Magento Community Edition (CE) Release Notes (1.9 and later)


These Release Notes contain the following information:

Important Upgrade Information

importantImportant: Use CE or later for all new CE installations and upgrades to get the latest fixes, features, and security updates.

Magento CE Release Notes

This patch provides resolution of multiple critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento Security Center for a comprehensive discussion of these issues.

This release also provides support for the following issue:

Support for PayPal's update to its Instant Payment Notification (IPN) server URL. PayPal provides more information about this feature in IPN Verification Postback to HTTPS Microsite. This update is essential for retaining uninterrupted service after June 30.

SUPEE-8167, an older patch that also contains this fix, was added on May 8, 2017, and is available from Magento Tech Resources.

Known Issues

This patch/release has known issues. Please see SUPEE-9767 for updates.

Note: Before applying this patch or updating to this release, disable the Symlinks setting in System > Configuration > Advanced > Developer > Enable Symlinks. If the Symlinks setting is enabled, it will override your configuration file settings. If that override occurs, you will need to directly modify the database to change those settings.

Magento CE Release Notes

This patch addresses the following issues:

Magento CE Release Notes

This patch addresses the following issues:

noteNote: You currently cannot upgrade to this version using Magento Connect Manager. We expect to resolve this issue soon.

Magento CE Release Notes

See the following sections for information about this release:

Check for .swf Files After Upgrade

If you upgraded to Magento CE 1.9.3 after applying the SUPEE-8788 patch, make sure the following files have been deleted:


If the files are present, delete them to avoid a potential security exploit. As of Magento CE, we no longer distribute .swf files with the Magento software.

Backward-Incompatible Changes

The following backward-incompatible changes were made in this release:

Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader: Parent class was removed.

Mage_Uploader_Model_Config_Abstract: Overrides the magic method __call and its behavior can be inconsistent. For example:

->setData('underscore_key', 1)
->getUnderscoreKey() //null


The following sections discuss other fixes in this release:

Tax Calculation Fixes

Shopping cart and checkout fixes

Catalog fixes

Price rule fixes

Configurable swatches fixes

Import/export fixes

Indexer fixes

Other fixes

Magento CE Release Notes

CE resolved the following issues:

Recent Patches

We'd like to draw your attention to several new patches that were recently posted to the Partner Portal and Support Center. These patches deliver important improvements, such as enabling several concurrent administrators to work with the product catalog, and to make it easier to install community-created translation packages.

Details about the patches follow. To install patches, see How to Get Patches For Magento EE.

noteNote: Some of the patches discussed in this section have EE_1.14.0.1 in the name. These patches were all tested against CE 1.9.x as well.

General Magento Connect Patches

Patch name: SUPEE-3941

Magento Install Page Displays After SOAP v2 Index Page Refresh

Patch name: SUPEE-3762. Refreshing the SOAP v2 index page (http://your-magento-host-name/index.php/api/v2_soap/index/) results in all administrators and customers viewing the Magento installation page.

How to Get Patches For Magento CE

This section discusses how to get patches referenced in these Release Notes.

To get patches for Magento CE:

  1. Log in to www.magentocommerce.com/download.
  2. In the left pane, click Downloads.
  3. li>Scroll down to the Magento Community Edition Patches section.
  4. Follow the prompts on your screen to download a patch for your version of CE.
  5. Apply the patch as discussed in How to Apply and Revert Magento Patches.

Magento CE Release Notes

See the following sections for information about changes in this release:


This section lists the key new features in Magento CE 1.9. For more information about these new features, see the Magento User Guide.

Security Enhancements


Tax Calculation Fixes


Fixes in this release can be divided into the following categories:

Web Store and Shopping Cart Fixes

Promotional Price Rule Fixes

The following fixes relate to administering and using shopping cart price rules and catalog price rules:

Administrative Ordering, Invoicing, Credit Memo Fixes

Import Fixes

Payment Method Fixes

Other Fixes

Open Source Software Licensing Agreements

Some versions of Magento CE use open source software licensing. Following are license agreements for that software.

Touch punch: This code is dual licensed under the MIT or GPL Version 2 licenses and is therefore free to use, modify and/or distribute, but if you include Touch Punch in other software packages or plugins, please include an attribution to the original software and a link to this Touch Punch website.