Magento platform has received a set of updates, which include Magento Enterprise Edition 1.14.2 and Community Edition 1.9.2. There is also a new Mobile SDK and some other useful additions.

UPD (17.06.15): Magento Community Edition 1.9.2 release day

UPD (08.07.15): Magento CE 1.9.2 is now official 

Magento critical security patches SUPEE-5344 and SUPEE-1533 (Shoplift)

UPD (08.07.15):

Magento CE 1.9.2 is now official. You can download it here.

The new version of the platform has been developed with the security in mind. It features lots of technology updates and tons of quality improvements; a new testing framework; and important security enhancements.

The technology updates include the Redis integration and the latest version of the Zend 1 Framework. Magento CE 1.9.2 also offers 105 quality improvements.

In its turn the new testing framework offers 170 automated functional tests. All of them are developed to improve the process of making customizations, adding extensions, or upgrading.

Last but not least are security enhancements. The latest version of the platform incorporates SUPEE-5344, SUPEE-5994, and SUPEE-6285. For the previous Magento versions, these security patches have been available separately, but now they are included out-of-the-box. Moreover, there is a Magento Security Center available for everyone. You can find it here.

UPD (17.06.15):

Due to the security issue, the release of Magento Community Edition 1.9.2 was moved to July 9. The date can still be rescheduled. If July 9 is the exact release day, we will soon see a lot of new improvements and security fixes.

Magento Enterprise Edition 1.14.2

Enterprise Edition 1.14.2 now has a five new automated rules for product category sorting. These rules are designed to gain additional sales from category pages. They provide store owners with extra power while driving customer engagement. The update helps in a category page rearranging. As a result, it is possible to show best sellers, lowest-stock items, highest-margin products, or the newest goods at the top of a category. Store owners are also able to sort items by color within a certain category. The new rules continue to make adjustments even after new products are added, or old ones are changed.

Another useful addition introduced in Magento Enterprise Edition 1.14.2 is Google Tag Manager. It simplifies the addition of tracking tags, which are used in a measurement of audience, retargeting, personalization, search engine marketing, etc. Code modifications are no longer necessary. In addition, Google Tag Manager is able to transfer shopping events to analytics tools and solutions.

Other updates include integration with Redis and latest versions of Zend 1 Framework.  Enterprise Edition 1.14.2  also supports new algorithms of full-page caching. The platform is now able to serve more pages from cache.

Magento Community Edition 1.9.2

Magento Community Edition 1.9.2 is also ready. You will be able to download it in the next few weeks. The new version of the platform provides some basic technology improvements and product quality updates.

Magento Enterprise Edition 1.14.2, Community Edition 1.9.2

New Mobile SDK

In its turn, the New Mobile SDK provides the ability to create full-featured iOS applications for Magento. These apps includes such e-commerce features as customer accounts, checkout, credits, and different promotions. In addition,  they support API for connection with a Magento e-commerce store.

Thanks to a full library of resources, the new SDK reduces time and effort necessary for the creation of custom iOS app.

New Testing Framework

About 170 automated functional tests are available for both Enterprise and Community Edition. All these tests are designed to improve the quality of Magento websites, while adding new extensions, customizing, upgrading the store.

New Partnership

New Relic and Lagrange Systems are now Magento Gold Technology Partners. New extensions and tools will provide store owners with more detailed information about hosting environment and app performance.

Check the Release Notes for more detailed information.

Release Notes

Magento Enterprise Edition 1.14.2

We are pleased to bring to you Magento Enterprise Edition, 1.14.2, which includes new features for merchants and tools for developers, plus a wide range of product quality enhancements, security improvements, and fixes.

Important! Use Magento Enterprise 1.14.0 or later for all new installations and upgrades to ensure that you get the latest fixes, features, and security updates.

New Features for Merchants

Google Tag Manager

Google Tag Manager is a free tool that helps you manage the many tags, or snippets of code, that are related to marketing campaign events. You can use Google Tag Manager to add tracking tags to your Magento site for audience measurement, personalization, retargeting, and search engine marketing.

Google Tag Manager directly transfers eCommerce-related events to Google Analytics Enhanced Ecommerce. Such events include product impressions on category pages, search results, related products, cross-sell and upsell lists, clicks on those products, add to cart/remove from cart, promotion views, and clicks.

