Magento

We’re excited to announce that the newest version of Magento Enterprise Edition– version 1.13 – is now available.

There are thousands of merchants doing many different and innovative things on Magento Enterprise - from revolutionizing how customers buy eyewear to building mobile salesforce automation applications for a global sales team. But there is one thing that Magento Enterprise merchants are ALL doing….GROWING!

As our merchants grow, we need to ensure that Magento continues to grow with them. That’s why we’re excited to announce Magento Enterprise 1.13, the most powerful and scalable version of Magento ever.

Key performance and scalability enhancements of Magento 1.13:

	Optimized Indexing We’ve optimized the Magento Enterprise indexing process to enable significantly faster indexing with limited to no impact to the customer’s shopping experience. This will make it easier for you to add and update products more frequently while ensuring your URLs, promotions, navigational menus and product search tools are always completely up to date, while never slowing down the performance of your online store. The introduction of incremental indexing reduces the need to perform a full re-index and most indexing operations are now automated - saving you and your staff time and energy to focus on revenue-generating activities.
	Improved Caching The full page caching capabilities in Magento Enterprise help ensure that high volume pages load quickly. We’ve improved our caching to enable even greater performance by invalidating only relevant pages making it easier to cache content without affecting site performance for your customers. Improved caching performance also drastically reduces server load enabling your to store to support even larger traffic volumes while conducting back end operations.
	Speedier Checkout Flow 1.13 showcases tremendous improvements in further speeding up the checkout process by reducing page load times for browsing and placing orders. Faster checkout can significantly improve your customers’ shopping experience and customer satisfaction.
	Enhanced Tax Calculations Algorithms This latest version of Magento Enterprise Edition improves tax calculation algorithms eliminating potential rounding offsets that can be displayed on buyer facing screens. This release also provides additional support for Canadian tax requirements.
	Functional Improvements We’ve also made approximately 350 functional improvements in key areas including in the web store and shopping cart, admin order creation, import and export functionality, web API components and payment methods.

When it comes to Magento’s ability to scale, Enterprise Edition 1.13 is the most dramatic step forward in this history of our platform, and we’re confident 1.13 will support you through your next level of success in whatever innovative way you utilize Magento.

You can get all the details about Magento Enterprise Edition 1.13 here

Ready to take your business to the next level? Contact us and we’ll help you get started.

If you’re already a Magento Enterprise customer, you can immediately access the new 1.13 release in the My Account section of the Magento website.

We hope you enjoy these new capabilities and we look forward to helping you achieve even greater eCommerce success.

As some questions have come up, we wanted to provide some clarification to the blog post “Important Security Update – Zend Platform Vulnerability” posted of July, 5, 2012.

As outlined in that post, all Magento merchants on a deployed platform are strongly recommended to protect themselves from the Zend Framework vulnerability.

We have added further instructions on how to protect your business. Please apply the solution below that corresponds to your version of Magento.

Magento Enterprise Edition

• As best practice, we recommend that all Enterprise Edition merchants upgrade if possible to the latest release (v1.12.0.2) to take advantage of the latest fixes and features.
• Depending on your platform version, please find the appropriate solution for you:

Magento Professional Edition

• All versions of Professional Edition, please apply the Zend Security Upgrades patch (Navigate to Downloads > Magento Professional Edition > Patches & Support - account log-in is required)

Magento Community Edition

• As a best practice, we recommend that all Community Edition merchants upgrade if possible to the latest release (v1.7.0.2) to take advantage of the latest fixes and features.
• Depending on your platform version, please find the appropriate solution:

Magento Go

Magento Go customers will not need to make any updates. All fixes will be applied automatically on the backend.

Instructions on Applying the Patch

• 1. Go to the root of your Magento root directory: cd /home/mystore/public_html
• 2. wget –O patch_name.patch
• 3. Download the patch from the provided link appropriate for your version (this line allows you to do it from the Unix command prompt)
• 4. Apply the patch: patch -p0 < patch_name.patch

*Note that if you are running more than one web server, the patch will need to be applied to all the servers.

