Magento Community Edition (CE) Release Notes (1.9 and later)

Important Upgrade Information

Important: Use CE 1.9.1.0 or later for all new CE installations and upgrades to get the latest fixes, features, and security updates.

Magento CE 1.9.1.1 Release Notes

Magento Community Edition, 1.9.1.1 corrects a remote code execution vulnerability that makes it possible for unauthorized persons to gain access to your store. In February of this year, we released patch SUPEE-5344 to correct the problem. There’s an incorporation of that patch into this release.

Important! To protect your store, you must upgrade to Magento Community 1.9.1.1.

Magento CE 1.9.1.0 Release Notes

Magento CE 1.9.1.0 Release Notes.

Magento CE 1.9.0.1 Release Notes

CE 1.9.0.1 resolved the following issues:

• Customers can no longer apply a coupon from an inactive shopping cart price rule to a purchase.
• Customers using a smartphone or other small viewport can expand subcategories in the web store that uses the new responsive theme.

Recent Patches

We’d like to draw your attention to several new patches that were recently posted to the Partner Portal and Support Center. These patches deliver important improvements, such as enabling several concurrent administrators to work with the product catalog, and to make it easier to install community-created translation packages.

Details about the patches follow. To install patches, see How to Get Patches For Magento EE.

Note: Some of the patches discussed in this section have EE_1.14.0.1 in the name. These patches were all tested against CE 1.9.x as well.

General Magento Connect Patches

Patch name: SUPEE-3941

• When you install a community-created translation package, the translation provided by the package overwrites any existing translations for the same items. This enables you to more easily install packages with translations.
• To improve security, Magento Connect now uses HTTPS by default to download extensions, rather than FTP.
• Extension developers can now create an extensions with a dash character in the name. Merchants can install those extensions without issues.
• Magento administrators who attempt to install an extension with insufficient file system privileges are now informed. Typically, the Magento Admin Panel runs as the web server user. If this user has insufficient privileges to the your Magento install dir/app/code/community directory structure, the Magento administrator sees an error message in the Magento Connect Manager.

Magento Install Page Displays After SOAP v2 Index Page Refresh

Patch name: SUPEE-3762. Refreshing the SOAP v2 index page (http://your-magento-host-name/index.php/api/v2_soap/index/) results in all administrators and customers viewing the Magento installation page.

How to Get Patches For Magento CE

This section discusses how to reference patches in these Release Notes.

To get patches for Magento CE:

1. Log in to www.magentocommerce.com/download.
2. In the left pane, click Downloads.

li>Scroll down to the Magento Community Edition Patches section.

1. Follow the prompts on your screen to download a patch for your version of CE.
2. Apply the patch as discussed in How to Apply and Revert Magento Patches.

Magento CE 1.9.0.0 Release Notes

See the following sections for information about changes in this release:

• Highlights
• Security Enhancements
• Changes
• Tax Calculation Fixes
• Fixes

Highlights

This section lists the key new features in Magento CE 1.9.

• The default theme in Magento CE 1.9 uses Responsive Web Design principles to provide a better experience for users of mobile devices in particular. Benefits include:
  • You can get a tablet and smart phone friendly responsive site in about half the time as before, speeding time to market and freeing up resources for other projects.
  • Your responsive site makes you better able to participate in the fast growing mobile commerce space, gives you the ability to more easily adapt to new opportunities, and is less expensive to maintain. A responsive site also offers potential search engine optimization (SEO) benefits because it uses Google’s preferred approach to mobile-optimizing sites.
• Cross-border trade: (Also referred to as pricing consistency.) We support European Union (EU) merchants operating across regions and geographies who want to show their customers a single price. Pricing is clean and uncluttered regardless of tax structures and rates that vary from country to country.
  To enable cross-border trade in the Admin Panel, click System > Configuration > SALES > Tax > Calculation Settings, option Enable Cross Border Trade.
• Supports PHP 5.4. For more information, see the PHP changelog.
• The Zend Framework has been upgraded to version 1.12.3
• Checkout improvements:
  • You can capture up to 18% more sales by providing customers access to financing using the Bill Me Later service at no additional cost to you.
  • You can offer your customers a smoother, more streamlined PayPal Express Checkout experience, which tries alternative payment options when a customer’s credit card is rejected
  • Improve the PayPal Express checkout experience by eliminating the following steps in the checkout process:
    • The order review page can be enabled or disabled
    • Eliminate the necessity of clicking Update Order before Place Order

  (Conversion means helping customers stay interested and complete their purchases.)

