Magento Commerce 2.2.7 Release Notes

Release notes published November 28 and last updated on July 31, 2019.

We are pleased to present Magento Commerce 2.2.7. This release includes over 30 critical enhancements to product security, over 150 core code fixes and enhancements, and over 100 community-submitted pull requests.

Although this release includes these security enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

See Magento Security Center for a comprehensive discussion of these issues. All exploitable security issues fixed in this release (2.2.7) have been ported to 2.1.16, 1.14.4.0, and 1.9.4.0, as appropriate.

Apply patch PRODSECBUG-2233 to address critical remote code execution vulnerability (RCE)

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left this version of Magento Commerce open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

This issue and the available patches are discussed in the Extending the June 25 Security Update to Older Versions of Magento blog post. You can directly access patch code through your Magento account for Magento Commerce. Locate the patch by the name. We provide both Git-based and Composer-based patches.

Apply patch PRODSECBUG-2198 to address critical SQL injection vulnerability

A SQL injection vulnerability has been identified in pre-2.2.8 Magento code. To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. However, to protect against this vulnerability and others, you must upgrade to Magento Commerce or Open Source 2.2.8. We strongly suggest that you install these full patches as soon as you can.

See the description of PRODSECBUG-2198 in the Magento Security Center for information on this vulnerability.

Follow these steps to download and apply this patch:

1. Access My Account.

2. Navigate to the Downloads tab. Select the Magento edition and version you need.

3. Select Support Patches and Security Patches, then PRODSECBUG-2198.

4. Download the patch and upload to a specific directory in your Magento installation such as m2-hotfixes (confirm that the directory is not accessible publicly).

5. From your project root, apply the patch.
 git apply ./m2-hotfixes/<patch-file-name>.

6. Refresh the cache from the Admin (System > Cache Management).

Highlights

In addition to over 30 critical security fixes, look for the following highlights in this release:

Core code highlights

This release includes improvements to general usability of the core code plus enhancements to wishlist, shipping, and B2B features.

General improvements

• An administrator with permissions on one website only can no longer access the All Store Views scope for a product that is assigned to multiple websites.

• All relevant attributes are now populated in the Google Tag Manager when a customer adds a product to their shopping cart. Previously, grouped, bundle, and configurable product attributes were missing from the Google Tag Manager.

Wishlist

• Customers can now choose which wishlist to add a product to when adding products to the wishlist from the shopping cart.

• Products disabled in the Admin no longer appear in storefront wishlists. Previously, disabled products still appeared in the storefront wishlist, although when a customer clicked on a disabled product, Magento correctly returned “page not found”.

• Magento now displays a success message when a customer successfully updates a wishlist.

• Magento now displays the correct options when you click on View Details for a product with configurable options. Previously, Magento displayed the image for the parent product. GitHub-8168

B2B

• Merchants can now successfully update product prices and currencies using Admin > Stores > Settings > Configuration > Currency Setup.

• Merchants can now create a Company with an optional regional setting. Previously, Magento displayed this message, Error message: Invalid value of "" provided for the region_id field.

• Magento now removes information from all fields when you click Reset when creating a new Company from the Admin. Previously, Magento cleared all fields except for the admin email field.

• Magento no longer permits merchants to open a new tab to edit Company users from the Company Users tab. Previously, when a merchant tried to open a new tab to edit users, Magento threw an error.

Shipping

• The Magento UPS module has been updated to support new UPS API endpoints.

Magento Functional Test Framework (MFTF)

• MTFT version 2.3.8 is now packaged with Magento 2.2.7.

Community contribution highlights

Highlights of community contributions include these fixes:

• Bulk Web APIs allow all existing REST APIs to accept payloads with multiple entities. These community-contributed bulk APIs support more efficient and scalable implementations that eliminate round-trip network overhead. Like asynchronous APIs, bulk web APIs can be used in conjunction with queues that have also been migrated to Magento Open Source. See Bulk endpoints for more information.

• The email server no longer throws an exception when a customer places an order using a PayPal payment method. Previously, when a customer checked out using PayPal, Magento placed the order, but the email server threw an exception. Thanks to community member Jason Woods!

