Magento Commerce 2.2.5 Release Notes

Patch code and release notes published on July 1, 2018.

We are pleased to present Magento Commerce 2.2.5. This release includes multiple enhancements to product security plus bug fixes and enhancements. Check out the over 150 community-contributed fixes!

Although this release includes these security enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

See Magento Security Center for a comprehensive discussion of these issues.

Highlights

Look for the following highlights in this release:

  • Enhancements that help close stored XSS, SQL injection, and cross-site request forgery (CSRF) vulnerabilities. See Magento Security Center for more information.

  • Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered. Fix submitted by Francesco Marangi in pull request 15929.

  • Substantial improvements to indexing performance.

  • Over 150 community contributions.

  • Improvements to our core bundled extensions.

Looking for more information on these new features as well as many others? Check out Magento 2.2.x Developer Documentation and the Magento Commerce User Guide.

Core code highlights

This release includes significant performance improvements to the core Magento code:

  • Merchants can now run the catalog search full text indexer and category product indexer in parallel mode by store view, which can significantly decrease indexer:reindex execution time when running Magento with multiple store views and shared catalogs.

  • Refactoring of the catalog full text indexer has improved indexing performance up to 15% for very large profiles (600,000 products) and product catalogs with many configurable options (5,000 configurable products and 500 options).

  • Improving the behavior of swatch product attributes has improved search result page performance up to 31% for catalogs with many configurable product options (for example, 5,000 configurable products and 500 options).

Community contribution highlights

Highlights of community contributions include fixes that improve checkout flow and the sorting of simple products:

  • Customers can now create an account from the Order Confirmation page. Previously, a customer could not populate the required fields to create an account from this page, and Magento displayed an error.

  • Magento now correctly applies coupon codes that exclude bundle products. Previously, Magento applied these coupons but did not exclude bundle products as expected.

  • When sorting simple products, which catalog promo price rule is applied for, these products are sorted by a regular price instead disregarding the applied promo price.

  • When sorting simple products with a required custom option, which catalog promo price rule is applied for, these products are sorted by a regular price instead disregarding the applied promo price.

Highlights (Magento Shipping)

This release of Magento Shipping adds the following new capabilities:

• With core returns, merchants can select carriers to use for returns and send a return label along with forward fulfillment.

• Batch processing increases automation and merchant efficiency by making it easier to process a large volume of shipments in batches.

• Collection points provide the ability for customers to designate a drop point rather than residence for delivery by carrier.

This release of Magento Shipping also includes additional minor enhancements, such as pagination to improve the Admin experience and multiversion API.

Fixes

In addition to security enhancements, this release contains the following functional fixes.

Installation, setup, and deployment

  • Magento no longer permits you to re-run an already running cron job. Fix submitted by Paavo Pokkinen in pull request 12497. GitHub-10650

Bundle products

  • You can now successfully delete an option from a bundle product.
  • Magento now correctly applies coupon codes that exclude bundle products. Previously, Magento applied these coupons but did not exclude bundle products as expected.

Catalog

  • Merchants can now run the catalog search full text indexer and category product indexer in parallel mode by store view.
  • The Category\Collection::joinUrlRewrite method now returns the URL of the store whose storeId is set on the collection. Previously, this method returned the name of the default store. Fix submitted by Alessandro Pagnin in pull request 13716. GitHub-13704
  • Sorting products by price now applies catalog rules as expected.
  • Sorting products with required custom options by price now works as expected.
  • Tier pricing for a single product unit now works as expected. If a tier price is set for one product unit, and this price is lower than the product price or special price, then the product price index table is populated with the tier price.
  • Magento now successfully saves products when using a locale that formats dates in this way: DD/MM/YYYY. Previously, when you tried to save a product in a locale where dates are formatted this way, Magento did not save the product, and displayed this error: Invalid input datetime format. GitHub-10485
  • When you import new products using CSV, Magento no longer lists as in stock any products whose CSV values indicate that they should be represented as out-of-stock.

CMS content

  • When working in the media gallery, you can now successfully delete any files and folders that are symlinked in pub/media. Previously, any files or folders that were symlinked inside the pub/media directory could not be deleted because there was a validation check that used realpath to test whether the file was outside the media directory base path. Since realpath resolved symlinks to actual paths, this check would fail if the actual path were outside the base path, and would prevent action from being completed.

