Magento 2.1.18 is the final 2.1.x release. After June 2019, Magento 2.1.x will no longer receive security patches, quality fixes, or documentation updates.
To maintain your site's performance, security, and PCI compliance, upgrade to the latest version of Magento.

Magento Open Source 2.1.15 Release Notes

Patch code and release notes were published on September 18, 2018.

We are pleased to present Magento Open Source 2.1.15. This release includes multiple enhancements to product security plus bug fixes and enhancements. Check out the many community-contributed fixes!

Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

See Magento Security Center for a comprehensive discussion of these issues. All exploitable security issues fixed in this release (2.1.15) have been ported to 2.2.6, 1.14.3.10, and 1.9.3.10, as appropriate.

Highlights

Magento 2.1.15 contains 25 security fixes and enhancements. See Magento Security Center for more information.

Fixed issues

In addition to security enhancements, this release contains the following functional fixes.

Installation, configuration, and deployment

  • The Module Manager now correctly displays the list of modules (System > Tools > Web Setup Wizard > Module Manager). Previously, Magento threw an error when you tried to display the module list. Fix submitted by Vijay Golani in pull request 15756. GitHub-15192
  • Banners are now visible only when their associated rules are applied.

Catalog

  • The Magento\Catalog\Model\ResourceModel\Category\Collection::joinUrlRewrite method now uses the storeId value set on the actual collection of the store rather than the storeId retrieved from the store manager. Fix submitted by Alessandro Pagnin in pull request 13756. GitHub-13704
  • Magento now uses data-container="product-list" instead of data-container="product-grid" when displaying a product list. Fix submitted by Viral Vasara in pull request 15816. GitHub-15319
  • Magento has improved the accuracy of prices requiring more than two digits that are listed on the Product page. Previously, when a product price was represented by more than two digits (for example, $5.43), JavaScript settings always used the rounding logic for two digits only. (For example, the amount 9.4880 was displayed as 9.49.) Fix submitted by Dmytro Cheshun in pull request 15926. GitHub-14249

Cart and checkout

  • The minicart now displays product names that contain special characters. Fix submitted by ampulos in pull request 14665. GitHub-13652

CMS content

  • You can now successfully upload logo images in Internet Explorer. Previously, Magento did not upload the image, but instead displayed this error: Object doesn't support property or method 'set'.
  • CSS minification is now compatible with CSS3 calc() function. GitHub-8552

Customer

  • Magento now preserves the user group ID when using /V1/customers/:customerId (PUT). Previously, Magento set the customer group ID to 1 when you called /V1/customers/:customerId (PUT) and the customer had an assigned group ID. Fix submitted by André Ferraz in pull request 14757. GitHub-14663

Directory

  • Magento now supports Canadian Postal codes without spaces as expected. Fix submitted by Hitesh in pull request 16031. GitHub-13899

Email

  • Administrators can now add a parameter to app/etc/env.php: user_admin_email. This parameter ensures that when a new administrator account is created, Magento sends an email to default store’s email and, if present, to an email address defined in user_admin_email.

Framework

  • Magento now leaves at least one record after cleaning up the changelog tables after restarting MySQL. Previously, the product version_id lost the most recent auro_increment value after restarting MySQL. Fix submitted by Oleksandr Kravchuk in pull request 14471. GitHub-14465
  • Magento now displays custom price symbols as expected. Previously, when a merchant created variations of a configurable product, product prices were not readable if they contained a custom price symbol. Fix submitted by Yaroslav Rogoza in pull request 14471. GitHub-14902