Google Tag Manager simplifies the process, so marketers can add the tags they need without calling the IT department for a code change. According to a survey conducted by eConsultancy and Tealium in January 2015, merchants who use tag management were able to implement tags in a fraction of the time that it to tag manually. The study revealed that 61% saw an increase in site speed compared to those who tagged each page separately.

Universal Analytics with Enhanced Ecommerce

Enhanced Ecommerce is a plugin for Google Universal Analytics with checkout funnel visualization and segmentation tools. Gain deep insight into the shopping and purchasing behavior of your customers with reports that include:

• Product sales and revenue

• Performance of product positioning

• Banner view and click data

The Google API configuration for Google Analytics now supports Universal Analytics with Enhanced Ecommerce, Google Tag Manager, and “classic” Google Analytics.

Enhancements to Existing Features

Visual Merchandiser

Visual Merchandiser has been updated with new automatic sorting rules that move the following products to the top of the category. In addition, you can now sort products by color to create color groupings and seasonal campaigns.

• Bestsellers

• Highest-margin products

• Lowest-stock items

• Newest products

• Sort by color

These new sorting rules make merchandising much faster and ensure that top performing, revenue-generating products are consistently placed in positions where they can be easily found by shoppers to help improve category page engagement and conversion rates.

Google Shopping

Google Shopping is a Google AdWords service that publishes product feeds from merchant catalogs. The Google API configuration now includes a separate section for Google Shopping. See the Magento Enterprise User guide to learn how to map your product attributes to Google and publish your content feed to the Google Shopping site.

Solutions for Developers

Magento Enterprise Edition 1.14.2 includes the latest versions of the Zend 1 Framework and Redis integration, as well as refinements to full-page caching that enable more pages to be served from cache. In addition, this release includes many enhancements as part of our commitment to continually improve product quality and to integrate previous patches into the core code.

Magento Mobile Software Development Kit (SDK)

Magento Mobile SDK enables merchants to more easily create a full-featured Magento app that includes all the important eCommerce features you would expect, such as the checkout process, customer accounts, promotions, and store credits, as well as an API for connecting the app to a Magento store.

The SDK provides a complete library of resources that helps significantly reduce development effort and time to market when creating custom iOS applications for the Magento platform. Additionally, a sample, fully-functioning iOS app is provided to help merchants quickly learn how to use the SDK, and they can even choose to customize the sample app to accelerate development of their own applications.

Magento Mobile SDK works with Magento Enterprise Edition 1.11 or later, Magento Mobile Connect v.1.0, and iOS 7 and later. With 199.5 million mobile app users expected in the U.S. by the end of 2015, adding a mobile app channel puts you on the path to capturing greater sales. For the current release, visit the download page.

Make sure to use Magento Mobile Connect ver. 1.0 rather than XMLConnect ver. 24.

Automated Functional Testing Framework

Magento Enterprise Edition 1.14.2 includes nearly 170 automated functional tests, which can help improve implementation quality and time to market by making it easier to do basic acceptance testing when adding extensions, making customizations, or upgrading. To learn more, see:

Installing and Configuring the Magento Test Framework (MTF)

Running the Magento Test Framework (MTF)

Translations are available separately on the Support and Partner Portal.

Other Performance Improvements

• Addressed performance degradation with downloadable products.

• Numerous performance enhancements.1 and 2

Security

• Access Control List (ACL) nodes without value are now set to DENY access by default.

• Admin passwords now expire at the specified time.

• Cross-site request forgery (CSRF) protection issue that interfered with Varnish caching resolved.

• Cross-site scripting (XSS) exploit that used CACHED_FRONT_FORM_KEY resolved.

• Data deserialization potential exploits resolved.3

• .htaccess added to the shell subdirectory.4

• JavaScript injection potential exploit of the Wishlist resolved.

• Pages served using the HTTPS protocol now POST using HTTPS.

• PHP bug in libxml that could cause the site to crash resolved.

• Remote code execution potential exploits resolved.5

• SQL injection potential vulnerabilities related to Advanced Search resolved.

• XSS potential exploit that uses JavaScript in the Visual Merchandiser window resolved.

Changes in This Release

• Access Control List (ACL) resources have new resources enabled.

• Cron jobs now execute at the time they were created, rather than the order in which they were created.

