header

Magento 1.x Software Support Notice

For Magento Commerce 1, Magento is providing software support through June 2020. Depending on your Magento Commerce 1 version, software support may include both quality fixes and security patches. Please review our Magento Software Lifecycle Policy to see how your version of Magento Commerce 1 is supported.

For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Magento Community Edition (CE) Release Notes (1.8 and later)

noteNote: We'd like to make you aware that a security patch for older versions of Magento Community Edition has been posted (in the Magento Community Edition Patches section). This patch resolves a remote code execution vulnerability that enables an attacker with Magento administrator privileges to delete files and directories on a Magento installation. This vulnerability was discovered through our quarterly penetration testing process and has not been reported by merchants.

This issue was fixed in Magento Community Edition 1.8.0.0; no patch is necessary for versions 1.8.0.0 and later. Patches are available for Magento Community Edition 1.4.0.0 through 1.7.0.2. We encourage all affected merchants to apply the patch in their next regularly scheduled maintenance cycle.

Magento takes security very seriously and will continue to focus on identifying potential issues and hardening our defenses.

Table of Contents

These Release Notes contain the following information:

Patches for Multiple Magento CE Versions

Magento has the following patches available for multiple Magento CE versions.

noteNote: Some of the patches discussed in this section have EE_1.14.0.1 in the name. These patches were all tested against CE 1.8.x as well.

General Magento Connect Patches

Patch name: SUPEE-3941

Magento Install Page Displays After SOAP v2 Index Page Refresh

Patch name: SUPEE-3762. Refreshing the SOAP v2 index page (http://your-magento-host-name/index.php/api/v2_soap/index/) results in all administrators and customers viewing the Magento installation page.

Discover Card Validation Patch Available

Magento has fixed an issue that prevented some Discover credit cards from validating properly. The issue was that certain Discover credit card number ranges were not recognized as being valid. As a result of the fix, all Discover cards should validate properly.

The issue affects Magento CE versions 1.4.2.0–1.8.1.0.

To get a fix for the issue, see Discover credit card validation issue: Magento EE 1.9.1.1–1.13.1.0 and CE 1.4.2.0–1.8.1.0.

importantImportant: This is not a security threat. No data has been compromised or misused. It affects only the ability to validate certain credit card number ranges as valid Discover card numbers.

PHP 5.4 Patch Available

You can use PHP 5.4 with Magento CE versions 1.6.0.0–1.8.1.0.

To get the patch, see Getting the PHP 5.4 patch for Magento Enterprise Edition (EE) and Community Edition (CE).

For more information about PHP 5.4, see the PHP migration page and the PHP changelog.

How to Get Patches For Magento CE

This section discusses how to get patches referenced in these Release Notes.

To get patches for Magento CE:

  1. Log in to www.magentocommerce.com/download.
  2. In the left pane, click Downloads.
  3. Scroll down to the Magento Community Edition Patches section.
  4. Follow the prompts on your screen to download a patch for your version of CE.
  5. Apply the patch as discussed in How to Apply and Revert Magento Patches.

Magento Community Edition (CE) 1.8.1.0 Release Notes

See the following sections for information about changes in this release:

Highlights

Magento CE 1.8.1.0 helps advance overall product quality and ease operations by providing significant tax calculation improvements, a wide range of bug fixes, and several security enhancements.

Tax Calculation Improvements

CE 1.8.1.0 resolves Value Added Tax (VAT) and Fixed Product Tax (FPT) issues so that Magento administrators can create invoices and credit memos to give merchants merchants access to accurate and consistent tax calculations and displays. We've also addressed:

Functional Improvements

CE 1.8.1.0 includes bug fixes across important feature areas, including the shopping cart, checkout, content management system, and product import and export function. Many of these updates came from a hackathon held with Magento community developers, which demonstrates the vitality of our development community and their powerful ability to help us advance the platform.

Security Enhancements

CE 1.8.1.0 includes several security enhancements that were identified through our rigorous security assessment process. Magento complements its own comprehensive internal testing with quarterly penetration testing by expert consultants and actively works with the development community to identify security issues in order to harden the platform against potential threats.

Security Enhancements

Magento addressed the following security issues:

Issue After Upgrading to CE 1.8.1

There is a known Issue After Upgrading to CE 1.8.1 that affects you only if you do not follow the recommended procedure to upgrade to a new environment as discussed in Getting Ready For Your Upgrade.

Symptom: After completing the upgrade, when you log in to the Admin Panel and click System > Configuration, a fatal error similar to the following displays in your browser:

Class 'Mage_Googlecheckout_Helper_Data' not found in /var/www/html/magento/app/Mage.php on line 547

Solution:

  1. Close the Admin Panel browser window.
  2. As a user with root privileges, delete all files except config.xml from the following directory:
    magento-install-dir/app/code/core/Mage/GoogleCheckout/etc
  3. When you log back in to the Admin Panel, everything works as expected.
    If you're still encountering errors, see Getting Help With Your Installation or Upgrade.

Changes in This Release

See the following sections for a discussion of changes in this release:

Tax Calculation Fixes

Tax calculation issues can be divided into the following sections:

General Tax Notes

The following general fixes were made to Magento tax configuration and calculations:

Rounding Issues

The following tax rounding issues were resolved:

Display Issues

The following issues relate to the incorrect display of tax information in the Admin Panel or in your Magento web store:

Bundled Products Issues

Fixed Product Tax (FPT) Issues

Fixes in Magento CE 1.8.1.0

Fixes in this release can be divided into the following categories:

Shopping Cart and Checkout Fixes

Import and Export Fixes

Shipping Fixes

Other Fixes

Magento Community Edition (CE) 1.8.0.0 Release Notes

See the following sections for information about changes in this release:

Highlights

Security Enhancements

United States Postal Service (USPS) Update

The USPS changed the names of their Priority and Express shipping options in their API in July 2013. To enable you to continue utilizing USPS Priority and Express mail methods, CE 1.8 includes a patch that addresses the issue.

importantImportant: The USPS API patch has an impact on upgrading to CE 1.8 from earlier versions. If you're doing a new CE 1.8 installation, however, you don't need to do anything.

Following are details about the upgrade impact:

Performance Improvements

Tax Calculation Fixes

Tax calculation issues can be divided into the following sections:

General Tax Notes

The following general fixes were made to Magento tax configuration and calculations:

For details, see the Magento User Guide.

Rounding Error Fixes

The following issues relate to one-cent rounding errors in the web store or shopping cart:

Fixed Product Tax (FPT) Fixes

The following issues relate to errors in calculating taxes that include FPT in the web store or shopping cart:

Discount Calculation Fixes

The following issues relate to price calculations when coupon codes or other discounts are applied in the web store or shopping cart:

Display Fixes

The following issues relate to the incorrect display of tax information in the Admin Panel or in your Magento web store:

API Fixes

The following are fixed in the Magento SOAP v2.0 APIs (with exceptions noted):

Fixes

Fixes in this release can be divided into the following categories:

Web Store and Shopping Cart Fixes

Promotional Price Rule Fixes

The following fixes relate to administering and using shopping cart price rules and catalog price rules:

Administrative Ordering and Credit Memo Fixes

Import Fixes

Payment Fixes

Other Fixes

Thanks

Magento acknowledges and thanks everyone in the Magento Community who contributed to this release, including Colin Mollenhour for Redis modules.