Security Enhancements

• Addressed a potential cross-site scripting (XSS) vulnerability while creating configurable product variants.
• Addressed a potential security issue that could result in displaying information about a different order to a customer.
• Users can no longer change the currency if the payment method PayPal Website Payments Standard is used.
• Removed an .swf file from the Magento distribution because of security issues.
• Improved file system security.
• Enhanced the security of action URLs, such as billing agreements.
• Addressed a potential session fixation vulnerability during checkout.
• Improved the security of the Magento randomness function.

Changes

• A default setting for configurable and bundled products has changed. When you create a configurable or bundled product in the Admin Panel, clickManage > Products. Create a new configurable or bundled product and click the Design tab. The default option for Display Product Options In has changed to Product Info Column.
• The Google Websites Optimizer has been disabled because it has been deprecated by Google. (In earlier EE versions, this option was available in the Admin Panel at System > Configuration > SALES > Google API > Google Website Optimizer).
• Two new options to prevent “clickjacking” if you run Magento in a frame or iframe:
  • Enable frames only in the same domain.
  • Enable frames.

  Important: For security reasons, Magento strongly recommends against running the Magento software in a frame.

  The options are available in the Admin Panel at System > Configuration > ADVANCED > Admin > Security and are named Allow Magento Backend to run in frame and Allow Magento Frontend to run in frame.

  Enabling the option causes the X-Frame-Options request header to be sent.

• FedEx changed their endpoints for sandbox and production to the following:
  • Production: https://ws.fedex.com/web-services
  • Sandbox: https://wsbeta.fedex.com/web-services

  Because of these changes, Magento cannot retrieve shipping rate information or print shipping labels for FedEx unless this fix is applied.

• CE 1.9 includes a fix that prevented some Discover credit cards from validating properly. The issue was that certain Discover credit card number ranges were not recognized as being valid. As a result of the fix, all Discover cards should validate properly.
  

  Important: This is not a security threat. No data has been compromised or misused. It affects only the ability to validate certain credit card number ranges as valid Discover card numbers.

• The default values for two configuration options changed. Both options can be found in the Admin Panel under System > Configuration > CATALOG > Catalog > Frontend. The new default values follow:
  • Products per Page on Grid Allowed Values is now 12, 24, 36.
  • Products per Page on Grid Default Value is now 12.
• On the New Rule page for shopping cart price rules (Rule Information tab page), explanatory text Usage limit enforced for logged in customers only was added to the Uses per customer field. This is to avoid confusion encountered by some Magento merchants.
• Changes to PayPal Express checkout:
  • Changes to both Proceed to Checkout and to Pay With PayPal:
    • Customers cannot edit their billing address on the PayPal site—in fact, the billing address does not display on the PayPal site.
    • Magento CE uses the customer’s PayPal address information, not the address information stored in Magento CE. The customer does not need to enter Magento CE or EE address information.
    • When the customer is redirected to the PayPal site, they can click Change next to their payment method to change it.

    The Magento administrator can set billing address information in the Admin Panel as follows: System > Configuration > SALES > Payment Methods. For any payment method that includes Express Checkout, in Basic Settings, set the value of the Require Customer’s Billing Address list.

  • Changes to Pay With PayPal only:
    • If the Magento administrator does not require the customer’s billing address, the customer’s billing address is set to the customer’s PayPal shipping address.
    • If the Magento requires the customer’s billing address, the customer’s billing address is set to the customer’s PayPal billing address.
    • On the PayPal site, the customer can click Change next to their shipping address to change it. The customer can choose any shipping address configured with PayPal.
    • Because the customer’s configured address in Magento is not used, the customer’s shipping address stored in PayPal is never changed.
  • Changes to Proceed to Checkout only:
    • No Change link displays next to a customer’s shipping address on the PayPal site.
    • In the event of a shipping address mismatch between Magento and PayPal, the following message displays when the customer attempts to pay using PayPal:

      The address you entered on store-name is different than your PayPal preferred shipping address.

      Return to store-name if you’d like to change the shipping addressThe user can select the Use as preferred shipping address check box to instruct PayPal to change their shipping address.

Tax Calculation Fixes

• Fixed price and dynamic price bundled products where the price is configured to include tax display prices correctly regardless of tax settings. (For example, customer’s default tax rate is different from the origin tax rate.)
• Resolved a one-cent rounding issue when Fixed Product Tax (FPT) is enabled and the option Apply Discount to FPT is set to Yes. (These options are available in the Admin Panel by going to System > Configuration > SALES > Tax > Fixed Product Taxes.)
• Resolved issues with calculating the credit memo amount when FPT is discounted and the customer purchases more than one item.