General

  • The product video feature is now GDPR-compliant.
  • Magento now checks that a product is assigned to a specific website in a multistore environment before a customer can write a product review. Previously, a customer could write a review for a product that was not assigned to the store they were logged in to. Fix submitted by afirlejczyk in pull request 14673.
  • The transport event parameter has been changed from type Array() to type DataObject. This is a reversion of a change that was made in an earlier release. Fix submitted by gwharton in pull request 16601. GitHub-10210
  • Merchants can now place an order for a grouped product where the quantity of subproducts is less than one unit. Fix submitted by Yaroslav Rogoza in pull request 15407. GitHub-14692
  • Magento now sets the trigger_recollect attribute back to 0 after collecting total amounts for the quote. Previously, Magento timed out if a customer tried to reload a quote. Fix submitted by Yaroslav Rogoza in pull request 15522. GitHub-9580
  • Magento no longer recalculates prices unnecessarily when refreshing the Catalog page, which has improved product performance. Fix submitted by Jeroen Van Leusden in pull request 15445. GitHub-14941
  • The annotation for the formatDateTime function in the lib/internal/Magento/Framework/Stdlib/DateTime/TimezoneInterface.php file has been corrected. The locale and timezone have been changed to param string|null $locale and @param string|null $timezone. Fix submitted by Vishal Gelani in pull request 15668. GitHub-15668
  • The annotation for the formatDateTime function in the lib/internal/Magento/Framework/Stdlib/DateTime/TimezoneInterface.php file has been corrected. The locale and timezone have been changed to param string|null $locale and @param string|null $timezone. Fix submitted by Vishal Gelani in pull request 15669. GitHub-15601
  • We’ve refactored the JavaScript code in the split.phtml template file for the button widget. Fix submitted by Vijay Golani in pull request 15736. GitHub-15354
  • The misspelling of setCategoryIds has been corrected throughout the code base. Fix submitted by Viral Vasara in pull request 15814.
  • Customers can now successfully download and export PDFs after logging in. Previously, customers were redirected to the Admin when trying to download or export data to a PDF right after logging in. Fix submitted by Sanjay Patel in pull request 15767. GitHub-15510
  • select elements now display with the styles you set in _theme.less as expected. Fix submitted by Hitesh in pull request 15796. GitHub-15608
  • Client-side email validation now works in Internet Explorer 11.x the same way as it does in Chrome. Previously, a leading or trailing space on the following pages resulted in client-side validation failure in Magento stores deployed on Internet Explorer 11.x. Fix submitted by Piyush Dankhara in pull requests 15874 and 16297. GitHub-6058

    • Customer Account Login page email field

    • Customer Account create page

    • Customer Authentication popup when the Allow Guest Checkout is set to No

  • .limiter now has the same parent selectors (similar to .pages) to prevent clashes between styles and layouts. Previously, .limiter was too generic and was used as single selector for floating the element. Fix submitted by Hitesh in pull request 15880. GitHub-15323
  • Changing the @tab-content__border variable now affects on the tabs content border as expected. Fix submitted by Hitesh in pull request 15917. GitHub-14999
  • The Multiple Payment Methods Enabled setting now works as expected. Previously, Magento threw this error when this setting was enabled: Found 3 Elements with non-unique Id. Fix submitted by Viral Vasara in pull request 15834. GitHub-15348
  • Primary buttons now have new LESS variables that permit you to change font-weight, font-size, and font-family without changing default button attributes. Fix submitted by Chirag Matholiya in pull request 16037. GitHub-15832
  • We’ve added a space between the category page and the main footer on pages using a single column layout. Fix submitted by Sanjay Patel in pull request 15727 GitHub-12601
  • Customers can now successfully log in after resetting their password. Previously, Magento displayed this error “You did not sign in correctly or your account is temporarily disabled” even though the new password hash had been updated in the customer entity. Fix submitted by Vishal Gelani in pull request 16255. GitHub-15255
  • The JavaScript code in the app/code/Magento/Tax/view/adminhtml/templates/class/page/edit.phtml file has been refactored to meet Magento coding standards. Fix submitted by Vishal Gelani in pull request 16270. GitHub-15352
  • Magento now correctly aligns page elements on the home page and category page of the Hot Seller section. Fix submitted by Chirag Matholiya in pull request 16287. GitHub-15213
  • Users assigned a Restricted User role no longer receive the message Something went wrong when viewing orders.
  • Magento no longer unnecessarily displays this warning when a customer opens a product page: The property price is not valid. GitHub-7173

Infrastructure

  • The Layout.eventManager now correctly dispatches the layout_render_before events before Magento renders the current layout.

