Magento 18.104.22.168 is Out
A new version of Magento has been released. Since a few security issues have been resolved, we’re considering this a security fix and also, this release provides support for PHP 7.2. We recommend all Magento website owners have this upgrade done.
Even though this upgrade claims to work with PHP 7, we will not be switching your website to use PHP 7 during this upgrade. This work will be sent to you as a separate ticket in December, after we do some testing. It’s possible that not all plugins/extensions being used with your website are PHP 7 compatible, so we’ll need to do this evaluation when you want to make this upgrade. There are some great speed (load time) and security benefits with PHP 7, so it’s definitely worth doing.
Magento Open Source 22.214.171.124 Release Notes (Magento.com)
This version (or patch SUPEE-10975, which applies to older versions of Magento) provides resolution of multiple critical security issues and functional fixes. These critical security issues include remote code execution (RCE), cross-site scripting (XSS), and cross-site request forgery (CSRF) issues. This release also provides support for PHP 7.2.
Fixed issues and enhancements
- This release provides support for PHP 7.2.
- We’ve removed the CC module. As a result, third-party modules that depend upon either the ccsave method or the xmlconnect method will not work as expected. Third-party themes that implement ccsave will not work as expected, either.
- The Magento logo has been updated throughout the code base.
- The Continue button now works as expected on the Payments step of checkout when paying with the PayPal payment method.
- Google Tag Manager now logs sales information in Google Analytics as expected.
- The product export CSV file now contains columns for super attributes.
- Magento no longer throws an error when a customer accesses their shopping cart after items in their cart have been removed due to a timeout. Previously, Magento displayed this error, `Notice: Undefined variable: freePackageValue in /var/www/dev/htdocs/app/code/core/Mage/Shipping/Model/Carrier/Tablerate.php on line 130`.
- Clicking on a configurable product’s swatch on the product list page now updates product price as expected.
- Customers can now successfully add a grouped product to their shopping cart when category permissions are enabled. Previously, Magento did not add the product to the cart, but instead displayed a descriptive error message.
- Magento no longer displays incorrect prices on the storefront after a failure of the enterprise refresh index.
- We’ve resolved issues in the indexing locking mechanism that previously resulted in Magento throwing an exception after indexing completed.
- Magento no longer throws a fatal error when a merchant uses an already reserved word to name a product attribute.
- Magento now adds the correct sales tax to orders being shipped to U.S. addresses that use zip codes with the optional four-digit suffix (for example, 73365-1234). Previously, the Tax rule triggered a failure if the U.S. zip code that had this optional four-digit suffix.
- Magento now displays all products on a production website that were edited by a role-restricted user on the associated staging website.
- We’ve resolved an issue that caused Target Rules to throw an exception when a customer opened a product view page.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.