• Google Universal Analytics now includes information about customer orders. The configuration has been streamlined, and includes three account types: Google Analytics, Universal Analytics, and Google Tag Manager.

• Internet Protocol version 6 (IPv6) addressing is now supported.

• Magento can now be updated from Magento Connect Manager.

• Prices can be saved with a comma to separate thousands.

• Products can be downloaded over HTTPS.

• Redis integration has been updated to the latest version.6

• XMLConnect module has been updated to ver. 24. The module should be delivered in the “disabled” state.

• Zend framework has been updated to ver. 1.12.10.

Known Issues

Google Tag Manager

• The addToCart event does not fire for multiple-address checkout. When the customer changes the product amount on the MultiAddress page, theaddToCart event fails to fire, and a message appears.

• The addToCart event contains the product price, but without discount. When the customer adds a product to the cart that has a catalog price rule discount, the addToCart event shows the regular price, rather than the discount. However, the correct discounted price is used checkout.

Full Page Cache

• The blocks cache now works when the full-page cache is enabled.

• Products from the shopping cart appear in the Related Products block when the full-page cache is enabled.

• Products with a price of zero no longer appear in the Related Products block after the block has been disabled.

• Disabled products no longer appear on previously cached category pages.

• Subcategory ordering changes made from the Admin are now reflected on the storefront.

• Users with different tax rates now see their own tax rates, rather than rates for a previously cached user.

• The XmlConnect module now works properly when the full-page cache is enabled.

• The full-page cache works consistently for all themes, including the responsive theme.

• The full-page cache flushes correctly when Index Mode is set to “Update when scheduled.”

Miscellaneous Fixes

API

• OAuth log in page now includes the form_key field.

• REST call to Mage_Sales_Model_Order no longer returns errors.

• SOAP API correctly populates the min_sale_qty field.

• When a partial invoice is created using SOAP V2, salesOrderInvoiceCreate no longer changes the value of $itemsQty in subsequent orders.

• Additional fields in the SOAP API CategoryInfo method:

• Include_in_menu

• UseParentSettings

• ApplyToProducts

• SOAP WSDL URL (/api/v2_soap?wsdl) no longer appears the Admin, which is unreachable by SOAP.

Attributes

• Duplicate attribute sets no longer appear if they are several pages long.

• Product Visibility set to “Search” works correctly.

Checkout

• Resolved JavaScript errors related to one-page checkout. (For example, reward points.)

• Removing the printed gift card option during checkout adjusts the order total.

• Regions appear in alphabetical order on the checkout page.

Compiler

• Customers can register for an account and complete checkout while the compiler is running.

Content Delivery Network (CDN)

• Small web format (SWF) files can now be served from a content deliver network (CDN).7

Content Staging

• Opening a staging website no longer returns an error.

Cookies

• The correct content appears in the storefront when the store cookie is set.

CMS

• Widgets can be added to CMS pages.

• Resolved issues uploading images from the WYSIWYG editor.

• Thumbnails now appear in the WYSIWYG editor.

• CMS pages that use the Generic Content layout appear normally.

• The CMS Preview page uses the current theme.

Customers

• Filtering customer attribute issue resolved.

• The customer’s middle name or initial appears in both the Admin and storefront.

• When customers log in to their accounts, the account page appears instead of the last page visited.

• Saving a customer account from the Admin no longer returns an error.

• If the customer locale does not require a postal code, the administrator does not have to enter one.

• In the password reset notification, customer can reset their passwords for the correct store view.

• The dates that customers and customer addresses were created are now correct.This fix does not apply to customers or addresses created in earlier versions. Only customers and addresses created with Magento Enterprise ver. 1.14.2 show the correct dates.

Database

• Deleting large numbers of products from the Admin no longer returns SQLSTATE errors.

• Disabled products no longer appear in the flat catalog table.

• Resolved an issue that caused the core_cache_tags database table to grow in size.

Full-Page Cache

• Resolved an issue with the gift cards price block after the full-page cache is flushed.

• Resolved several issues related to full-page cache invalidation when products are saved.

Google Universal Analytics

• Removed extraneous fields from the Google Universal Analytics configuration.

Import/Export

• Dataflow now exports products in which images are not used as media attributes.

• Importing and exporting postal codes with a wildcard (*) works correctly.

• Custom options are preserved during import.