JavaScript

  • The Shipping and Estimate Tax page now correctly displays country, city, and postal code fields. Fix submitted by Vishal Gelani in pull request 16491. GitHub-8222

Newsletter

  • Magento now displays the newsletter subscription confirmation message as expected after a customer clicks the confirmation link in the subscription confirmation email. Fix submitted by Rahul Kachhadiya in pull request 15860. GitHub-14747

Quote

  • Magento no longer throws an error when trying to load the quote item collection using the Magento\Quote\Model\ResourceModel\QuoteItem\Collection::getItems() method. Fix submitted by Neeta Kangiya in pull request 15829.

Sales

  • Magento now supports GNU free fonts in invoice and shipment PDFs. Previously, PDFs containing Arabic, Russian, Greek, Indian, or Thai alphabets did not correctly render those characters. Fix submitted by Ross in pull request 15829. GitHub-9666, GitHub-12323
  • An exported invoice’s CSV file now contains information specific to the selected invoice only. Previously, when you selected Invoices > Export > CSV, and opened the CSV file, the exported file contained information from more than the selected invoice. Fix submitted by Yaroslav Rogoza in pull request 14903.

Sitemap

Swagger

  • The REST API schema is now compatible with search criteria. The searchCriteria parameters builder now contains a zero index to the array signifier, which supports generation of the correct response when a user tests a method with search criteria parameters in Swagger. Fix submitted by Vishal Gelani in pull request 15945. GitHub-11477

Translations

Community contributions

We are grateful to the wider Magento community and would like to acknowledge their contributions to this release.

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the community member who contributed the pull request, the external pull request, and the GitHub issue number associated with the pull request (if available).