Workaround

If an upgrade cannot be performed or the patch cannot be applied immediately, the following instructions can be followed to temporarily disable the RPC functionality that contains the vulnerability.

Please note that this workaround can only be applied to versions of CE 1.4 and below and EE 1.8 and below.

Also, please be advised that any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.

• 1. On the Magento web server, navigate to the www-root where Magento app files are stored.
• 2. In the wwwroot, navigate to /app/code/core/Mage/Api/controllers.
• 3. Open XmlrpcController.php for editing.
• 4. Comment out or delete the body of the method: public indexAction()
• 5. Save the changes.

Technical Clarification

As some of our experienced community members have discovered, the development fix in CE 1.7.0.2 and EE 1.12.0.2 differ from the fix provided in the patches. In the latest releases, we decided not modify the Zend library directly, but override vulnerable methods within Magento Code by adding two new classes:

• app/code/core/Zend/XmlRpc/Response.php
• app/code/core/Zend/XmlRpc/Request.php

We did this in order to keep coherency of the underlying Zend Framework version 1.11.1 for Magento 1.X. We are planning to upgrade the Zend Framework in Magento in the upcoming releases.

We have recently learned of a serious vulnerability in the Zend Framework on which Magento is built. This note provides information on how customers can access and install a patch that addresses this issue.

The Issue

The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.

Solution

We recommend that all Magento implementations install the latest patch appropriate for your platform:

• Magento Enterprise Edition and Professional Edition merchants:
• You may access the Zend Security Upgrade patch from Patches & Support for your product in the Downloads section of your Magento account. Account log-in is required.
• Download

• Magento Community Edition merchants:
• Community Edition 1.4.0.0 through 1.4.1.1
• Community Edition 1.4.2.0
• Community Edition 1.5.0.0 through 1.7.0.1

Workaround

If the patch cannot be applied immediately, the following instructions can be followed to temporarily disable the RPC functionality that contains the vulnerability. Please be advised, any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.

• 1. On the Magento web server, navigate to the www-root where Magento app files are stored.
• 2. In the wwwroot, navigate to /app/code/core/Mage/Api/controllers.
• 3. Open XmlrpcController.php for editing.
• 4. Comment out or delete the body of the method: public indexAction()
• 5. Save the changes.

Additional Notes

Users with existing IDS capability may monitor the RPC interface to watch for attacks. As always, we recommend maintaining an up-to-date installation of the Magento platform as the best way stay secure.

The latest releases of Magento (Community Edition 1.7.0.2 and Enterprise Edition 1.12.0.2) incorporate the appropriate patches. please use correct versions of releases 1.7.0.2 and 1.12.0.2 .

We have just released an updated version of Magento Community Edition, version 1.7.0.1. This update delivers new, minor functionality and fixes for some potential security vulnerabilities.

Major highlights and improvements include:

• Improved backend configuration UI for PayPal payment solutions
• Added functionality for creating nested field sets in the System configuration
• Implemented support for the extended and shared configuration fields
• Added the ability to define dependencies between fields from different field sets
• Fixed some potential security vulnerabilities

Check out our full list of features and fixed issues on our release notes page. Or take the software for a test drive and see how it works first hand. Diff files are available here. If you find any issues, be sure to report them in the bugtracker.

Merchants have been asking for a fast and secure way to integrate more business applications within Magento. We’ve met this request by introducing the Magento REST API as part of the Magento Enterprise 1.12 and Community 1.7 releases.

Noteworthy benefits of the REST API include simplicity, ease of testing and troubleshooting, and better performance. It allows you to manage customers, customer addresses, sales orders, inventories and products using HTTP verbs such as GET, POST, PUT and DELETE. Data requests and responses can be in XML or JSON format.

REST Resources

REST resources are simply the entities or identities that are exposed to the developer. REST defines the identity of the resource via the URI (uniform resource identifier). Each resource has a unique URL address and any interaction with a resource takes place at its URI. The following resources are supported in CE 1.7.0.0.