• You can now use REST to add a configurable product to a shopping cart without creating a duplicate product entry. Thanks to community member zamboten! GitHub-15028

• The price range displayed for bundle products now shows only valid prices. Previously, Magento displayed special prices that had expired, even though the price in the customization and summary area was correct. Thanks to community member Riccardo Tempesta! GitHub-15457

Looking for more information on these new features as well as many others? Check out Magento Developer Documentation and the Magento Commerce User Guide.

Functional fixes

In addition to security enhancements, this release contains the following functional fixes.

Installation, setup, and deployment

• Magento backup functionality is no longer enabled by default, and the code has been deprecated. See Back up and roll back the file system, media, and database for more information on backup strategies.

• Customer attribute management issues that merchants experienced after upgrading to Magento 2.2.6 have been resolved. Previously, after upgrading their stores to Magento 2.2.6, merchants could not create and save a new multiselect or dropdown customer custom attribute, and existing customer attributes no longer appeared for editing within the customer’s account on the storefront.

• Fixed an issue with the shared configuration settings in app/etc/config.php that caused recursion detected errors during deployment.

• You can now enable logs as expected (through the use of Stores > Settings > Configuration > Advanced > Developer > Debug > Log to file) when switching from production mode to developer mode. Fix submitted by Jay Ghosh in pull request 15335. GitHub-13480

• You can now filter the customer grid without inadvertently triggering a next-page Ajax call. Previously, when you created an order from the Orders page and tried to filter the customer list, Magento did not filter the list, and displayed the next page of customer entries. Fix submitted by Ronak Patel in pull request 17870. GitHub-17789

• The bin/magento command now works as expected when Magento is not installed. Previously, Magento displayed this error, Command line user does not have read and write permissions on generated directory. Please address this issue before using Magento command line.

• Magento no longer throws an error when loading configuration data while running the setup:di:compile command. Previously, Magento threw an error when loading configuration data before Magento was installed because no store-specific or website-specific configuration data was available. (Store and website data is available only after Magento is installed.) Fix submitted by Marcel in pull request 13649.

• You can now set a custom frontend_model value in system.xml if the name of the module you’re using contains an underscore. Fix submitted by Ben Tideswell in pull request 14397.

• Performance of the setup:upgrade step of the update process has been improved for installations containing many orders (greater than 100,000). Fix submitted by Aurélien Lavorel in pull request 16570.

• You can now complete setup:install for installations running an authenticated Redis instance for cache configuration. Previously, Magento did not read the Redis cache options in env.php as expected, although the Redis session password configuration worked as expected. Fix submitted by Guillaume Giordana in pull request 17078.

• You can now replace the transaction trace driver for the Profiler (app/bootstrap.php). For example, with this change you could replace the default profiler with the OpenTracing API, which can then use its own exporters to express the code to the CNCF Jaeger project. This in turn supports a more granular view of application transactions. Fix submitted by Andrew Howden in pull request 15171.

AdminGWS

• An administrator with permissions on one website only can no longer access the All Store Views scope for a product that is assigned to multiple websites.

• Administrators with restricted privileges can now edit and create CMS blocks as expected. Previously, Magento threw an error like this when an administrator tried to edit or create a block: Warning: array_intersect(): Argument #1 is not an array in /var/www/html/magento2ee/app/code/Magento/AdminGws/Model/Models.php on line 1075
.

B2B

• Magento no longer permits merchants to open a new tab to edit company users from the company users tabs. Previously, a merchant would try to open a new tab to edit users, and Magento threw an error.

• Magento now removes information from all fields when you click Reset when creating a new company from the Admin. Previously, Magento cleared all fields except for the admin email field.

• Merchants can now create a company with an optional regional setting. Previously, Magento displayed this message, Error message: Invalid value of "" provided for the region_id field.

• Administrators with appropriate permissions can now change the status of a company to Rejected. Previously, Magento did not save the change in status, and threw an error.

• Magento now opens a new window for edit purposes when a merchant selects Edit User in New Tab from the company Users page. Previously, when a merchant tried to edit company users from the storefront by selecting Edit User in New Tab, Magento threw a JSON error.

Bundle products

• Magento now sorts bundle summaries according to the criteria set in the Admin.

