header

Magento Commerce Release Notes (1.14 and later)

Contents

These Release Notes contain the following information:

Important Upgrade Information

importantImportant: Use Magento Commerce 1.14.3.0 or later for all new Magento Commerce installations and upgrades to get the latest fixes, features, and security updates.

Magento Commerce 1.14.3.6 Release Notes

This patch (SUPEE-10266) provides resolution of multiple critical security issues and several functional fixes. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.

SUPEE-10266 includes a fix for MPERF-9685. This fix is not included in release 1.14.3.6. However, in some cases, SUPEE-10266 can cause issues in the checkout process. Specifically, if a customer enables the Add gift options checkbox during checkout, the checkout process will not progress beyond the payments step.

Note: We’ve released patch SUPEE-10348 to address issues with checkout that some users experienced after applying SUPEE-10266. SUPEE-10348 must be applied on top of SUPEE-10266. Note that if you are experiencing issues in checkout when using gift options, SUPEE-10348 should resolve these issues.

If you are currently affected by this issue, you can workaround this issue by restore these two files to the pre-patch versions:

 

app/design/frontend/enterprise/default/template/giftcardaccount/onepage/payment/scripts.phtml

app/design/frontend/rwd/enterprise/template/giftcardaccount/onepage/payment/scripts.phtml

We’ve also fixed an issue where uploaded images were twice their original size after you applied SUPEE-9767 v2.

Magento Commerce 1.14.3.5 Release Notes

We have skipped release 1.14.3.5.

Magento Commerce 1.14.3.4 Release Notes

This patch (SUPEE-9767 version 2) addresses both security and functional issues discovered when using the SUPEE-9767 patch. We recommend upgrading your Magento store to this latest version. Here are your upgrade options:

See Magento Security Center for a comprehensive discussion of these security issues.

This release also provides support for the following functional issues:

General fixes

Installation

This patch is available from Magento Tech Resources.

Magento Commerce 1.14.3.3 Release Notes

This patch provides resolution of multiple critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento Security Center for a comprehensive discussion of these issues.

This release also provides support for the following issue:

Support for PayPal's update to its Instant Payment Notification (IPN) server URL. PayPal provides more information about this feature in IPN Verification Postback to HTTPS Microsite. This update is essential for retaining uninterrupted service after June 30.

SUPEE-8167, an older patch that also contains this fix, was added on May 8, 2017, and is available from Magento Tech Resources.

Known Issues

This patch/release has known issues. Please see SUPEE-9767 for updates.

Note: Before applying this patch or updating to this release, disable the Symlinks setting in System > Configuration > Advanced > Developer > Enable Symlinks. If the Symlinks setting is enabled, it will override your configuration file settings. If that override occurs, you will need to directly modify the database to change those settings.

Magento Commerce 1.14.3.2 Release Notes

This patch addresses the following issues:

Magento Commerce 1.14.3.1 Release Notes

This patch addresses the following issues:

noteNote: You currently cannot upgrade to this version using Magento Connect Manager. We expect to resolve this issue soon.

Magento Commerce 1.14.3.0 Release Notes

See the following sections for information about this release:

Check for .swf Files After Upgrade

If you upgraded to Magento Commerce 1.14.3 after applying the SUPEE-8788 patch, make sure the following files have been deleted:

skin/adminhtml/default/default/media/flex.swf
skin/adminhtml/default/default/media/uploader.swf
skin/adminhtml/default/default/media/uploaderSingle.swf

If the files are present, delete them to avoid a potential security exploit. As of Magento Commerce 1.14.0.0, we no longer distribute .swf files with the Magento software.

Backward-Incompatible Changes

The following backward-incompatible changes were made in this release:

Mage_Adminhtml_Block_Cms_Wysiwyg_Images_Content_Uploader: Parent class was removed.

Mage_Uploader_Model_Config_Abstract: Overrides the magic method __call and its behavior can be inconsistent. For example:

->setData('underscore_key', 1)
->getUnderscoreKey() //null

Fixes

The following sections discuss other fixes in this release:

Tax Calculation Fixes

Shopping cart and checkout fixes

Catalog fixes

Price rule fixes

Visual Merchandiser fixes

Configurable swatches fixes

Import/export fixes

Indexer fixes

Other fixes

Magento Commerce 1.14.2.0 Release Notes

Magento Commerce 1.14.2.0 Release Notes are in the User Guide.

Magento Commerce 1.14.1.0 Release Notes

Magento Commerce 1.14.1.0 Release Notes are in the User Guide.

Magento Commerce 1.14.0.1 Release Notes

Magento Commerce 1.14.0.1 resolves the following issues:

Recent Patches

noteNote: The patches discussed in this section are built in to Commerce 1.14.1; you need to get them only if you're running an earlier Commerce version.

We'd like to draw your attention to several new patches that were recently posted to the Partner Portal and Support Center. These patches deliver important improvements, such as enabling several concurrent administrators to work with the product catalog, and to make it easier to install community-created translation packages.

Details about the patches follow. To install these patches, see How to Get Patches For Magento Commerce.

General Magento Connect Patches

Patch name: PATCH_SUPEE-3941_EE_1.14.0.1_v1-2014-08-12-12-10-06.sh

Magento Install Page Displays After SOAP v2 Index Page Refresh

Patch name: PATCH_SUPEE-3762_EE_1.14.0.1_v1.sh. Refreshing the SOAP v2 index page (http://your-magento-host-name/index.php/api/v2_soap/index/) results in all administrators and customers viewing the Magento installation page.

Multiple Simultaneous Magento Administrators

Patch name: PATCH_SUPEE-3819_EE_1.14.0.1_v1.sh. Multiple Magento administrators can simultaneously add new products; or edit descriptions, edit prices, or edit stock quantities of existing products without causing deadlocks, key violations, or critical data errors. Together with applying the patch, you must set all indexers to Update when scheduled as follows:

  1. Log in to the Magento Admin Panel as an administrator.
  2. Click System > Configuration.
  3. In the left navigation bar, from the ADVANCED group, click Index Management.
  4. Expand Indexing Options.
  5. From each list, click Update when scheduled.
  6. Click Save Config in the upper right corner of the page.

How to Get Patches For Magento Commerce

This section discusses how to get patches referenced in these Release Notes. Magento has other patches available from the Commerce support portal and the partner portal; you can use the following instructions to install any of those patches as well.

To get patches for Magento Commerce:

  1. Log in to www.magentocommerce.com.
  2. In the left pane, click Downloads.
  3. In the right pane, click Magento Commerce.
  4. Follow the prompts on your screen to download a patch for your version of EE.
  5. Apply the patch as discussed in How to Apply and Revert Magento Patches.

Magento Commerce 1.14.0.0 Release Notes

See the following sections for information about changes in this release:

Highlights

This section lists the key new features in Magento Commerce 1.14. For more information about these new features, see the Magento User Guide.

Security Enhancements

Changes

Tax Calculation Fixes

Fixes

Fixes in this release can be divided into the following categories:

Web Store and Shopping Cart Fixes

Promotional Price Rule Fixes

The following fixes relate to administering and using shopping cart price rules and catalog price rules:

Administrative Ordering, Invoicing, Credit Memo Fixes

Import Fixes

Payment Method Fixes

Solr Search Engine Fixes

Other Fixes

Open Source Software Licensing Agreements

Some versions of Magento Commerce use open source software licensing. Following are license agreements for that software.

Touch punch: This code is dual licensed under the MIT or GPL Version 2 licenses and is therefore free to use, modify and/or distribute, but if you include Touch Punch in other software packages or plugins, please include an attribution to the original software and a link to this Touch Punch website.