Magento Blog


Magento Community Edition 1.8.1.0 Is Here

image

Magento Community Edition 1.8.1.0 is here! This latest release includes many contributions from the Magento developer community and empowers merchants to operate their online stores more easily and efficiently by delivering significant tax calculation updates, functional improvements, and security enhancements, including:

image Tax Calculation Updates
Building on tax improvements made in our most recent release, Magento Community Edition 1.8.1.0 provides more accurate and consistent Value Added Tax (VAT) and Fixed Product Tax (FPT) calculations for the Magento admin, invoices, and credit memos. It also improves tax calculations for cross-border transactions, bundled products, and multi-tax scenarios, as well as supports the Waste Electrical and Electronic Equipment recycling tax in the EU.
 
image Functional Improvements
Magento Community Edition 1.8.1.0 includes important improvements across the shopping cart, checkout, content management system, and product import and export. Many of these updates came from Magento community hackathons (see photos of the events below). Please give a big “thank you” to the contributors highlighted in the product release notes for making the Magento platform better!
 
image Security Enhancements
Magento Community Edition 1.8.1.0 delivers several important security enhancements, helping to further strengthen the platform against potential threats. These enhancements were identified through a rigorous process that included comprehensive internal testing, quarterly penetration testing by expert consultants, and engagement with the Magento developer community. Additionally, one improvement from Magento Community Edition 1.8.0.0 is now available for download for earlier Magento Community Edition releases.
 
image How to Upgrade
We know that you are eager to start testing out Magento Community Edition 1.8.1.0. But, before you do, please take a few minutes to carefully review the upgrade instructions. We strongly recommend that you do not upgrade Magento Community Edition 1.8.1.0 in the same directory on the same server as your current deployment to avoid any post-upgrade errors.
 
image Get Started
See how Magento Community Edition 1.8.1.0 can help improve your operations by downloading the software and reviewing the release notes today!
 

image

L.A. Bugathon

image image image

Zurich Hackathon

image image image

Announcing Magento Enterprise Edition 1.13.1.0

image

Building on the performance and scalability improvements released earlier this year, Magento Enterprise Edition 1.13.1.0 advances overall product quality and eases operations by providing significant tax calculation updates, a wide range of functional improvements, and several security enhancements.

Highlights include:

image Tax Calculation Improvements
We made many tax improvements for shopper-facing pages in Magento Enterprise Edition 1.13.0.0/2. In this latest release, we’ve resolved similar Value Added Tax (VAT) and Fixed Product Tax (FPT) issues for the Magento admin, invoices, and credit memos so that you have access to more accurate and consistent tax calculations and displays. We’ve also addressed:
  • VAT tax calculation issues for cross-border trade
  • Tax rounding issues when multiple taxes are applied
  • VAT and FPT calculation issues for bundled products
  • Support for the Waste Electrical and Electronic Equipment (W.E.E.E.) recycling tax in the EU
 
image Functional Improvements
Magento Enterprise Edition 1.13.1.0 also includes functional improvements across important feature areas, including the shopping cart, checkout, content management system, and product import and export. Many of these updates come from Magento community developers. We truly appreciate their active support in advancing our solution. You can see which developers contributed fixes in the product release notes. These improvements will also be available in the upcoming Magento Community Edition 1.8.1.0 release, which is expected in December.
 
image Security Enhancements
Magento is committed to following a rigorous process to identify and resolve potential security issues so that you can feel more confident that your store is protected. Our team does comprehensive internal testing, has expert consultants conduct quarterly penetration testing, and actively works with the Magento community to help us identify weaknesses. Magento Enterprise Edition 1.13.1.0 addresses several important issues identified through this process and helps to further harden the platform against potential threats. More information on these security updates and the community members who helped us find them is available in the release notes.
 
image Updated Magento Secure Payment Bridge
You may have missed the recent news that an updated version of Magento Secure Payment Bridge is now available for Magento Enterprise Edition 1.13.x releases. It has successfully completed PA-DSS certification and includes several feature improvements. We encourage everyone using Magento Enterprise Edition 1.13.x to upgrade to this latest version.
 
image Get Started
With its combination of performance, scalability, product quality, and security, Magento Enterprise Edition 1.13.1.0 is the perfect solution if you are using an earlier version of Magento or if you are new-to-Magento and looking for a flexible, enterprise-class ecommerce solution for fast-growing and large businesses.
 

