
25 Settembre 2013 - 218MBThis new edition improves tax calculations, boosts product quality and stability, enhances performance, and advances security for the rapidly growing Magento community.



Highlights

Major overhaul of tax calculation formulas, correction of rounding errors, and additional assistance with configuration.
Optimized cache adapters for single-server systems
Upgraded Redis cache adapters for multi-server systems.
To set up and use Redis with Magento, see Using Redis with Magento Community Edition (CE) and Enterprise Edition (EE).
Eliminated many types of database deadlocks.

Per saperne di più: http://magentocommerce.com/knowledge-base/entry/ce-18-later-release-notes






1.7.0.2
5 Luglio 2012 - 218MB





1.7.0.1
20 Giugno 2012 - 218MB





1.7.0.0 (versione principale)
24 Aprile 2012 - 218MB





1.6.2.0
11 Gennaio 2012 - 200MB





1.6.1.0
19 Ottobre 2011 - 200MB





1.6.0.0
18 Agosto 2011 - 200MB





1.5.1.0
27 Aprile 2011 - 175MB





1.5.0.1
10 Febbraio 2011 - 175MB





1.5.0.0
9 Febbraio 2011 - 175MB





1.4.2.0
9 Dicembre 2010 - 160MB





1.4.1.1
27 Luglio 2010 - 160MB





1.4.1.0
12 Giugno 2010 - 150MB





1.4.0.1
22 Febbraio 2010 - 135MB





1.4.0
13 Febbraio 2010 - 135MB





1.3.2.4
25 Settembre 2009 - 125MB





1.3.2.3
23 Luglio 2009 - 125MB





1.3.2.2
3 Luglio 2009 - 125MB





1.3.2.1
2 Giugno 2009 - 125MB





1.3.2
30 Maggio 2009 - 125MB





1.3.1.1
20 Maggio 2009 - 55MB





1.3.1
18 Aprile 2009 - 55MB





1.3.0
31 Marzo 2009 - 55MB





1.2.1.2
3 Marzo 2009 - 55MB





1.2.1.1
23 Febbraio 2009 - 55MB





1.2.1
2 Febbraio 2009 - 55MB





1.2.0.3
24 Gennaio 2009 - 55MB





1.2.0.2
13 Gennaio 2009 - 55MB





1.2.0.1
31 Dicembre 2008 - 55MB





1.2.0
30 Dicembre 2008 - 55MB





1.1.8
26 Novembre 2008 - 55MB





1.1.7
20 Novembre 2008 - 55MB





1.1.6
28 Ottobre 2008 - 55MB