Magento Cloud Patches release notes

The Magento Cloud Patches package provides a set of patches which improve the integration of all Magento versions with Cloud environments and supports quick delivery of critical fixes.

The magento-cloud-patches package is a dependency for the ece-tools package and is installed and updated when you install or update the ece-tools package. You can also use and manage the magento-cloud-patches as a stand-alone package to apply patches to a Magento Commerce project that is not on the Cloud platform. These release notes describe the latest improvements to this package.

The magento-cloud-patches package uses the following version sequence: <major>.<minor>.<patch>.

See Apply patches to learn how to apply Magento patches and hot fixes to your Magento Commerce Cloud project.

v1.0.4

Release date: May 12, 2020

  • Amazon Pay checkout—Fixes an issue with the Amazon Pay payment widget that prevented customers from changing the payment method on the Review & Payments step during the checkout process.

  • Product display on Category page—Fixes an issue that prevented products from displaying on the category page in Show all pages view.

  • Page Builder image upload—Fixes a Page Builder interface issue that sometimes caused the following error when uploading images to the image gallery: Destination folder is not writable or does not exist

  • Suppress unnecessary sitemap generation warnings—Adds a retry attempt when errors occur during sitemap generation and skips customer email notification in cases where errors can be recovered automatically.

  • Site performance improvement—Fixes a performance issue with the Magento\Framework\App\DeploymentConfig\Reader::load function, which periodically experienced long load times that affected site performance.

  • Updated patch assignment for payment method patches to target the payment modules instead of the Magento base package (magento/magento2-base) so that the payment patches are applied only if the payment modules exist.

  • Updated patches for compatibility with Magento Magento Open Source.

v1.0.3

Release date: April 28, 2020

  • Added fix for the “FPC is getting disabled during deployments” patch to support Magento 2.3.5.

v1.0.2

Release date: February 27, 2020

This release includes the following patches and critical fixes:

  • Compatibility updates for magento-cloud-patches

    • Updated the symfony and semver version constraints in the composer.json file for compatibility with Magento 2.4 and later releases.

    • Updated constraints in composer.json for compatibility with ece-tools 2002.0.22 and later 2002.0.x releases.

  • PayPal Express Checkout-Published on February 12, 2020, this patch resolves an issue that affects orders placed with PayPal Express Checkout where the shipping address for the order specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page. See the complete patch description on the patch download page.

  • Magento deployment fix–Added a patch to fix an issue that disabled the full page cache during the Magento deployment process. This patch applies to Magento 2.3.2 and later releases.

  • Scope parameter for Async/Bulk API-Updated this patch to fix a syntax error in the composer.json file. This patch applies to Magento Open Source 2.3.1 and 2.3.2. See the complete patch description on the patch download page.

v1.0.1

Release date: February 6, 2020

We have included all Magento Open Source 2.x patches from the Magento Technical resources in the magento-cloud-patches v1.0.1 release. If you copied any patches into your project previously, remove them to avoid conflicts.

This release includes the following patches and critical fixes:

  • Fix cron deadlocks and improve cron locking

    • Fixes an issue with some cron jobs not running due to an incorrect status value in the cron_schedule table. Now, we use the Magento lock framework to check and update cron job status instead of using the cron_schedule table. Cron jobs that have ended with an error status are retried during the next cron run instead of waiting 24 hours.

    • Adds a retry operation to avoid deadlock during updates to the data in the cron_schedule table.

  • Updated magento-cloud-patches to include all available patches for Magento Open Source 2.x–Updated the magento-cloud-patches package to include all Magento Open Source 2.x patches available on the Magento Download page. If you copied any Magento Open Source patches into your Magento Commerce Cloud project previously, remove them to avoid conflicts.

  • Elasticsearch catalog pagination fix –Replaced the Elasticsearch catalog pagination patch delivered in magento-cloud-patches v1.0 with a more effective fix.

  • Magento Page Builder patches–In Magento Cloud Patches 1.0.0, we bundled Page Builder patches to address a known Page Builder remote code execution (RCE) vulnerability, with the initial fix based on Magento 2.3.3. We have updated these patches with a more stable implementation based on Magento 2.3.4., which includes multiple optimizations for fixing the issue.

    If you have the magento-cloud-patches 1.0.0 package, you are still protected from the Page Builder RCE vulnerability issues. If you update to magento-cloud-patches 1.0.1 or later, you have a better implementation of the same fix.

v1.0.0

Release date: November 14, 2019

This is the first release of the magento/magento-cloud-patches package, which is a new dependency for the ece-tools package version 2002.0.22 or later releases.

This release includes the following patches and critical fixes:

  • Page Builder security patches for 2.3.1.x and 2.3.2.x releases–Fixes an issue in Page Builder preview that allows unauthenticated users to access some templating methods that can be used to trigger arbitrary code execution over the network (RCE) resulting in global information leaks. This issue can occur when using unsupported versions of Page Builder with Magento Commerce versions 2.3.1 and 2.3.2.

  • MSI patches–Fixes issues that caused indexing errors and performance issues when using default inventory settings for managing stock.

  • Backward Compatibility of new Mail Interfaces-Fixes a backward incompatibility issue caused by the Magento\Framework\Mail\EmailMessageInterface PHP interface introduced in Magento Commerce v2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and Magento Commerce core modules are reverted to depend on MessageInterface.

  • Catalog pagination does not work on Elasticsearch 6.x–Fixes a critical issue with search result pagination that affects customers using Elasticsearch 6.x as the catalog search engine.