You can get all the details about Magento Enterprise Edition 1.13.1.0 here.

Ready to learn more about Magento? Contact us and we’ll help you get started.

If you are already a Magento Enterprise customer, you can immediately access the new Magento Enterprise Edition 1.13.1.0 release in the My Account section of the Magento website.

Magento Secure Payment Bridge for Magento Enterprise Edition 1.13 Now Available

A new version of Magento Secure Payment Bridge, intended for merchants using Magento Enterprise Edition 1.13.0.2, is now available for download from the Support Portal*.

Like previous versions, Magento Secure Payment Bridge has successfully completed PA-DSS certification by our Qualified Security Assessor, Trustwave, and it is listed as a Validated Payment Application on the PCI Standards Council Website. This certification helps you save time and money when it comes to complying with PCI standards.

Magento Secure Payment Bridge also addresses several issues and offers new features that enable more efficient payment processing. With this update you can:

  • Process partial refunds and invoices for orders that were placed using PayPal Payflow Pro.
  • Approve and deny transactions marked as potentially fraudulent by PayPal Payment Pro directly from the Magento admin.
  • Access basic fraud management features for Authorize.Net from the Magento admin, such as fetching a transaction status.
  • Take advantage of additional features from supported payment gateways, including Worldpay, Payone.de, Ogone DirectLink, SagePay, and eWay.

We recommend upgrading to this new version of Magento Secure Payment Bridge if you are currently using Magento Enterprise Edition 1.13.0.2. If you are planning to upgrade to Magento Enterprise Edition 1.13.0.2, you should upgrade your version of Magento Secure Payment Bridge at the same time.

More information about Magento Secure Payment Bridge and PCI compliance is available on the Magento web site and release notes are part of the Magento Secure Payment Bridge software package.

*Login required to download.

image

Magento Community Edition Alert: Important Patch for USPS API

Patch Needed to Address USPS Shipping Option Name Changes

On Sunday, July 28, the United States Postal Service rolled out changes to their API that impact Priority and Express mail shipping options. USPS is changing the name of these two shipping methods and their Webtools API was updated to match those changes.

To continue utilizing USPS Priority AND Express mail methods, merchants on Magento solutions must install the patches we’ve created to address the issue, and we have included patches for all versions of Magento Community Edition and installation instructions in this post.

For more information, download the official statement from USPS.

Click here for Magento Enterprise Edition patches.

Patch Installation Instructions

Please upload the patch into your Magento root directory and run the appropriate SSH command:

For patch files with the file extension .sh:

sh patch_file_name.sh

Example: sh PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh

For patch files with the file extension .patch:

patch –p0 < patch_file_name.patch

Once that is done, refresh the cache in the Admin under "System > Cache Management" so that the changes will be reflected. We highly recommend you test this patch in a test environment before taking it live.

Patches for Magento Community Edition

Versions before 1.7 require applying an upgrade of shipping methods patch first (if you have not already installed it). Please use the table below to find and download the correct patches for your version.

Target Magento Release Upgrade of Shipping Methods Patch (if not previously applied) USPS API Upgrade Patch
Magento Community Edition 1.7.x Not Required PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.6.2.0 MAGEBP-706_CE_1.6.2.0_v4.patch PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.6.1.0 MAGEBP-706_CE_1.6.1.0_v4.patch PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.6.0.0 MAGEBP-706_CE_1.6.0.0_v4.patch PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.5.1.0 MAGEBP-706_CE_1.5.1.0_v4.patch PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.5.0.1 MAGEBP-706_CE_1.5.0.1_v4.patch PATCH_SUPEE-1868_CE_1.7.0.2_v1.sh
Magento Community Edition 1.4.x MAGEBP-706_CE_1.4.2.0_v4.patch PATCH_SUPEE-1868_CE_1.4.2.0_v1.sh

Please note that the Shipping Methods patch contains several other improvements to the shipping methods. Please make sure to backup the system before applying, test extensively and make sure your custom extensions and third-party modules still work after this change.