Configurable products

  • Magento now displays the correct status for a backordered configurable product on the order view page.
  • Magento now displays the correct image for a configurable product on the wishlist. Previously, Magento displayed the image for the parent product rather than for the selected variant. Fix submitted by Roman K. in pull request 1031. GitHub-8168
  • The Hide from Product Page option now works for the child product of a configurable product.
  • The Update on Save re-index operation now works as expected when re-indexing configurable products after changing options. Previously, when you manually re-indexed from the command line, your changes to configurable product options were not saved.

Frameworks

  • We’ve bumped the required minimal PHP version to 7.0.13.

General

  • The product repository now uses store_id (if set) when saving attributes for an existing product. Previously, Magento always saved attribute values for an existing product at the default store level. Fix submitted by p-bystritsky in pull request 967. GitHub-7720, GitHub-12395, GitHub-12186
  • The placement of Google Tag Manager code now follows the guidelines in the Google Tag Manager Developer Guide. (Previously, the Google Tag Manager code was inserted before the dataLayer variable was defined.)
  • The Related Products rule for up-sell products with customer segments set to Specified now works as expected.

Gift card

  • Magento now displays the correct subtotal when a customer adds multiple gift cards of different amounts to his cart.

Import/export

  • The data check on imported customer information now completes as expected. Previously, when you clicked Check Data on a large CSV file created by System > Data Transfer > Import, the request failed, and Magento displayed the timeout spinner.
  • If you remove a product’s custom options from the CSV file created during product import, Magento no longer displays the custom options on the storefront.

Indexing

  • The search indexer is now scoped and multithreaded, which improves layered navigation, search and indexing actions for complex sites with multiple store views and shared catalogs.

Orders

  • Magento now filters recent orders by store on the customer account page as expected. Fix submitted by Alexander Shkurko in pull request 13257.
  • The performance and logic of Magento\Sales\Helper\Guest has been improved. Fix submitted by Alexander Shkurko in pull request 12893.

Payment methods

  • In multistore environments, Magento now retrieves the correct PayPal Payflow Pro credentials. Previously, Magento always retrieved the credentials that are configured for the default store.

Performance

  • We’ve removed the count() method from the condition section for some loops in a small subset of backend files. When this method is used in a loop condition, it will be executed at every iteration, which can degrade performance. Fix submitted by Alexander Shkurko in pull request 13173.
  • Out-of-stock options for configurable products no longer show up in search and layered navigation results.
  • Magento now caches popular search results for faster response time on popular searches. A system administrator can configure how many top search queries can be cached.

Shipping

You can find Magento Shipping-specific release notes in Magento Shipping Release Notes.

  • Merchants can now choose whether to request and include tax information from UPS in the rate charged to the customer during checkout. (This permits merchants to pass on the tax costs to their customer as part of the overall shipping rate.) Fix submitted by gwharton in pull request 11707.

Staging

  • Magento now correctly renders the dates on a Cart Rule staging update when an administrator uses a locale with a different date and time format. Previously, these dates were corrupted.
  • You can now successfully edit the start date and time for a Catalog Price Rule schedule update. Previously, if you edited this date or time, Magento threw a 404 error when the new start time arrived.

Swagger

  • Swagger now displays the text area that contains the payload structure of all POST and PUT operations.

Swatches

  • You can now use JavaScript mixins to extend swatch functionality in all supported browsers. Fix submitted by Renon Stewart in pull request 12929. GitHub-10559

Testing

  • You can now use REST to update the available_payment_methods company extension attribute. Previously, Magento set to null whatever value you passed to the database company_payment table.
  • The phpunit.xml configuration file is now blacklisted during schema validation static tests (particularly Magento/Test/Integrity/Xml/SchemaTest.php).
  • The \Magento\Test\Php\LiveCodeTest::testCodeStyle method now uses whitelist files. Fix submitted by Adrian Martinez in pull request 11376. GitHub-10559

URL rewrites

  • Magento no longer throws a 404 error when a customer navigates from the Catalog page of the default store to a custom Catalog page on a different store.

Vertex

  • The correct tax amount is now included as expected in the Order Total that is listed under the Order Summary section of the Orders page. Previously, the Tax amount field was missing from the Order Summary section, which resulted in an incorrect Order Total.
  • The including tax and excluding tax fields on the Checkout page now contain correctly calculated prices. Previously, Magento displayed the same price in these fields.
  • Magento now displays the Tax amount field in the Order Summary section of the Checkout page for orders that contain virtual products.
  • Merchants can now create a Vertex invoice refund as expected after an order has been canceled.
  • We’ve improved the performance of the Admin Create Order and Performance Compare Report in Plain Text - Catalog (server side) actions.
  • Magento now prompts you to select order status if a customer does not select an option from the Order Status drop down list when setting the When to send Invoice to Vertex option.
  • The Allow tax quote request at shopping cart page option has been removed from the Vertex Setting tab.
  • Magento now disables Vertex API Status as expected when you set the Enable Vertex Tax Calculation option to no.
  • Magento now displays the green checkmark and Vertex invoice has been sent message as expected when you set an order’s status to Suspected Fraud.
  • Customers no longer receive a notice about negative tax amount after a merchant creates a refund on Vertex Cloud.