Fixes

Fixes in this release are in the following categories:

• Web Store and Shopping Cart Fixes
• Promotional Price Rule Fixes
• Administrative Ordering, Invoicing, Credit Memo Fixes
• Import Fixes
• Payment Method Fixes
• Other Fixes

Web Store and Shopping Cart Fixes

Web store and shopping cart fixes include the following:

• A customer can update quantities of items in their mini shopping cart from their My Account page.
• The Minimum Advertised Price pop-up works properly in the web store. When the customer clicks Click for price, the price displays as expected.
• The “customer since” date is correct.
• Switching stores when viewing a product with store-scoped URL keys works as expected.
• Setting System > Configuration > CATALOG > Inventory, option Display Out of Stock Products to Yes no longer causes all products to appear as out of stock.
• Entering accented characters in the zip code field during checkout results in a validation error instead of an exception message.
• Gift card codes are sent only after an item is purchased.
• A customer who attempts to log in as another customer with incorrect credentials is denied.
• Resolved issues with applying a 100% discount to an order.
• Customers are no longer redirected to the home page when they have permission to view a category.
• Discount amount displays correctly for products with custom options.
• Issues with placing PayPal Payments Advanced or PayPal Payflow Link orders using Internet Explorer 9 have been resolved.

Promotional Price Rule Fixes

The following fixes relate to administering and using shopping cart price rules and catalog price rules:

• Shopping cart price rules apply properly to grouped products.
• Two catalog price rules applied to the same product work properly.
• The setting Stop Further Rules Processing is honored.
• A user with read-only privileges in the Admin Panel cannot save changes to a price rule.
• Applying a shopping cart price rule does not display an exception.
• Coupon codes apply only to products eligible for the price rule.

Administrative Ordering, Invoicing, Credit Memo Fixes

• An administrative user with access to only one website from which a product was deleted no longer sees a stack trace when attempting to create an RMA for that product. In other words, after a customer placed an order for a product on Website1, an administrator with privileges to all websites removes the product. Later, when an administrator with access to only Website1 attempts to create an RMA for the deleted product, that administrator no longer sees an error message; instead, they see an expected Access Denied message.
• Resolved an issue with incorrectly calculating the amount of an invoice when some items were discounted by a shopping cart price rule.
• Credit memo amount is calculated correctly when processing a partial invoice with a discount.
• Making comments in a credit memo no longer returns items to stock. (Prerequisite: an administrator set System > Configuration > CATALOG >Inventory > Product Stock Options, option Automatically Return Credit Memo Item to Stock set to Yes.)

Import Fixes

• A product with a custom attribute set imports successfully.

Payment Method Fixes

Payment method fixes include the following:

• If guest checkout is disabled, a customer must log in to check out with PayPal Express.
• Eliminated errors in the logs when an administrator clicks System > Configuration > SALES > Payment Methods.
• You can now use New Zealand dollars as the base currency with the eWAY Direct payment bridge.
• Store credit is applied correctly when using Website Payments Pro Hosted Solution.
• If the merchant country is Germany (DE), disabled guest checkout for the express checkout method and PayPal Website Payments Standard.

Other Fixes

Other fixes include the following:

• Categories on the web store now display with spaces between category names for cached and non-cached pages.
• A customer can now initiate a return from the web store.
• An administrative user can subscribe to low stock RSS feeds without errors.
• Category URLs work as expected, regardless of the setting of Create Custom Redirect for old URL for the category’s URL key.
• Setting allow_url_fopen = Off in php.ini has no effect on the CMS WYSIWYG editor.
• No fatal error displays when a role-restricted user previews a newsletter in the Admin Panel.
• Google Sitemap files now include the .html suffix for category and product URLs.
• Customers can use advanced search on your web store if Magento EE is configured to use the default MySQL Fulltext search engine and the server uses MySQL 5.6.
• A role-restricted user can preview a newsletter in the Admin Panel to which the user has privileges.
• After synchronizing media files with the database, media/customer/.htaccess is present with the correct data. (Prerequisite: an administrator setSystem > Configuration > ADVANCED > System > Storage Configuration for Media set to Database).
• cron now restarts indexers if they previously failed to run.
• You can save changes to a category that has more than 1,000 products.
• Deactivating one of several banners no longer causes exceptions in system.log.
• Resolved issues with the WSDL cache.
• Improved the efficiency of product searches.
• Resolved issues with the DHL International shipping method.
• Resolved 404 (Not Found) errors in layered navigation.
• Resolved a SQL error when attempting to assign a bundled product to another website.
• Rules-based product relations perform as expected after being saved.
• Resolved an issue with sending duplicate Content-Type headers when using mod_fastcgi with the Apache web server.