• The price range displayed for bundle products now shows only valid prices. Previously, Magento displayed special prices that had expired, even though the price in the customization and summary area was correct. Fix submitted by Riccardo Tempesta in pull request 15535. GitHub-15457

• Merchants can now create a return merchandise authorization (RMA) for a bundled product from a customer’s account. Previously, Magento did not create the RMA, and the store returned an error.

CAPTCHA

• CAPTCHA code has been refactored to eliminate unnecessary multiple conditions. Fix submitted by Pratik Oza in pull request 17203.

Catalog

• Magento now displays the product name under the product image on the product page.

• Magento now alerts you to an error when a merchant tries to save a product without completed required fields.

• A previous fix for a gallery template issue that was inadvertently reverted has been restored. Fix submitted by gwharton in pull request 16594. GitHub-15009

• Parent theme image height settings (specified in view.xml) no longer override the height settings assigned to individual images. Fix submitted by Tommy Quissens in pull request 14537. GitHub-12250

• Magento now maintains product image roles as expected after upgrade. Previously, image roles randomly disappeared from product pages after upgrade. Fix submitted by Sam Butler Thompson in pull request 15606. GitHub-10687

• You can now save attributes for a configurable product after a validation error occurs. Previously, when you added a new product with an image, if a validation error occurred during the product save, Magento removed the images from the Images and Videos section. If you subsequently fixed the validation conflict and attempted to save the product again, Magento threw a descriptive error. Fix submitted by Oleksandr Kravchuk in pull request 16597. GitHub-7372, GitHub-13177

• You can now add a product with a price of zero (0) to a wishlist. Fix submitted by sv3n in pull request 17395. GitHub-16479

• You can now save a title for a product from the Product > Customizable Options page. Fix submitted by Madhumala Krishnan in pull request 15357. GitHub-6305

• You can now add a custom fieldset to the Admin category editor without changing the position of the General section (that is, the section that contains the Enable category, Include in Menu, and Category Name fields). Previously, Magento moved the General section to the last position of the form. Fix submitted by Burlacu Vasilii in pull request 17540. GitHub-15041

• The Catalog Products List widget can now display products on the storefront that have specific attributes applied to the default Global scope.

• Magento now displays a descriptive error message when a customer tries to order a product in increments that are not allowed.

• The Catalog Staging module no longer overrides trigger settings in scheduled indexed operations. Previously, when Magento indexes were configured to run on schedule, Magento created the appropriate INSERT/UPDATE/DELETE triggers. Consequently, the UPDATE trigger script contained a condition to check if any values were changed, and only then inserted a record into the changelog table of subscribed indexers. The Catalog Staging module prevented the inclusion of trigger conditions.

• Magento now applies tier prices as expected after a customer logs into their shopping cart. GitHub-14255

• Magento no longer switches from table to list view on the product page when you add a product from the wishlist to the shopping cart.

• Customers can now add a product to their shopping cart when their session has expired. Previously, Magento did not add the product, and hung indefinitely while trying to add the product.

• A merchant can now successfully create and save configurable products from the Admin in a multisite deployment. Previously, when a merchant created a configurable product with customizable options, Magento set its has_options and required_options  (in the catalog_product_entity table) to 0, and the merchant needed to click Save again to correctly add the product.

• The PUT rest/all/V1/categories/:categoryId endpoint now requires the name field.

• Special price expressions now work as expected. Previously, catalog_product_price did not generate correct price data. Fix submitted by Dmitry Chukhnov in pull request 16510.

Catalog rule

• date can now be used as a condition for Catalog Price rules. Fix submitted by Glenn Cheng in pull request 16855.

Cart and checkout

• Customers can no longer place orders for out-of-stock products.

• Magento no longer displays an undefined string on the Order Summary page. Fix submitted by Vishal Gelani in pull request 17526. GitHub-17492

• Magento now displays the wishlist icon on the shopping cart page on mobile devices. Previously, Magento cut off the wishlist icon on this page when viewed on a mobile device. Fix submitted by Hitesh in pull request 17877. GitHub-17851

• Magento no longer unchecks My billing and shipping address are the same checkbox when a customer uses an offline custom payment method for an order. Previously, when a customer used an offline custom payment method for an order, Magento unchecked this checkbox on the payment step if the shipping address was updated. Fix submitted by Eduard Chitoraga in pull request 17593. GitHub-14819

• You can now see category changes on the storefront as expected after the changes have been saved. Previously, Magento did not display changes to product categories on the storefront until reindexing occurred even if update on schedule was set and the cache had been cleaned.