• Product imports no longer change the Visibility setting.

Indexers

• Reindexing flat catalog category data issue resolved.

• Scheduled reindexing does not affect the value of store scope.

• The Updated at value for all indexers now shows the correct date and time.

• Scheduled index cleanup no longer returns errors.

• Reindexing from the command line no longer returns errors in system.log.

• Duplicate values for multi-select attributes no longer return errors when reindexed.

Magento Connect

• You can now install extensions without errors using the Database Backup option.

• Fixed potential issues with extensions.

Newsletters

• Customers who use the same email address to subscribe to multiple newsletters now receive all newsletters to which they are subscribed.

• When an order is placed, customers who use the same email address to register with two websites no longer receive notification that they have unsubscribed from a newsletter.

Order Processing

• Address validation has been enhanced.

• Printed invoices show the correct price for bundle products.

• Issues with FedEx error code handling resolved. Choosing FedEx during checkout does not cause a fatal error.

• Orders can be viewed from the Admin without triggering an error.

• The percent (%) symbol can be used in order comments. Previously, the percent symbol interfered with the display of order comments.

• The Fetch button works correctly for Authorize.Net Direct Post.

• When a returned order that was paid with a gift card is edited from the Admin, the refund amount is applied to the gift card balance.

• The RMA header prints correctly.

• JavaScript errors do not occur when processing a return.

PHP

• You can change the value of php_value memory_limit in .htaccess without encountering “out of memory” errors.

Price

• You can change the price of a product using the website scope without errors.

• Added validation to make sure the special price is not greater than the actual price.

Products

• Alerts can be sent for configurable products.

• Error when saving a product no longer causes errors for other products you try to save.

• The Add New Review link works correctly with multiple stores.

Promotions

• Automated email reminders now work correctly.

• Resolved a performance issue related to catalog price rules with a large number of configured quotes.

• The customer segment condition, Customer Created At, now creates a from and to date.

• Resolved an issue with related products from a rule-based product relation not appearing in the storefront.

• The administrator is now prompted to flush the Magento cache when a rule-based product relation is saved.

• Fixed a fatal error that occurs when a rule that expects a single value, such as category = X, and multiple values are assigned, such as category = X, Y. To resolve the problem, any rule-based product relations with such a condition must be deleted and recreated.

Reports

• The correct date appears in reports that are configured to run for a month or a year.

• The Bestseller section of the Dashboard displays the correct prices.

• The Sales Orders report displays the correct profit calculation result.

Search

• Solr search suggestion counts no longer appear when Show Results Count for Each Suggestion is disabled in the configuration.

Server

• Rollback now completes without error when running PHP 5.5.

Shopping Cart

• A message appears when you add an item to your shopping cart.

• Customers can move unconfigured items from the Wishlist to the shopping cart without encountering an error.

• Customers can edit Custom Options in a shopping cart without issues.

Storefront

• Recently Viewed items appear correctly in the storefront.

Swatches

• Swatch images no longer change size when clicked in search results.

Themes

• Fixed responsive theme display problem with ZIP/Postal Code field.

Translations

• Implemented correct escape character for translations.

• International characters can now be used in a Magento storefront domain.8

• Resolved issues with inline translation links and the Chrome browser.

• Corrected the spelling of the Austrian province Vorarlberg.

• Corrected missing translation of a shipping method error message.

• Chinese locales now appear in the Interface Locale list.

Visual Merchandiser

• When using Mass Product Assignment to add or remove products, the SKU dialog box appears whether or not SKUs were added.

• The down arrow and attribute labels are now visible when moving a product from search results to the Merchandiser Window. The number of columns can be set from the Merchandiser Window, including validation.

• Products are not cleared when using the Visual Merchandiser cron job, or when rebuilding category products for smart categories.

Acknowledgments

We’d like to thank the following members of the Magento Community for their contributions to this release:

1 Performance enhancements, Thomas Birke

2 Performance enhancements, Ivan Chepurnty

3 Resolution of data deserialization exploit, Matthew Berry

4 Added .htaccess to shell subdirectory, Phillip Jackson

5 Resolution of remote code execution exploits, Netanel Rubin

6 Updated Redis integration, Colin Mollenhour

7 SWF files from CDN, Sean N. Heukels

8 International characters in storefront domain, Yihao Peng