Magento CE 220.127.116.11 has been released. Along with 18.104.22.168, the new platform version contains lots of various improvements and fixes and below we shed light on them. Note that some major enhancements have been published, so don’t hesitate to update your ecommerce website to the latest version. You can download Magento CE 22.214.171.124 using the following links:'
The latest official Magento CE version is always available on
Magento CE 126.96.36.199 Release Notes
Magento Community Edition 188.8.131.52 fixes more than a dozen issues, so it is necessary to tell a few words about each improvement.
- The old calculation algorithm for shipping changes is restored. Is is more reliable and soon you will be able to request a corresponding patch.
- The issue related to setting the session lifetime to 0 is fixed.
- The monthly cron job runs works as expected.
- Configurable product images are now importable.
- An undefined addCrumbs() method call no longer causes an exception.
- As for common errors, you will no longer face Notice: Undefined index: session_expire_timestamp when trying to access the storefront.
- If you had any issues while saving drop-down label values, they are fixed in Magento CE 184.108.40.206 and values are saved correctly.
- And a problem related to “Price as configured” for bundle products in the shopping cart is not available in the system.
- There is also an improvement related to automatically generated passwords: if previously they had not been sent as expected, now everything works well.
- Scalar and array values are accepted by the Mage_Api_Model_Server_Handler_Abstract::processingMethodResult() method.
- The default MySQL Full-Text search does not return all products.
- As for potential vulnerabilities, they are also fixed: CSRF – by implementing form key improvements for signing out, XSS – when adding a category.
- Catalog price rules work as expected now. They return the correct price.
- Indexers no longer skip the last product updated. Instead, they update all products.
Magento CE 220.127.116.11 Release Notes
Magento Community Edition 18.104.22.168 is a major update that contains over a hundred improvements. Besides, it adds a support for PHP 5.6. Let’s see some security enhancements first.
- Magento CE 22.214.171.124 fixes the Zend Framework issue – a potential SQL injection.
- If you know about a cache poisoning issue, it is also eliminated.
- Protection against path exploits is improved.
- Several XSS vulnerabilities are fixed: when adding a category, one that affected the Magento server’s request URI, and one in invitations.
- Out-of-memory errors on the Magento server are no longer caused by flooding it with images of incorrect dimensions.
- Configure your Magento server in HTTPS, and you will fully leverage the same standard for the Magento Admin Panel login page.
- .htaccess files are enhanced with the nosniff header.
- Adobe Flash is not used for uploads.
- Previously, static code scans revealed several potential issues that are now fixed.
Some other potential risks that are resolved: man-in-the-middle vulnerability, PHP security vulnerability, potential security vulnerability that uses the block cache and can be created by an admin, CSRF vulnerability involving the wishlist, remote code execution exploit, etc. Besides, it is now impossible to login as a registered customer via an email only.
There are also some updates related to Magento passwords. Now, a user can change a password only after an email is received. Besides, the number of forgotten password requests is limited to 5 per hour for one IP; 5 per 24 hours for one email; and no more than once every 10 minutes per one email address. Also note that the forgot password link is valid for just 2 hours. It expires after the first use as well.
As for emails, it is necessary to provide a password and to acknowledge the change from the previous address to change the specified email address. Leading and trailing spaces are ignored in a password. The customer’s password is included into the new customer email.
There are a lot of other fixes in Magento CE 126.96.36.199. Perhaps, you’ve noticed that the subtotal with tax in invoices wasn’t calculated correctly. Now, the problem is fixed. And this is a list of improvements related to shopping cart and checkout:
- If a product was added to the shopping cart as a guest and then as a logged-in user, it is displayed one time.
- Everything is ok with bundled products – they are displayed correctly.
- It is also necessary to mention that some admin features related to the shopping cart functionality have been fixed. Thus, you can easily move a configurable product to the shopping cart from the backend.
- There also was an issue with shipping discount coupons. Now they work as expected being based on a specified shipping address.
- First Class Mail letter is a shipping option of the renewed shopping cart.
- Both store credit and reward points can be used for purchasing something in Magento Community Edition 188.8.131.52.
- Due to a new enhancement, special price must be always less than the actual price. The validation was added.
- Exceptions are no longer displayed when a customer checks out or uses a gift card in an invalid transaction.
- You can freely serialize and unserialize values in the shopping cart.
- Payment processor unavailability is not an issue anymore, since Magento recovers after it properly: a customer is charged and all items are shipped.
- An empty product can not be ordered.
As for catalog fixes, 4 core improvements were introduced in Magento CE 184.108.40.206. If a configurable product has a decimal quantity that is less than 1, it is now displayed in the catalog as expected. All configurable products are sorted by attributes (previously, their IDs were the basis for sorting). Mage_Catalog_Block_Product_List can be used on product detail page causing no errors. app/code/core/Mage/CatalogSearch/Model/Resource/Fulltext.php no longer includes the where variable.
There are also 5 price rule fixes. A catalog price rule that targets a bundled product by percentage is now calculated correctly. The same is about a shopping cart price rule with tax (we’ve just mentioned this improvement above). Multi-select attributes are no longer a problem when the flat product catalog is enabled. Now, two users can add a product simultaneously. It is also necessary to mention that a configurable product can be placed into the cart when a shopping cart rule is configured.
Configurable swatches also got treatment. There was a memory leak in the configurable swatches module that is now fixed. If a product is out of stock, configurable swatches are displayed correctly in layered navigation as well as category and product view pages. And they work properly even if there are no images. Some performance issues are now resolved as well. Swatch images for configurable products work as they should.
As for import/export functionality, it was slightly revamped in Magento CE 220.127.116.11. Now, you can freely export a large number of products (previously, this was a reason of an out-of-memory error). And you can import data into multiple stores. Customers with a multi-select attribute can be reimported preserving the attribute. And everything works fine when it comes to file uploads. Broken help links in the backend were fixed. Product import has a dramatically reduced memory consumption. And if you export coupon reports as CSV, you get correct totals.
Indexer fixes are also a part of the CE 18.104.22.168 update. There are 5 improvements:
- Reindexing no longer removes the category class tag if you enable flat category tables.
- The Product Flat index now indexes a large amount of changes properly.
- Indexes are reindexed in case they are scheduled for update.
- Category indexers performance improvement is also a part of this Magento Community Edition version.
- And you can freely save categories with the “/” character as a suffix, since they are displayed correctly now.