Contributing community member Pull Requests Related GitHub Issues
ampulos #14665 13652
afirlejczyk #14673 13010
ihor-sviziev #14680  
swnsma #14471 14465
rossmc #14711 9666, 12323
Karlasa #14736  
Karlasa #14738  
navarr #14770  
sidolov #14791  
sidolov #14845  
rogyar #14894  
rogyar #14901  
rogyar #14899  
rogyar #14911  
rogyar #14902 12430
rogyar #14903 12714
rogyar #14922  
rogyar #14940  
ferrazzuk #14757 14663
rogyar #15025  
rogyar #15093  
sergiy-v #15099  
sergiy-v #15105  
sergiy-v #15108  
sergiy-v #15109  
rogyar #15066  
sergiy-v #15102  
sergiy-v #15106  
rogyar #15138  
dmytro-ch #15146  
rogyar #15091  
sergiy-v #15101  
sergiy-v #15104  
rogyar #15094  
sergiy-v #15103  
kaushik-chavda #15169  
rogyar #15183  
dmytro-ch #15184  
rogyar #15157  
hostep #15176  
dverkade #15203  
yuriyDne #15240  
rogyar #15221  
rogyar #15222  
rogyar #15159 5768
VitaliyBoyko #15235  
VitaliyBoyko #15237  
VitaliyBoyko #15233  
VitaliyBoyko #15234  
VitaliyBoyko #15238  
gwharton #15038 10210
dmytro-ch #15298  
rogyar #15324  
dmytro-ch #15299  
VitaliyBoyko #15375  
VitaliyBoyko #15363  
VitaliyBoyko #15385  
VitaliyBoyko #15380  
VitaliyBoyko #15377  
dmytro-ch #15394  
dmytro-ch #15396  
rogyar #15309  
VitaliyBoyko #15412  
IgorVitol #15392  
rogyar #15318  
rogyar #15407 14692
rogyar #15436  
Yogeshks #15444  
mzeis #15465  
alepane21 #13756 13704
VitaliyBoyko #15548  
JeroenVanLeusden #15445 14941
rogyar #15522 9580
rogyar #15563  
dmytro-ch #15619 13992
dmytro-ch #15616  
vgelani #15648  
vgelani #15668 15601
gelanivishal #15657  
gelanivishal #15669 15601
dmytro-ch #15700  
dmytro-ch #15702  
dmytro-ch #15708  
dmytro-ch #15710  
dmytro-ch #15711  
dmytro-ch #15714 7897
dverkade #15716  
rogyar #15719  
gelanivishal #15724  
vijay-wagento #15736 15354
gelanivishal #15725  
vijay-wagento #15739  
chirag-wagento #15805  
DanielRuf #15810  
rogyar #15573  
dmytro-ch #15693  
vijay-wagento #15756 15192
viral-wagento #15814 15590
viral-wagento #15816 15319
rahul-kachhadiya #15817  
sanjay-wagento #15767 15510
hitesh-wagento #15796 15608
rogyar #15776  
viral-wagento #15801  
chirag-wagento #15797  
chirag-wagento #15841  
rogyar #15855  
VitaliyBoyko #15290  
dmytro-ch #15866  
rahul-kachhadiya #15887  
DanielRuf #15920  
dmytro-ch #15924  
dmytro-ch #15925  
dmytro-ch #15926 14249
dmytro-ch #15927 14089
rogyar #15933  
vgelani #15945 11477
vgelani #15943  
saurabh-parekh #15949  
vgelani #15643  
dankhrapiyush #15874 6058
hitesh-wagento #15880 15323
chirag-wagento #15915  
hitesh-wagento #15917 14999
dmytro-ch #16026  
rogyar #16024  
hitesh-wagento #16031 13899
chirag-wagento #16043  
neeta-wagento #15829 8954
viral-wagento #15834 15348
rahul-kachhadiya #15862  
rogyar #16067  
vgelani #16081  
chirag-wagento #16037 15832
hitesh-wagento #16102  
lfluvisotto #16130  
hitesh-wagento #16111  
chirag-wagento #16039  
rogyar #16162  
rahul-kachhadiya #15863  
VitaliyBoyko #15236  
VitaliyBoyko #15287  
VitaliyBoyko #15289  
tdgroot #15722  
dmytro-ch #15699  
sanjay-wagento #15821  
rahul-kachhadiya #15860 14747
sanjay-wagento #15727 12601
tejash-wagento #16226  
vgelani #16255 15255
vgelani #16294  
gelanivishal #16270 15352
chirag-wagento #16264 13415
vgelani #16281 13793
dankhrapiyush #16297 6058
NamrataChangani #16319  
vgelani #16325  
chirag-wagento #16287 15213
rogyar #16347  
lfluvisotto #16359  
lfluvisotto #16366  
vasilii-b #16280 7379
gelanivishal #16352  
rogyar #16403  
gelanivishal #16467  
gelanivishal #16475  
Karlasa #16229 16079
eduard13 #16392  
gelanivishal #16491 8222
gelanivishal #16547  
mageprince #16577  
mageprince #16586  
gelanivishal #16493  
gwharton #16601 10210
sanganinamrata #16634  
lfluvisotto #16643  
mageprince #16665 7399
mageprince #16667  
mageprince #16671  
mageprince #16585 15940
ronak2ram #16632  
sanganinamrata #16720 12081
Karlasa #16735  
gelanivishal #16731  
aschrammel #16550  
mageprince #16759  
mageprince #16760  
simpleadm #14380 14351
hitesh-wagento #16526 16378
gelanivishal #16761 15355
Karlasa #16755  
ronak2ram #16825  
mage2pratik #16836  
gelanivishal #16832  
gelanivishal #16842  
Karlasa #16839 16764
ronak2ram #16846  
sanganinamrata #16770  
quisse #16802  
ronak2ram #16828  
mage2pratik #16835  
hitesh-wagento #16797 15848
lfluvisotto #16364  
mage2pratik #16811 13692
ronak2ram #16830  
rogyar #16877  
gelanivishal #16801 16184
mage2pratik #16812 15467
ronak2ram #16917 5316
eduard13 #16923  
mage2pratik #16920 16174
ihor-sviziev #16945 12860
ronak2ram #16948 2956
gelanivishal #16986 6058
mageprince #17003  
ronak2ram #17018  
chirag-wagento #17015  
novikor #16702 15935
dasharath-wagento #17022 12320
Karlasa #17057  
mageprince #17084  
mageprince #17086 13988
mageprince #17085  
gelanivishal #16809  
chirag-wagento #17029  
mageprince #17088 13006
mageprince #17089  
mageprince #17092 13595
gelanivishal #17111 16529
mageprince #17087 13769
mage2pratik #17105  
mage2pratik #17139  
chirag-wagento #16992 15356
mageprince #17090  
gelanivishal #17159  
gelanivishal #17160  
mage2pratik #17136  
gelanivishal #17157  
tiagosampaio #17237  
tiagosampaio #17239  
mage2pratik #16898  
gelanivishal #17182  
mage2pratik #17260  
mageprince #17241 11512
mageprince #17242  
TomashKhamlai #17155  
mage2pratik #17200  
gelanivishal #17224  
mageprince #17243 11140
mage2pratik #17247  
mage2pratik #17202  
mage2pratik #17216  
mage2pratik #17218  
mageprince #17211  
mageprince #17212 11540
mageprince #17213 9919
gelanivishal #17223 14593
tiagosampaio #17240 14476
mage2pratik #17172  
gelanivishal #17192 16243
gelanivishal #17253  
ronak2ram #16619  
gelanivishal #16911  
mage2pratik #17179  
DanielRuf #17335  
gelanivishal #17108  
gelanivishal #17379 15308
ankurvr #15677 15660
mageprince #17091 13768