• Magento now populates the Default Billing address field with the shipping address when a customer selects Save in address book during checkout. Previously, Magento saved the address, but did not populate the default billing address field as expected.

• Third-party modules can now perform actions after totals calculation. (Modules can perform additional actions by adding .done, .fail, or .always tasks to the request promise by creating a JavaScript mixin for the totals processor.) Fix submitted by Navarr Barnier in pull request 17127.

• Magento no longer adds an empty method to the cart summary. Previously, when the method html was empty, an empty list item resulted, which subsequently resulted in an extra margin of 20px because of default styling. Fix submitted by Arnoud Beekman in pull request 17189.

• The sidebars for the wishlist on the catalog, my account, and checkout pages now render special characters correctly. Previously, the browser displayed ™ instead of rendered special characters on these pages. Fix submitted by deepjoshi94 in pull request 17070.

• The disabled attribute has been removed from the region list. Fix submitted by Daniel Ruf in pull request 16955.

• The Admin checkout agreement controllers have been refactored to remove the use of ObjectManager. Fix submitted by AnshuMishra17 in pull request 16505.

Clean up and minor refactoring

• Problems with the responsive layout app/design/frontend/Magento/luma/Magento_Theme/web/css/source/_module.less have been resolved. Fix submitted by Pratik Oza in pull request 17217.

• The text-align for the <th> element of the Subtotal column in the creditmemo email has been corrected. Fix submitted by Tomash Khamlai in pull request 17153.

• The invalid knockoutjs data binding in Braintree PayPal has been fixed. Fix submitted by Tiago Sampaio in pull request 17236.

• The overall readability of Shipping Methods sorting has been improved by replacing sort callbacks. Fix submitted by Lukasz Bajsarowicz in pull request 16788.

• Files in /lib have been cleaned up. Fix submitted by Pratik Oza in pull request 17103.

• Unused IDs in app/code/Magento/Checkout/view/frontend/web/template/billing-address/form.html and app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml have been removed. Fix submitted by Daniel Ruf in pull request 17291.

• Removed unnecessary translation of HTML tags in app/code/Magento/Catalog/Block/Adminhtml/Form/Renderer/Config/YearRange.php and app/code/Magento/Catalog/i18n/en_US.csv. Fix submitted by Yogesh Suhagiya in pull request 17291.

• Minor CSS issues in lib/internal/Magento/Framework/View/Test/Unit/Url/_files/sourceImport.css have been fixed. Fix submitted by Arnoud Beekman in pull request 17365.

• Duplicate code in app/code/Magento/Ui/view/base/web/js/dynamic-rows/dynamic-rows.js has been removed. Fix submitted by Arnoud Beekman in pull request 17505.

• The code generator for Proxy is no longer missing returnType in the method information definition. Fix submitted by adrian-martinez-interactiv4 in pull request 17552.

• The <script/> tag has been replaced with <script type="text/x-magento-init" /> in app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/form.phtml and app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/action/attribute.phtml. Also, a new JavaScript component with the callback function has been created.
 Fix submitted by Yogesh Suhagiya in pull request 17527.

• The $outputHelper property declaration has been added to app/code/Magento/Catalog/CustomerData/CompareProducts.php. Fix submitted by Oleksandr Kravchuk in pull request 17250.

• The Magento_Backend module has been refactored. Fix submitted by Tiago Sampaio in pull request 17101.

• The usage of the count() function in for loops has been refactored to improve the performance of the loops that were running count() in every iteration throughout the code base. Fix submitted by Daniel Ruf in pull request 15507.

CMS content

• A new OptionSource of blocks has been added. Fix submitted by Thomas Klein in pull request 16021.

• You can successfully save a CMS page with the same URL key as another store on a different website but with the same hierarchy.

• The CMS page index has been refactored to remove the Object Manager, and dependency injection has been added to the constructor. Fix submitted by Vladymyr Hrivinskyi in pull request 17066.