Introducing Magento Enterprise Edition 1.13

image

We’re excited to announce that the newest version of Magento Enterprise Edition– version 1.13 – is now available.

There are thousands of merchants doing many different and innovative things on Magento Enterprise - from revolutionizing how customers buy eyewear to building mobile salesforce automation applications for a global sales team. But there is one thing that Magento Enterprise merchants are ALL doing….GROWING!

As our merchants grow, we need to ensure that Magento continues to grow with them. That’s why we’re excited to announce Magento Enterprise 1.13, the most powerful and scalable version of Magento ever.

Key performance and scalability enhancements of Magento 1.13:


image

Optimized Indexing

We’ve optimized the Magento Enterprise indexing process to enable significantly faster indexing with limited to no impact to the customer’s shopping experience. This will make it easier for you to add and update products more frequently while ensuring your URLs, promotions, navigational menus and product search tools are always completely up to date, while never slowing down the performance of your online store.

The introduction of incremental indexing reduces the need to perform a full re-index and most indexing operations are now automated - saving you and your staff time and energy to focus on revenue-generating activities.
 
image

Improved Caching

The full page caching capabilities in Magento Enterprise help ensure that high volume pages load quickly. We’ve improved our caching to enable even greater performance by invalidating only relevant pages making it easier to cache content without affecting site performance for your customers. Improved caching performance also drastically reduces server load enabling your to store to support even larger traffic volumes while conducting back end operations.
 
image

Speedier Checkout Flow

1.13 showcases tremendous improvements in further speeding up the checkout process by reducing page load times for browsing and placing orders. Faster checkout can significantly improve your customers’ shopping experience and customer satisfaction.
 
image

Enhanced Tax Calculations Algorithms

This latest version of Magento Enterprise Edition improves tax calculation algorithms eliminating potential rounding offsets that can be displayed on buyer facing screens. This release also provides additional support for Canadian tax requirements.
 
image

Functional Improvements

We’ve also made approximately 350 functional improvements in key areas including in the web store and shopping cart, admin order creation, import and export functionality, web API components and payment methods.

When it comes to Magento’s ability to scale, Enterprise Edition 1.13 is the most dramatic step forward in this history of our platform, and we’re confident 1.13 will support you through your next level of success in whatever innovative way you utilize Magento.

You can get all the details about Magento Enterprise Edition 1.13 here

Ready to take your business to the next level? Contact us and we’ll help you get started.

If you’re already a Magento Enterprise customer, you can immediately access the new 1.13 release in the My Account section of the Magento website.

We hope you enjoy these new capabilities and we look forward to helping you achieve even greater eCommerce success.

Update: Zend Framework Vulnerability Security Update

As some questions have come up, we wanted to provide some clarification to the blog post “Important Security Update – Zend Platform Vulnerability” posted of July, 5, 2012.

As outlined in that post, all Magento merchants on a deployed platform are strongly recommended to protect themselves from the Zend Framework vulnerability.

We have added further instructions on how to protect your business. Please apply the solution below that corresponds to your version of Magento.


Magento Enterprise Edition


  • As best practice, we recommend that all Enterprise Edition merchants upgrade if possible to the latest release (v1.12.0.2) to take advantage of the latest fixes and features.
  • Depending on your platform version, please find the appropriate solution for you:
YOUR CURRENT VERSION RECOMMENDED SOLUTION
EE 1.12.0.0+ Upgrade to the latest release (Navigate to Downloads > Magento Enterprise Edition > Release - account log-in is required)
EE 1.8.0.0 – 1.11.X.X Apply the Zend Security Upgrades patch (Navigate to Downloads > Magento Enterprise Edition > Patches & Support - account log-in is required)
Versions prior to EE 1.8.0.0 Implement the workaround (instructions below)

Magento Professional Edition


  • All versions of Professional Edition, please apply the Zend Security Upgrades patch (Navigate to Downloads > Magento Professional Edition > Patches & Support - account log-in is required)

Magento Community Edition


  • As a best practice, we recommend that all Community Edition merchants upgrade if possible to the latest release (v1.7.0.2) to take advantage of the latest fixes and features.
  • Depending on your platform version, please find the appropriate solution:
YOUR CURRENT VERSION RECOMMENDED SOLUTION
CE 1.7.0.0+ Upgrade to the latest release
CE 1.5.0.0 – 1.6.X.X Apply this patch
CE 1.4.2.0 Apply this patch
CE 1.4.0.0 – 1.4.1.1 Apply this patch
Versions prior to CE 1.4.0.0 Implement the workaround (instructions below)

Magento Go


Magento Go customers will not need to make any updates. All fixes will be applied automatically on the backend.



