Podcast

Kontakt

Magento 1.9.4.0 Update

Manuel Fischer

·

·

Magento 1.9.4 was released on November 28 and contains the security patch SUPEE-10975 with 30 fixes for multiple critical security issues. Besides the fixed vulnerabilities, support for PHP 7.2 was added and some bugs were solved.

The major fixed security issues:

  • Stops Brute Force Requests via basic RSS authentication (PRODSECBUG-1589)
  • M1 Credit Card Storage Capability (MAG-23)
  • Authenticated RCE using customer import (PRODSECBUG-2149)
  • API Based RCE Vulnerability (PRODSECBUG-2159)
  • RCE Via Unauthorized Upload (PRODSECBUG-2156)
  • Authenticated RCE using dataflow (PRODSECBUG-2155)
  • Prevents XSS in Newsletter Template (PRODSECBUG-2053)
  • More in the Magento Security Center

Fixes and enhancements

  • This release provides support for PHP 7.2.
  • Magento removed the CC module. As a result, third-party modules that depend upon either the ccsave method or the xmlconnect method will not work as expected. Third-party themes that implement ccsave will not work as expected, either.
  • The Magento logo has been updated throughout the code base.
  • The Continue button now works as expected on the Payments step of checkout when paying with the PayPal payment method.
  • Google Tag Manager now logs sales information in Google Analytics as expected.
  • The product export CSV file now contains columns for super attributes.
  • Magento no longer throws an error when a customer accesses their shopping cart after items in their cart have been removed due to a timeout. Previously, Magento displayed this error, `Notice: Undefined variable: freePackageValue in /var/www/dev/htdocs/app/code/core/Mage/Shipping/Model/Carrier/Tablerate.php on line 130`.
  • Clicking on a configurable product’s swatch on the product list page now updates product price as expected.
  • Customers can now successfully add a grouped product to their shopping cart when category permissions are enabled.
  • Magento no longer displays incorrect prices on the storefront after a failure of the enterprise refresh index.
  • Magento resolved issues in the indexing locking mechanism that previously resulted in Magento throwing an exception after indexing completed.
  • Magento no longer throws a fatal error when a merchant uses an already reserved word to name a product attribute.
  • Magento now adds the correct sales tax to orders being shipped to U.S. addresses that use zip codes with the optional four-digit suffix (for example, 73365-1234).
  • Magento now displays all products on a production website that were edited by a role-restricted user on the associated staging website.
  • Magento resolved an issue that caused Target Rules to throw an exception when a customer opened a product view page.

Remember to create a backup before updating.

Aktuelle Artikel
Kategorien
Beliebte Tags

AI blockchain ecommerce ethics events Magento marketing Metaverse NFTs privacy security SEO shopify socialmedia update WooCommerce WordPress

Beyond the Meme

Der englischsprachige Podcast von Openstream. Discover how memes, AI, and digital culture shape our world, challenge norms, and redefine what it means to be human.

spotify-podcast-badge
Listen on Apple Podcast
, ,

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert