Magento 2.0.18 is the final 2.0.x release. After March 2018, Magento 2.0.x will no longer receive security patches, quality fixes, or documentation updates.
To maintain your site's performance, security, and PCI compliance, upgrade to the latest version of Magento.

Magento Open Source 2.0.17 Release Notes

Patch code and release notes were published on November 7, 2017.

We are pleased to present Magento Open Source 2.0.17. This release includes almost 40 security fixes and enhancements to your Magento software.

Highlights

Magento 2.0.17 contains almost 40 security fixes and enhancements. Look for the following highlights in this release:

  • ability to implement translations from themes. We’ve also significantly reduced JavaScript-related translation issues.

  • improvements to how the PayPal Express Checkout payment method processes virtual products.

  • multiple enhancements to product security. See Magento Security Center for more information.

Security enhancements

Magento 2.0.17 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

See Magento Security Center for more information.

Known issue

  • Magento continues to display the Close button after you open an image in the Product page in fullscreen mode, then close it.

Fixed issues

Cart

  • Magento now permits a customer to share a shopping cart between the store views of the same website, but not between store views of different websites. Previously, Magento did not clear the contents of a shopping cart when the customer switched between store views on different websites.

Catalog

  • You can now create a blank attribute option using the drop-down input option on products that do not require an attribute.  GitHub-3545GitHub-5485GitHub-4910
  • The category/product indexer now successfully completes a full reindexing of all indexes on large profiles with 500,000 or more products. Previously, Magento successfully generated a large profile, but failed to complete the reindexing of the categories or products, and displayed the following error: Error 1114: Table is full.
  • The storefront now displays images that Magento resizes during product save operations, rather than resizing the product on the storefront. Previously, the image path contained store_id, and during save operations, Magento resized images for the default store only. 
  • When you delete an image in the Admin, Magento no longer deletes it on the server. Previously, Magento deleted it from the server as well, which caused errors for other products (example error message: Cannot gather stats! Warning!stat(): stat failed for).
  • You can now use the WYSIWYG editor to update product descriptions. Previously, when you used the editor to update descriptions, Magento did not apply your changes.
  • The product attribute category_ids can have only Global scope. Previously, you could change the scope value of category_ids to Store.
  • The \Magento\CatalogInventory\Model\Stock\Status::getStockId() call now returns the stock ID as expected. Previously, it returned the website ID.

Configurable products

  • Sorting configurable products by price now works as expected when a simple product has a special price. GitHub-4778
  • Magento now saves and filters configurable products by their specific options.
  • Magento now displays all images associated with a selected swatch before it displays other images associated with the configurable product. Previously, Magento did not display all images. GitHub-6195, GitHub-4101
  • The Add Products Manually option now lets you add existing products as well as generate new variations.

Framework

  • Widgets now accept UTF-8 special characters type as input parameters. Previously, you could successfully create a widget, but UTF-8 special characters were broken. GitHub-4232 Fix submitted by community member Pieter Hoste in pull request 9333.
  • Static file generation is no longer affected by a race condition that affected merging CSS files. Previously, this race condition interfered with the proper generation of the product frontend.

General

  • When you edit a product list widget on a CMS page, Magento now shows previously set conditions. Previously, when you tried to edit a product list widget, the condition parameter was empty. GitHub-6616
  • The Print Shipping Label link now displays on the product frontend. Previously, the layout for the “Shipping and Tracking” block did not work properly.
  • Enabling Admin > Stores > Configuration > Advanced > Developer > Merge CSS files no longer degrades product performance. Previously, enabling this setting slowed down both frontend and Admin processes. GitHub-4321
  • Magento no longer generates incorrect URLs in the site map when the Use Secure URLs in Admin setting is set to Yes. GitHub-8644 
  • Directive values can now be escaped with quotation marks. Previously, all characters after quotation marks were removed after a save, which resulted in the failure to save widget conditions. GitHub-3860 
  • We’ve resolved multiple issues with inline translations in the checkout page.
  • Magento now correctly calculates a bundle product’s price even when it contains only one product in a required product option. Previously, if a bundle product contained only one product in an option, Magento did not update the price. GitHub-4446
  • We’ve fixed an issue with the PayPal ExpressCheckout functional test.
  • Magento no longer uses the wrong address template for shipping, invoice and credit memo emails when second website has a different template.
  • Inline translation is now available for button elements.
  • Log entries no longer show the current_password field, which should be hidden.
  • Backtrace information no longer appears on the frontend.

Import/export

  • We’ve improved the performance of importing up to 100,000 products from the Admin.
  • Magento now maintains super attribute ordering of configurable products with multiple super attributes after export or import. Previously, after import or export, the ordering of super attributes was not maintained. GitHub-6079
  • We’ve fixed an issue where product URL keys (for SKUs) were not auto-generated as expected during import.
  • Magento now imports customer data as expected after the data passes the pre-import validation step. Previously, although data passed this validation step, an error would occur during import, and Magento displayed this message: Invalid data for insert. GitHub-4921GitHub-9469

Order management

  • Magento now uses the address template from the store-view level of the placed order (similar to how order confirmation email works). Previously, Magento used the wrong address template for order e-mails.

Shipping

  • The Free Shipping rule now works correctly with the table shipping method. Previously, Magento displayed an error at checkout (This shipping method is not available. To use this shipping method, please contact us.) instead of assigning a $0 shipping rate. GitHub-6346

TargetRule

  • Magento now saves a new product rule when its SKU attribute is enabled for Use for Promo Rule Conditions. Previously, you could not save a new rule under these conditions. 
  • You can now base a Related Product rule on a product attribute, such as color.

Web API Framework

  • The SOAP API no longer fails after you run bin/magento setup:di:compile.
  • You can now use REST to successfully update customer information without unintentionally deleting default billing and shipping address information.
  • You can now use REST to add a video to a product description. GitHub-7153

System requirements

Our technology stack is built on PHP and MySQL. For more information, see System Requirements.

Install the Magento software

See one of the following sections:

Get the Magento Open Source software using Composer

This software is available from repo.magento.com. Before installing the Open Source software using Composer, familiarize yourself with the Composer metapackage, then run:

composer create-project --repository=https://repo.magento.com/ magento/project-community-edition=<version> <installation directory name>

where <version> matches the version you want (for example, 2.0.10)

For example, to install Magento Open Source 2.0.10 in the magento2 directory:

composer create-project --repository=https://repo.magento.com/ magento/project-community-edition=2.0.10 magento2

Get Magento Open Source using a compressed archive

The following table discusses where to get the Magento software. We provide the following downloads:

  • Magento Open Source software only
  • Magento Open Source software with sample data (designed to help you learn Magento faster)

These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.

Archives are available in the following formats: .zip, .tar.bz2, .tar.gz

To get the Magento Open Source software archive:

  1. Go to http://magento.com/download.
  2. Choose either the software or the software and sample data:

    • Magento-CE-<version>.* (without sample data)
    • Magento-CE-<version>+Samples.* (with sample data)

    <version> is the three-digit release number (for example, 2.0.7, 2.1.0, and so on).

Complete the installation

After you get the Open Source software:

  1. Set file system ownership and permissions.
  2. Install the Magento software:

Upgrade from an earlier version

To upgrade to version 2.0.x from an earlier version:

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

An updated version of this toolkit is typically available several days after the patch release.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Credits

Dear community members, thank you for your suggestions and bug reports.