• Products: Allows you to retrieve the list of products, create a simple product, and update or delete a product.
• Product Categories: Allows you to retrieve the list of categories assigned to a product and assign or unassign a category to a product.
• Product Websites: Allows you to retrieve the list of websites assigned to a product and assign or unassign a website to a product
• Customers: Allows you to retrieve the list of customers and create, update, or delete a customer.
• Customer Addresses: Allows you to retrieve the list of customer addresses, and create, update, or delete an address.
• Inventory: Allows you to retrieve the list of stock items and update a stock item.
• Sales Orders: Allows you to retrieve the list of sales orders and specific order information.
• Sales Order Items: Allows you to retrieve the items for a specific order.
• Sales Order Addresses: Allows you to retrieve billing and shipping addresses for an order.
• Sales Order Comments: Allows you to retrieve comments for a specific order.

Preparing to Use REST API with Magento

From the Magento store admin panel:

• Set up permissions to operate with resources for the three different user types: admin, customer, and guest. The admin is the backend logged-in user, the customer is the frontend logged-in user, and the guest is a non-logged-in frontend user.
• Configure which attributes will be allowed to retrieve or update for the different user types
• Register the third-party application (setting up consumer) and provide the information to the third-party application.

For a more detailed explanation with sample data, check out our wiki page. As always, we welcome your feedback and are eager to help with any issues you may encounter. Please use our bug tracker and choose the Webservices API from the Category selection.

We’re pleased to announce the latest Magento releases: Magento Enterprise 1.12 and Community 1.7. The recent enhancements to our powerful eCommerce offerings help merchants provide a more personalized shopping experience for their customers.

Benefits include easier order placement, mobile optimization and multiple wish lists. These enhancements give merchants greater potential to boost consumer engagement, increase conversions and transaction size, and foster brand loyalty.

All merchants, including those running B2B businesses, can take advantage of improved customer segmentation and ordering capabilities. While those operating in Europe can use our new features to stay compliant with EU regulations.

Of course, our latest releases have lots in store for developers too, including a new API, and backup and rollback systems.

Read on to learn about the key features in our new releases and how they can benefit you.