Instructions on Applying the Patch

  • 1. Go to the root of your Magento root directory: cd /home/mystore/public_html
  • 2. wget –O patch_name.patch
  • 3. Download the patch from the provided link appropriate for your version (this line allows you to do it from the Unix command prompt)
  • 4. Apply the patch: patch -p0 < patch_name.patch

*Note that if you are running more than one web server, the patch will need to be applied to all the servers.

Workaround

If an upgrade cannot be performed or the patch cannot be applied immediately, the following instructions can be followed to temporarily disable the RPC functionality that contains the vulnerability.

Please note that this workaround can only be applied to versions of CE 1.4 and below and EE 1.8 and below.

Also, please be advised that any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.

  • 1. On the Magento web server, navigate to the www-root where Magento app files are stored.
  • 2. In the wwwroot, navigate to /app/code/core/Mage/Api/controllers.
  • 3. Open XmlrpcController.php for editing.
  • 4. Comment out or delete the body of the method: public indexAction()
  • 5. Save the changes.

Technical Clarification

As some of our experienced community members have discovered, the development fix in CE 1.7.0.2 and EE 1.12.0.2 differ from the fix provided in the patches. In the latest releases, we decided not modify the Zend library directly, but override vulnerable methods within Magento Code by adding two new classes:

  • app/code/core/Zend/XmlRpc/Response.php
  • app/code/core/Zend/XmlRpc/Request.php

We did this in order to keep coherency of the underlying Zend Framework version 1.11.1 for Magento 1.X. We are planning to upgrade the Zend Framework in Magento in the upcoming releases.

Important Security Update – Zend Platform Vulnerability

We have recently learned of a serious vulnerability in the Zend Framework on which Magento is built. This note provides information on how customers can access and install a patch that addresses this issue.

The Issue

The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.

Solution

We recommend that all Magento implementations install the latest patch appropriate for your platform:

  • Magento Enterprise Edition and Professional Edition merchants:
  • You may access the Zend Security Upgrade patch from Patches & Support for your product in the Downloads section of your Magento account. Account log-in is required.
  • Download

Workaround

If the patch cannot be applied immediately, the following instructions can be followed to temporarily disable the RPC functionality that contains the vulnerability. Please be advised, any integrations that rely on the XMLRPC API functionality will no longer work after this workaround is implemented.

  • 1. On the Magento web server, navigate to the www-root where Magento app files are stored.
  • 2. In the wwwroot, navigate to /app/code/core/Mage/Api/controllers.
  • 3. Open XmlrpcController.php for editing.
  • 4. Comment out or delete the body of the method: public indexAction()
  • 5. Save the changes.

Additional Notes

Users with existing IDS capability may monitor the RPC interface to watch for attacks. As always, we recommend maintaining an up-to-date installation of the Magento platform as the best way stay secure.

The latest releases of Magento (Community Edition 1.7.0.2 and Enterprise Edition 1.12.0.2) incorporate the appropriate patches. please use correct versions of releases 1.7.0.2 and 1.12.0.2 .

Magento Community Edition 1.7.0.1 Released!

We have just released an updated version of Magento Community Edition, version 1.7.0.1. This update delivers new, minor functionality and fixes for some potential security vulnerabilities.

Major highlights and improvements include:

  • Improved backend configuration UI for PayPal payment solutions
  • Added functionality for creating nested field sets in the System configuration
  • Implemented support for the extended and shared configuration fields
  • Added the ability to define dependencies between fields from different field sets
  • Fixed some potential security vulnerabilities

Check out our full list of features and fixed issues on our release notes page. Or take the software for a test drive and see how it works first hand. Diff files are available here. If you find any issues, be sure to report them in the bugtracker.

image
Page 1 of 19

RSS: All Blog Posts

Get New Posts by Email


Delivered by FeedBurner