Magento CE 2.0.14 Release Notes

Patch code and release notes were published on May 31, 2017.

We are pleased to present Magento Community Edition 2.0.14. This release includes critical enhancements to the security of your Magento software.

While there are no confirmed attacks related to these vulnerabilities to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento software to the latest version as soon as possible.

Highlights

Magento 2.0.14 contains over 15 security enhancements as well as one significant functional enhancement. Look for the following highlights in this release:

  • Support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN), and this release of Magento provides support for transactions made with cards using these new BINs. MasterCard describes the issue here.

  • Resolution of multiple high priority and critical security issues. These critical issues include remote code execution for authenticated admin users, access control bypass, and CSRF issues. See Magento 2.0.14 and 2.1.7 Security Patches for a comprehensive discussion of these issues.

System requirements

Our technology stack is built on PHP and MySQL. For more information, see System Requirements.

Install the Magento software

See one of the following sections:

Get the Magento CE software using Composer

This software is available from repo.magento.com. Before installing the CE software using Composer, familiarize yourself with the Composer metapackage prerequisites, then run

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=<version> <installation directory name>

where <version> matches the version you want (for example, 2.0.10)

For example, to install Magento CE 2.0.10 in the magento2 directory:

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.0.10 magento2

Get Magento CE using a compressed archive

The following table discusses where to get the Magento software. We provide the following downloads:

  • Magento CE software only
  • Magento CE software with sample data (designed to help you learn Magento faster)

These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.

Archives are available in the following formats: .zip, .tar.bz2, .tar.gz

To get the Magento CE software archive:

  1. Go to http://magento.com/download.
  2. Choose either the software or the software and sample data:

    • Magento-CE-<version>.* (without sample data)
    • Magento-CE-<version>+Samples.* (with sample data)

    <version> is the three-digit release number (for example, 2.0.7, 2.1.0, and so on).

Complete the installation

After you get the CE software:

  1. Set file system ownership and permissions.
  2. Install the Magento software:

Upgrade from an earlier version

To upgrade to version 2.0.x from an earlier version:

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Credits

Dear community members, thank you for your suggestions and bug reports.