Configurable products

• You can now use REST to add a configurable product to a shopping cart without creating a duplicate product entry. Fix submitted by zamboten in pull request 15720. GitHub-15028

• Magento now displays a descriptive error message when you try to upload a file in an unsupported format. Previously, Magento displayed an error that did not relate to the specific upload problem.

• Magento now displays the correct options when you click on View Details for a product with configurable options. 
Previously, Magento displayed the image for the parent product. GitHub-8168

CMS

• You can successfully save a CMS page with same URL key as another store on a different website but with the same hierarchy.

• The CMS page index has been refactored to remove the Object Manager and added dependency injection to the constructor. Fix submitted by Vladymyr Hrivinskyi in pull request 17066.

Customer

• When editing an Admin user role, Magento now displays the Customer Groups section under the Customers section as expected. Previously, Magento displayed the Customer Groups section under the Stores > Other settings section. Fix submitted by Emipro Technologies Pvt Ltd in pull request 17515. GitHub-16499

Directory

• Currency conversion rate services now work as expected in the Admin.

EAV

• The Product Attribute Repository’s incorrect return values have been replaced with values that now adhere to Magento\Catalog\Api\ProductAttributeRepositoryInterface (extends Magento\Framework\Api\MetadataServiceInterface) as expected. Fix submitted by julianvdrielen in pull request 15691. GitHub-4803

Email

• Magento now displays the correct width for the welcome email when viewed on a mobile device.

• Magento can no longer send more than 50 emails per cronjob, which will reduce duplicate emails. Fix submitted by iGerchak in pull request 17484.

Frameworks

• You can now set values for MAX_IMAGE_WIDTH and MAX_IMAGE_HEIGHT in Stores > Settings > Configuration > Advanced > System > Images Configuration, which supports the upload of larger images. Fix submitted by Eduard Chitoraga in pull request 15942. GitHub-13747

• functions.php now resides in the Framework module. Fix submitted by Kristof, Fooman in pull request 16800.

• FTP connections can now use user or password strings with special characters (for example, @ or #). Fix submitted by Pratik Oza in pull request 17246.

Application framework

• Magento now validates that the required Purchase Order Number field is set as expected during checkout. Fix submitted by Pablo in pull request 14393. GitHub-6585

Database framework

• The getSize function now reflects item and page count totals for filtered product collections on the category page.

JavaScript framework

• JavaScript validation rules no longer require validation of fields where completion is not required. Previously, customers could not complete forms unless non-required fields were completed. Fix submitted by Vitaliy Boyko in pull request 16724. GitHub-16544

• You can disable the Use system value checkboxes on the Admin as expected. Fix submitted by Valerij Ivashchenko in pull request 16000.

Session framework

• Magento no longer unexpectedly empties a customer’s shopping cart during checkout when concurrent requests occur. Fix submitted by Elio Ermini in pull request 14973. GitHub-12362

General

• Magento now processes zero (0) in email filter fields correctly.

• You can now clear the Date of Birth field in the customer edit page when accessed from the Admin.

• Product image zoom now works as expected in stores running on Safari. Fix submitted by Danny Nimmo in pull request 17491. GitHub-17416

• Magento now displays the background of transparent product image watermarks correctly. Fix submitted by Ronak Patel in pull request 17013. GitHub-16929

• .png images from the GD2 image library that have transparent backgrounds now retain their transparent backgrounds after upload. Previously, these transparent backgrounds were rendered black when you displayed these images after upload. Fix submitted by Eduard Chitoraga in pull request 16733. GitHub-14248

• Magento no longer duplicates events during delete operations. Fix submitted by p-bystritsky in pull request 17718. GitHub-17715

• Magento now correctly displays the Datepicker widget when a user scrolls a page containing it. Fix submitted by Hitesh in pull request 16775. GitHub-7903

• Magento now disables the Shop By button on the search page when a customer sets additional search filters. Fix submitted by Andrea Rivadossi in pull request 15650. GitHub-13445

• Magento now processes the oldest message queue entries first instead of last.

• The setterName method is now correctly set. Fix submitted by insanityinside in pull request 17773.

• New templates have been added to the GitHub Issue Reporting section. These templates target a broad scope of possible problems, and the proposed descriptions are aimed at simplifying future fixes. Fix submitted by Eugene Shakhsuvarov in pull request 17817.