Visual Merchandiser

  • We’ve improved the performance of editing or saving products in large categories (more than 18,000 products per category).

Known issues

Merchants are unable to change a store view’s applied theme in Magento 2.2.5. When a merchant tries to change the Applied theme setting for a store view (Content > Design > Configuration), Magento does not change the theme, but instead displays this error: Something went wrong while saving this configuration: Area is already set. See GitHub-14968 for more information. Workaround: Merchants who are running 2.2.5 should apply patch MAGETWO-93036 or upgrade to 2.2.6 when it becomes available.

The Amazon Pay. dotmailer, Magento Shipping, and Vertex extensions have the following known issues:

Amazon Pay known issues

  • Clicking Save Config on the Payment Methods page while configuring your Amazon Pay settings can result in a JavaScript error. Workaround: Refresh the page.
  • Magento throws the following exception during checkout if you disable Amazon Pay when installing Magento using the web wizard: Exception #0 (UnexpectedValueException): Payment model name is not provided in config!. Note that this error occurs only if one or two of the three Amazon modules shipped with Magento are disabled. If all three Amazon modules are disabled, this problem does not occur. GitHub-16167
  • Magento displays the Amazon Pay option during checkout with multiple addresses even though multi shipping is not supported with Amazon Pay.
  • Magento does not display the Amazon Pay button during checkout when the customer selects Klarna or PayPal as a payment method for an order containing a virtual product.
  • Magento does not display the Amazon Pay button on the Checkout page if an order contains a virtual product.
  • Customer cannot return to standard checkout flow by clicking the Return to standard checkout button.
  • Customer cannot leave the Amazon Pay checkout page and return to the generic checkout page when an order contains virtual products.
  • Customers cannot add a new shipping address to an order that contains virtual products.

dotmailer known issues

The following Dotmailer behaviors have been observed when Magento Commerce for B2B is deployed with split databases:

  • Customer, subscriber, and guest data are not being successfully synced. As a result, newly created contacts display the Not imported status in the contact report, and the relevant address books in dotmailer remain empty.
  • Review remainder email cannot be sent to a subscribed customer if review remainder emails are not enabled for non-subscribed customers.
  • Magento cannot send Customer and Guest Abandoned Cart email if these emails are not allowed for non-subscribed contacts.
  • When a merchant clicks the Run Contact Sync button, Magento throws an exception when a merchant clicks the Run Contact Sync button.
  • Magento throws an error during the creation of a subscriber or customer, but still creates the new subscriber or customer.

Magento Shipping known issues

  • A merchant can create multiple return shipments for an already shipped return.

Vertex known issues

  • The order amount on Vertex Cloud differs from the order information displayed by Magento when Catalog Price Rule is applied.
  • Magento applies taxes to a custom price even when the Original Price only option from the Apply Tax On drop-down list has been selected.
  • Magento displays an inaccurate Vertex API Status message when the Vertex Address Validation API Url and Vertex Validation Function fields contain invalid values.
  • The Transaction Details reports and Transaction Summary reports have slight irregularities. Magento does not include product price and taxes in the Transaction Details Report “Gross Amount” and “Tax Amount” columns, and does not include product price in the Transaction Summary Report.
  • The Vertex invoice has been sent message appears momentarily on the Review and Payments page, but not as expected on the Success page.
  • When a customer places an order, Magento calculates the amount of tax and sends a Vertex invoice even when the Company Information tab is missing the company street, company city, and company postal code.
  • Magento does not display the Vertex invoice has been sent message as expected when the payment method is Authorize.net and the order status is Suspect Fraud.
  • Magento does not display the Vertex customer code field on the All Customers page as expected, which undermines the ability to filter by customer code.
  • Magento does not display the tax section of the Order Summary that is included on the Review and Payments page during checkout when the shopping cart includes a virtual product.

Community contributions

We are grateful to the wider Magento community and would like to acknowledge their contributions to this release.

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the external pull requests, the GitHub issue number associated with it (if available), and the community member who contributed the pull request.

