Magento Commerce 2.1.18 Release Notes
Patch code and release notes published on June 25, 2019.
The Magento Commerce 2.1.18 software release marks the final supported software release for Magento Commerce version 2.1.x. As of June 30 2019, Magento Commerce 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired. To maintain the performance and security of your site, we advise you to upgrade to the latest version of Magento Commerce. We encourage you to reach out to your partners, developers, or Magento Customer Success contact for more information on upgrading your site.
We are pleased to present Magento Commerce 2.1.18. This release includes multiple enhancements to product security and several important functional fixes.
Although this release includes these security enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.
See Magento Security Center for a comprehensive discussion of these security issues. All known exploitable security issues fixed in this release (2.1.18) have been ported to 2.3.2, 2.2.9, 1.14.4.2, and 1.9.4.2, as appropriate.
Highlights
- The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for a discussion of using the UPS shipment method. Shipping method configuration settings are described in the Shipping methods.
- Magento now uses the Image-ChartsĀ free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019.
- The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. No additional configuration is needed to deploy this feature.
-
We have modified the required permissions for updating the
design
fieldset of categories, products, and CMS pages:-
Existing roles that have save permission for these entities can save everything.
-
New roles must be granted permission to edit design manually.
-
If you do not have permission to edit the
design
fieldset or use web API endpoints to update a category, Magento does not save your changes and the design properties remain unchanged.
-
Installation
See How to get the Magento software for comprehensive information about Magento 2.1.x installation and setup.
Migration toolkits
The Magento Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.
An updated version of this toolkit is typically available several days after the patch release.
The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.