Yesterday, Magento has rolled out 5 different updates including 3 new community versions, one Magento Commerce update and Yes security patch for earlier Magento 1.x versions too. This time Magento is mainly focused on performance and security with some remarkable changes to its core.
Magento Open Source and Commerce 2.2.6
Magento Open Source and Commerce 2.1.15
Magento Open Source 126.96.36.199
Magento Commerce 188.8.131.52
SUPEE-10888 to patch earlier Magento 1.x versions
As usual, these releases contain security enhancements that help close cross-site scripting, cross-site ask forgery and other safety issues. No confirmed attacks associated with these issues have occurred up to now. But, certain vulnerabilities can potentially be harnessed or take administrator sessions more than, so we strongly recommend that you upgrade to ensure your sites maintain the highest level of security. Moving forward Magento developing team is really working hard to serve occasional updates & fixes. Let’s look at some impressive highlights of each version.
Magento Open Source 2.2.6
This time Magento 2.2.6 release included:
- 25 security fixes
- 10 significant performance improvements
- Updates to Vertex, Amazon Pay, dotmailer, and Klarna integrated solutions
- Over 150 product quality enhancements including 100 contributed by the community
Here, what is inside the box…
- Merchants can now improve store performance by disabling Magento Report functionality. A new configuration setting (System Configuration: General > Reports > General Options) allows merchants to disable Magento Reports, which is recommended practice if a merchant’s business function does not require this capability.
- The catalog price indexer is now scoped and multithreaded, which improves the performance of layered navigation, search, and indexing actions for Magento instances with multiple websites and stores. This makes it possible to parallelize catalog price indexing by websites and customer groups. To re-index in parallel mode, add the MAGE_INDEXER_THREADS_COUNT environment variable to env.php.
- Now, shopping cart’s contents remain consistent even when the checkout page is repeatedly reloaded. Previously, if a customer reloaded the checkout page several times, Magento emptied the shopping cart, and the customer could not place the order. (This problem primarily affected stores running on HTTPS.)
- Refreshing the checkout page no longer deletes the shipping address when a guest checks out. Previously, when the persistent shopping cart was enabled, refreshing the checkout page affected information entered into form fields for a guest checkout.
- Improve place order button speed
Configurable products are now sorted by visible prices as expected. Previously, sorting a catalog by price produced sort results that included the prices of out-of-stock products and disabled child products.
- indexer improvement of catalog product, category, rule indexing, price indexer,
The catalog:image:resize command execution time has been reduced by up to 90% in the release.
– Remove pub/media/catalog/product/cache . (Removing this folder frees up space.)
– Run bin/magento catalog:image:resize to generate a new image cache. (This step is necessary because we’ve changed the path to cached images and must remove the previously cached images.)
- The catalog price indexer is now scoped and multithreaded, which improves the performance of layered navigation, search, and indexing actions for Magento instances with multiple websites and stores.
-Please add the MAGE_INDEXER_THREADS_COUNT environment variable to env.php.
- Magento now maintains the default sort order for products (“newest first”) when you upgrade your Magento deployment. Previously, after the upgrade, the default product order in categories changed from “newest first” to “oldest first”
- Merchants can now successfully change the applied theme setting for a store view (Content > Design > Configuration).
- The Click & Collect feature offers merchants the ability to:
Provide Click & Collect as a shipping option to customers, enabling them to directly collect shipments from designated source locations or stores
- Configure source locations available for Click & Collect pick-ups
Updates to Shipment Form for UPS (US only) Consumers can also select Click & Collect locations during check-out. This feature is supported by workflows and notifications for Click & Collect pick up, packing, and collection.
Magento Open Source 2.1.15
- The Module Manager now correctly displays the list of modules (System > Tools > Web Setup Wizard > Module Manager). Previously, Magento threw an error when you tried to display the module list.
- Administrators can now add a parameter to app/etc/env.php: user_admin_email. This parameter ensures that when a new administrator account is created, Magento sends an email to the default store’s email and, if present, to an email address defined in user_admin_email.
- The transport event parameter has been changed from type Array() to type DataObject. This is a reversion of a change that was made in an earlier release.
- Merchants can now place an order for a grouped product where the quantity of subproducts is less than one unit.
- The annotation for the formatDateTime function in the lib/internal/Magento/Framework/Stdlib/DateTime/TimezoneInterface.php file has been corrected. The locale and timezone have been changed to param string|null $locale and @param string|null $timezone.
- Customers can now successfully download and export PDFs after logging in. Previously, customers were redirected to the Admin when trying to download or export data to a PDF right after logging in.
- Magento now supports GNU free fonts in invoice and shipment PDFs. Previously, PDFs containing Arabic, Russian, Greek, Indian, or Thai alphabets did not correctly render those characters.
- You can now successfully upload logo images in Internet Explorer. Previously, Magento did not upload the image, but instead displayed this error: Object doesn’t support property or method ‘set’.
Magento Commerce 184.108.40.206
This quarter, there have been multiple updates to the Magento Cloud Tools package, also known as ece-tools. These updates provide a better experience in multiple areas including enabling zero-downtime deployments, an improved Docker setup and configuration process, and improved environment configuration validation.
This version (or patch SUPEE-10888, which applies to older versions of Magento) provides resolution of multiple critical security issues. These critical security issues include remote cross-site scripting and cross-site request forgery issues. Also, You cannot re-send the password for new customers who created their account during checkout which is now fixed
Also keep in mind that Magento Open Source 1.5 to 1.9, Magento will provide software security patches through June 2020 to ensure those sites remain secure and compliant.
So, upgrade your store to the latest Magento version before 2020.
– Includes patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482, SUPEE-6788, SUPEE-7616, SUPEE-7405, SUPEE-7405 v1.1, SUPEE-8788, SUPEE-9652, SUPEE-8167, SUPEE-9767v2, SUPEE-10266, SUPEE-10415, SUPEE-10570, SUPEE-10752, SUPEE-10888
Here we came to end, where its time to upgrade our store to latest Magento version and install SUPEE-10888 if using Magento 1.x versions. Don’t forget to tell us your opinion about this newly launched Magento versions by Commenting below.
You can also read our guide to quickly upgrade your Magento 2.x to Latest Version.