Pull request Related GitHub issue Contributing community member
15929 15205, 15245 Francesco Marangi
13956 N/A Koen V.
13691 13556 nuzil
13878 13769 pawcioma
13943 12405, 12421 Pieter Hoste
13173 N/A Alexander Shkurko
13855 13804 Ankur Raiyani
14011 N/A Richard Jesudason
14013 N/A Sander Mangel
14026 N/A Alexander Shkurko
14030 N/A Alexander Shkurko
11376 N/A Adrian Martinez
13977 N/A Pieter Hoste
14028 N/A Alexander Shkurko
13607 13385 Shyam Ranpara
13717 13117 enriquei4
13807 N/A Sergey P
13024 3483 pradeep-wagento
14044 N/A Andreas von Studnitz
12929 10559 Renon Stewart
13884 5463 Mads Nielsen
13894 N/A evgk
13989 13988 Mateusz Krzeszowiak
14029 4919 Timon de Groot
14042 N/A Roman K.
14062 N/A jasperzeinstra
14083 N/A RandeKnight
14105 13820 Marcin Kwiatkowski
14121 14010 Yogesh Suhagiya
14041 N/A Carlos Lizaga
14106 N/A Alexander Shkurko
14136 N/A Cristiano Casciotti
14154 N/A nfourteen
14189 N/A Elias
11707 N/A gwharton
14156 N/A Andreas Schrammel
12893 N/A Alexander Shkurko
13653 N/A Jeroen
14091 14138 Vlad Veselov
14128 14109 Nathan McBride
13716 13704 Alessandro Pagnin
14230 N/A cstergianos
14306 14089 Oscar Recio
14303 13992 cream-julian
14317 7428 cristina-diaz
14358 N/A Prince Patel
13414 N/A Vincent Marmiesse
14308 N/A Yogesh Suhagiya
14327 10057 Oleksandr Kravchuk
14347 N/A Sergey P.
14361 11930, 10700 Doug
14388 N/A Alexander Shkurko
14060 N/A Ihor Sviziev
14299 14072 Oscar Recio
14325 7816, 12852 Mike Whitby
12497 10650 Paavo Pokkinen
14288 N/A Timon de Groot
14385 13716 Vlad Veselov
14309 14307 Arjen Miedema
14350 14249 Calin
14403 N/A edie-pasek
14440 N/A Yogesh Suhagiya
13942 13582 Alex
14293 8837 Andriy Kravets
14439 N/A Sander Jongsma
14445 N/A Alexander Shkurko
14455 N/A Karla Saaremäe
14452 N/A Adrian Martinez
14466 N/A NamrataChangani
14473 N/A David
13808 N/A Sergey P
14360 13010 afirlejczyk
14457 N/A Sergey P
14498 N/A Karla Saaremäe
14504 N/A Tommy Quissens
13629 N/A Theis Corfixen
13831 N/A Vadim Kusakin
magento/magento2ce/pull/14176 14049 joost-florijn-kega
14319 6879 MateuszChrapek
13257 N/A Alexander Shkurko
14559 13950 nuzil
14552 N/A Tibor Kotosz
14599 14572 Pierre LeMaguer
13016 9666, 12323 Ross
14048 14035 Kamil Szewczyk
14629 N/A AnshuMishra17
14635 14465 Ihor Sviziev
14668 N/A Suraj kumar prasad
14678 N/A Roman Strelenko
14681 13652 Ihor Sviziev
14688 N/A Isaias
14696 N/A Ihor Sviziev

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request, and the GitHub issue number associated with it (if available).

Contributing Partner Pull Request Related GitHub issue
Balance Internet 14128 14109
Comwrap 14559, 13691 13556
Convert 14457,13807, 14347, 13808 N/A
Divante 14360, 14105 13010, 13820
H&O 13653 N/A
Interactiv4 14452, 14299, 14317, 14306, 13717,11376 13117, 14089, 7428, 14072
Inviqa 14552 N/A
ISM eCompany 14327 10057
MediaCT 14309, 14062, 14230 14307
Something Digital 13898 12792, 13778
Vaimo 13257, 13173, 14026, 14030, 14028, 14106, 12893, 14388, 12497, 14447 10650
Wagento 14473, 13024 3483

System requirements

Our technology stack is built on PHP and MySQL. For details, see Technology stack requirements

Installation and upgrade instructions

See How to get the Magento software for complete installation and upgrade information.

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.2.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Updated
© 2023 Magento. All rights reserved.