Magento Open Source 2.0.18 Release Notes

Patch code and release notes were published on February 27, 2018.

We are pleased to present Magento Open Source 2.0.18. This release includes 35 enhancements to product security, a change to the Magento Admin to recent upcoming USPS shipping changes, and a copyright update. See Magento Security Center for more information.

Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

The Magento Open Source 2.0.18 software release marks the final supported software release for Magento Open Source version 2.0.X. Magento Open Source 2.0.X will no longer receive security updates or product quality fixes now that its support window has expired.

To maintain the performance and security of your site, we advise you to upgrade to the latest version of Magento Open Source. We encourage you to reach out to your partners, developers, or Magento Customer Success contact for more information on upgrading your site.

Highlights

Look for the following highlights in this release:

  • Enhancements that help close authenticated Admin user remote code execution, unauthorized data leaks, and cross-site request forgery (CSRF) vulnerabilities. See Magento Security Center for more information.

  • Change to Magento Admin to support upcoming USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied. If you require USPS postage printing capabilities, please visit Magento Shipping to learn more, and explore various shipping extensions on Magento Marketplace.

  • Updated copyright for 2018.

System requirements

Our technology stack is built on PHP and MySQL. For more information, see System Requirements.

Install the Magento software

See one of the following sections:

Get the Magento Open Source software using Composer

This software is available from repo.magento.com. Before installing the Open Source software using Composer, familiarize yourself with the Composer metapackage prerequisites, then run

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=<version> <installation directory name>

where <version> matches the version you want (for example, 2.0.10)

For example, to install Magento Open Source 2.0.10 in the magento2 directory:

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.0.10 magento2

Get Magento Open Source using a compressed archive

The following table discusses where to get the Magento software. We provide the following downloads:

  • Magento Open Source software only
  • Magento Open Source software with sample data (designed to help you learn Magento faster)

These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.

Archives are available in the following formats: .zip, .tar.bz2, .tar.gz

To get the Magento Open Source software archive:

  1. Go to http://magento.com/download.
  2. Choose either the software or the software and sample data:

    • Magento-CE-<version>.* (without sample data)
    • Magento-CE-<version>+Samples.* (with sample data)

    <version> is the three-digit release number (for example, 2.0.7, 2.1.0, and so on).

Complete the installation

After you get the Open Source software:

  1. Set file system ownership and permissions.
  2. Install the Magento software:

Upgrade from an earlier version

To upgrade to version 2.0.x from an earlier version:

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

An updated version of this toolkit is typically available several days after the patch release.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Credits

Dear community members, thank you for your suggestions and bug reports.