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request, and the GitHub issue number associated with it (if available).

Contributing Partner Pull Request Related GitHub issue
Convert 14380 14351
Divante 14665, 14673 13652, 13010
H&O 15445 14941
ISM eCompany 14471, 16702 14465, 15935
Atwix 14894, 14901, 14899, 14911, 14902, 14903, 14922, 14940, 15025, 15093, 15099, 15105, 15108, 15109, 15066, 15102, 15106, 15138, 15146, 15091, 15101, 15104, 15094, 15103, 15183, 15184, 15157, 15240, 15221, 15222, 15159, 15235, 15237, 15233, 15234, 15238, 15298, 15299, 15324, 15363, 15375, 15377, 15380, 15385, 15394, 15396, 15309, 15412, 15318, 15407, 15436, 15548, 15522, 15563, 15619, 15616, 15700, 15702, 15708, 15710, 15711, 15714, 15719, 15573, 15693, 15776, 15855, 15290, 15866, 15924, 15926, 15925, 15927, 15933, 16024, 16026, 16067, 16162, 15236, 15287, 15289, 15699, 16347, 16280, 16403, 16392, 16877, 16923 12714, 5768, 14692, 9580, 13992, 7897, 14249,14089, 7379
Krish Technologies 16577, 16586, 16665, 16667, 16671, 16585, 16632, 16759, 16760, 16825, 16836, 16846, 16828, 16835, 16811, 16830, 16812, 16917, 16920, 16948, 17003, 17018, 17084, 17085, 17086, 17088, 17089, 17092, 17087, 17105, 17139. 17090, 17136, 16898, 17260, 17241, 17242, 17200, 17243, 17247, 17202, 17216, 17218, 17211, 17212, 17213, 17172, 16619, 17179, 17091 7399, 15940, 13692, 15467, 5316, 16174, 2956, 13988 13006, 13595,13769, 11512, 11140, 11540, 9919, 13768
Wagento 15736, 15739, 15805, 17091, 15756, 15816, 15814, 15814, 15816, 15767, 15796, 15797, 15801, 15841, 15880, 15915, 15917, 16031, 16043, 15829, 15834, 16037, 16102, 16111, 16039, 15821, 15727, 16226, 16264, 16287, 16526, 16797, 17015, 17022, 17029, 16992 15354, 15192, 15319, 15590, 15510, 15608, 15323, 14999, 13899, 8954, 15348, 15832, 12601, 13415, 15213, 16378, 15848, 12320, 15356

System requirements

Our technology stack is built on PHP and MySQL. For more information, see System Requirements.

Installation

See How to get the Magento software for comprehensive information about Magento 2.1.x installation and setup.

Migration toolkits

The Magento Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

An updated version of this toolkit is typically available several days after the patch release.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Credits

Dear community members, thank you for your suggestions, bug reports, and code contributions.

Updated