	Mobile HTML5 Quickly and easily create a storefront optimized for mobile devices so customers can shop even when they’re on the go. This mobile interface uses HTML5 technology and supports iPhone, Android and Mobile Opera browsers. It includes out-of-the-box features such as: Device-specific media capabilities for audio and video User-friendly search and results display Clean display of product detail pages Pinch, multi-touch and scaling images Easy swipe between product images Zoom capabilities Cross-sell and up-sell capabilities Drag-and-drop of products to the shopping cart
	Visitor Segmentation Tap into a whole new customer segment – unknown site visitors. Whether they’re new visitors or returning customers who have not logged in, you’ll now be able to identify and target them with special promotions to convert browsers into buyers.
	Expanded Rule-based Product Relations Our rule-based product-relations functionality allows merchants to target specific customer segments with product recommendations. Pinpoint specific customers with up-sells, cross-sells and related products to create a more relevant shopping experience.
	Auto-generation of Coupon Codes Generate a set of unique coupon codes for each promotion you run and export the list of codes for offline distribution, email, newsletters and more. Easily manage and monitor coupon usage and generate detailed reports.
	Multiple Wish Lists Customers can save products to multiple wish lists and copy or move items from list to list. They can make their wish lists public so they’re searchable by anyone. And merchants can review them to learn about their customers’ wants and needs.
	Layered Navigation Pricing Enhancement We’ve introduced a new set of algorithms for price-layered navigation that provides much greater flexibility. Now you can display a range of prices that is based on having a similar number of products within each range, giving you better control of your customers’ search results, and helping your customers find what they’re looking for faster.
	Customer Group Pricing One price doesn’t always fit all. This tool allows you to create different price points for different customer groups, such as wholesalers and retailers. You can determine both base price and tiered price levels.
	Add to Cart by SKU Streamline the ordering process, especially for B2B customers, by enabling them to enter a list of SKUs without having to go into product pages. This simplifies large orders, recurring orders and ordering based on offline catalogs.
	REST APIs Support The new Magento REST API uses three-legged OAuth 1.0a protocol to allow applications to safely access Magento services. What this means for you? You can manage customers, customer addresses, sales orders, inventories and products using HTTP verbs (GET, POST, PUT, DELETE). Data requests and responses can be in XML or JSON format. This initial version of the REST API supports the following functions: Create/Retrieve/Update/Delete a simple product Retrieve a list of orders and specific order information Update/Retrieve catalog inventory Create/Retrieve/Update/Delete complete customer information
	European Union VAT-ID Validation This feature facilitates the tax collection process for online businesses in the EU and greatly simplifies international B2B transactions by automatically applying the correct tax rules. Taxes can be calculated and charged according to VAT customer groups, based on customer shipping or billing addresses and VAT IDs.
	EU Cookie Restriction Our response to the recent EU Privacy and Electronic Communications Directive? A new cookie notification feature that simplifies the compliance process. Once enabled, a message at the top of the storefront informs site visitors about the cookie policy and prompts them to accept or decline.
	CMS Page Hierarchy Enhancements Managing your CMS hierarchy tree just got easier. Now you can add CMS pages to the navigation menu without custom development. You can also create, copy or delete different CMS hierarchy trees for each website and store view individually or en masse..
	Backup and Rollback Manage and schedule a variety of backup operations with the option to rollback the changes to reverse any modifications. This feature is particularly useful when testing new modules or customizations, or when upgrading to a new version of Magento. You can review specific customizations and their impact on the new code. (We do not recommend using this feature in your production environment.) Three types of backup are supported: System Backup Database Backup Database and Media Backup
	Payment Bridge 1.1 Updates Magento Secure Payment Bridge, our PA-DSS certified payment application, adds multiple new payment methods. In addition to our existing supported gateways – PayPal, Authorize.net and Payflow Pro – we are introducing support for the following new gateways: Psi Gate RBS Worldpay Database and Media Backup Braintree First Data Card Gate Plus DIBS eWay Direct Ogone Directlink Paybox Payone Sage Pay CCAvenue Supported by services provided by Braintree or Authorize.net, customers can also securely save their credit card information for future transactions in a “My Credit Cards” section in “My Account.” And with support from Kount, you can integrate fraud-screening services with your payment methods (requires separate agreement with Kount).
	CAPTCHA Now you can enable CAPTCHA functionality on your site to help prevent automated software from attempting fake logins. This auto-generated test ensures that the login is being attempted by a person and can be enabled in both the admin and customer login areas.

Ready to take your business to the next level? Contact us and we’ll help you get started.

If you’re already a Magento Enterprise customer, you can immediately access the new 1.12 release in the My Account section. And developers can access the new Community edition by clicking here.

We hope you enjoy these new features and look forward to helping you achieve greater eCommerce success.

Greetings Magento Community Developers and Users,

As many of you are aware, as of June 1st 2011, Google Base Data API has been fully retired and merchants who are using Google Base APIs to upload products to Google should migrate to new extension Google Content API Extension.

Google Shopping API consists of two parts: Content and Search; Content API allows insert, update, delete and retrieve product's info from Google; Search API allows search by uploaded items and it is not part of Magento's integration.

This new extension covers the new Content API logic and it is designed for managing merchant item being uploaded to Google Base. For Magento, this simply replaces the current Google Base API logic.

Magento users can reference the following user guide documentation for additional information and instructions on how to utilize Google Shopping APIs for items with your Magento store.

• GoogleContentExtension.pdf

Magento developers can reference the following technical overview documentation on Magento integration with Google Shopping APIs.

• GoogleContentAPI_Technical.pdf

As always feel free to contact or directly if you have any questions.

Update 11:00PM Friday June 10th

And we are BACK! Please

We’re Upgrading MagentoCommerce.com

We will be upgrading the MagentoCommerce.com website tonight beginning at 10:00PM Pacific Standard Time. This planned maintenance will help improve the site’s performance and capacity.

While we are undergoing the upgrade, the entire magentocommerce.com site will be inaccessible. Work will begin at approximately 10:00PM tonight (PST) and will last around 1 hour.

Stay tuned to our Twitter account for real-time updates.  We will update both Twitter and this blog post when our planned maintenance is complete.