header

Magento Open Source Release Notes (1.9 and later)

Contents

These Release Notes contain the following information:

Important Upgrade Information

importantImportant: Use Magento Open Source 1.9.3.0 or later for all new Magento Open Source installations and upgrades to get the latest fixes, features, and security updates.

Magento Open Source 1.9.3.6 Release Notes

This patch (SUPEE-10266) provides resolution of multiple critical security issues and several functional fixes. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.

  • We’ve also fixed an issue where uploaded images were twice their original size after you applied SUPEE-9767 v2.
  • Magento Open Source 1.9.3.5 Release Notes

    We have skipped release 1.9.3.5.

    Magento Open Source 1.9.3.4 Release Notes

    This patch addresses both security and functional issues discovered when using the SUPEE-9767 patch. We recommend upgrading your Magento store to this latest version. Here are your upgrade options:

    See Magento Security Center for a comprehensive discussion of these security issues.

    This release also provides support for the following functional issues:

    General fixes

    Installation

    This patch is available from Magento Tech Resources.

    Magento Open Source 1.9.3.3 Release Notes

    This patch provides resolution of multiple critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento Security Center for a comprehensive discussion of these issues.

    This release also provides support for the following issue:

    Support for PayPal's update to its Instant Payment Notification (IPN) server URL. PayPal provides more information about this feature in IPN Verification Postback to HTTPS Microsite. This update is essential for retaining uninterrupted service after June 30.

    SUPEE-8167, an older patch that also contains this fix, was added on May 8, 2017, and is available from Magento Tech Resources.

    Known Issues

    This patch/release has known issues. Please see SUPEE-9767 for updates.

    Note: Before applying this patch or updating to this release, disable the Symlinks setting in System > Configuration > Advanced > Developer > Enable Symlinks. If the Symlinks setting is enabled, it will override your configuration file settings. If that override occurs, you will need to directly modify the database to change those settings.

    Magento Open Source 1.9.3.2 Release Notes

    This patch addresses the following issues:

    Magento Open Source 1.9.3.1 Release Notes

    This patch addresses the following issues:

    noteNote: You currently cannot upgrade to this version using Magento Connect Manager. We expect to resolve this issue soon.

    Magento Open Source 1.9.3.0 Release Notes

    See the following sections for information about this release:

    Check for .swf Files After Upgrade

    If you upgraded to Magento Open Source 1.9.3 after applying the SUPEE-8788 patch, make sure the following files have been deleted:

    skin/adminhtml/default/default/media/flex.swf
    skin/adminhtml/default/default/media/uploader.swf
    skin/adminhtml/default/default/media/uploaderSingle.swf

    If the files are present, delete them to avoid a potential security exploit. As of Magento Open Source 1.9.0.0, we no longer distribute .swf files with the Magento software.

    Backward-Incompatible Changes

    The following backward-incompatible changes were made in this release:

    Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader: Parent class was removed.

    Mage_Uploader_Model_Config_Abstract: Overrides the magic method __call and its behavior can be inconsistent. For example:

    ->setData('underscore_key', 1)
    ->getUnderscoreKey() //null

    Fixes

    The following sections discuss other fixes in this release:

    Tax Calculation Fixes

    Shopping cart and checkout fixes

    Catalog fixes

    Price rule fixes

    Configurable swatches fixes

    Import/export fixes

    Indexer fixes

    Other fixes

    Magento Open Source 1.9.0.1 Release Notes

    Magento Open Source 1.9.0.1 resolved the following issues:

    Recent Patches

    We'd like to draw your attention to several new patches that were recently posted to the Partner Portal and Support Center. These patches deliver important improvements, such as enabling several concurrent administrators to work with the product catalog, and to make it easier to install community-created translation packages.

    Details about the patches follow. To install patches, see How to Get Patches For Magento Commerce.

    noteNote: Some of the patches discussed in this section have EE_1.14.0.1 in the name. These patches were all tested against Open Source 1.9.x as well.

    General Magento Connect Patches

    Patch name: SUPEE-3941

    Magento Install Page Displays After SOAP v2 Index Page Refresh

    Patch name: SUPEE-3762. Refreshing the SOAP v2 index page (http://your-magento-host-name/index.php/api/v2_soap/index/) results in all administrators and customers viewing the Magento installation page.

    How to Get Patches For Magento Open Source

    This section discusses how to get patches referenced in these Release Notes.

    To get patches for Magento Open Source:

    1. Log in to www.magentocommerce.com/download.
    2. In the left pane, click Downloads.
    3. li>Scroll down to the Magento Open Source Patches section.
    4. Follow the prompts on your screen to download a patch for your version of Magento Open Source.
    5. Apply the patch as discussed in How to Apply and Revert Magento Patches.

    Magento Open Source 1.9.0.0 Release Notes

    See the following sections for information about changes in this release:

    Highlights

    This section lists the key new features in Magento Open Source 1.9. For more information about these new features, see the Magento User Guide.

    Security Enhancements

    Changes

    Tax Calculation Fixes

    Fixes

    Fixes in this release can be divided into the following categories:

    Web Store and Shopping Cart Fixes

    Promotional Price Rule Fixes

    The following fixes relate to administering and using shopping cart price rules and catalog price rules:

    Administrative Ordering, Invoicing, Credit Memo Fixes

    Import Fixes

    Payment Method Fixes

    Other Fixes

    Open Source Software Licensing Agreements

    Some versions of Magento Open Source use open source software licensing. Following are license agreements for that software.

    Touch punch: This code is dual licensed under the MIT or GPL Version 2 licenses and is therefore free to use, modify and/or distribute, but if you include Touch Punch in other software packages or plugins, please include an attribution to the original software and a link to this Touch Punch website.