Google Tag Manager

• All relevant attributes are now populated in the Google Tag Manager when a customer adds a product to their shopping cart. Previously, grouped, bundle, and configurable product attributes were missing in the Google Tag Manager.

Import/export

• Magento now displays the correct execution time for an import operation on the System > Import History page.

Infrastructure

• The Web Setup wizard icon sidebar shortcut on the Admin now links as expected to the wizard. Fix submitted by Arnoud Beekman in pull request 17543. GitHub-13948

• The $keepRation parameter in the Magento\Cms\Model\Wysiwyg\Images\Storage class has been renamed to $keepRatio. Fix submitted by Martin Aarts in pull request 17776. GitHub-17587

• Customers can now change product status by clicking on either the toggle element or label text, but not by clicking the area around a toggle element. Previously, if a customer clicked on the area around a toggle element, Magento changed the state of the element. Unintended results could occur if a customer mistakenly clicked on the area around the element and didn’t realize that the status had changed.

• Outdated LESS lib docs have been updated. Fix submitted by Karla Saaremäe in pull request 17479.

• The floatval() function has been replaced by the use of direct type casting to (float) throughout the code base. Fix submitted by Marcel Hauri in pull request 16848.

• The strval() function has been replaced by the use of direct type casting to (string) throughout the code base. Fix submitted by Marcel Hauri in pull request 16849.

• The EU-VAT-Numbers Countrycode prefixes have been removed for validation purposes. Fix submitted by Drischie in pull request 17385.

• Missing data-th selectors have been added to tables. Fix submitted by Daniel Ruf in pull request 17327.

Locale

• The DatePicker date filter on Reports > Products > Ordered now works as expected for administrators working in Australian English locales.

Logging

• Admin action logs now list changes to product quantity as expected.

Payment methods

• Magento no longer throws an error when you try to add a new shipping address to an order placed with Braintree from the Admin.

• The email server no longer throws an exception when a customer places an order using a PayPal payment method. Previously, when a customer checked out using PayPal, Magento placed the order, but the email server threw an exception. Fix submitted by Jason Woods in pull request 13133.

Reports

• The scope selector for reports now works as expected. Previously, when a merchant set the scope to All Websites , the generated report showed sales from only a subset of websites.

• The .csv export of Coupon reports now shows the correct total for selected coupons. Previously, the total line in the .csv file showed the totals for all coupons in the selected time period, rather than just the selected coupons.

• The .csv export of the Abandoned Cart report now contains information about all abandoned carts as expected. Previously, this .csv file contained only the first 20 rows of the report.

• The Year-to-date dropdown accessed from Stores > Settings > Configuration > General > Reports > Dashboard now displays a numerical list that ranges from 01 to 12 as expected. Fix submitted by teddysie in pull request 17383. GitHub-17289

• Wishlist reports are available on the Admin as expected.

Review

• Magento now displays a 404 page not found error when a customer tries to navigate to a product review that is not accessible. Previously. Magento displayed a PHP error code. Fix submitted by Ananth in pull request 15369. GitHub-13102

Reward

• Magento now throws a descriptive error as expected when using a negative value that contains an invalid minus symbol to update reward points on a customer account.

Sales

• The Magento\Sales\Block\Adminhtml\Order\Totalbar class and totalbar template files have been deprecated. These components were formerly included but never implemented in the invoice create and credit memo create layout files. Fix submitted by Danny Verkade in pull request 16656. GitHub-16653

• Magento now displays product price and shipping costs in the default currency that was configured for that specific website for orders created from the Admin. Previously, when you have multi-site configuration with different default currencies for each website, the product and shipping prices shown while creating an Admin order are incorrect.

• Merchants can now successfully update product prices and currencies using Admin > Stores > Settings > Configuration > Currency Setup.

• Admin orders are no longer restricted by a minimum order amount. Previously, Magento required this minimum for both Admin and storefront users.

Sales rule

• You can now use wildcard values in coupon codes.

Search

• JavaScript files are now located inside the web/js directory. Fix submitted by Hitesh in pull request 16582. GitHub-16302

• Search synonyms are now available for all search engines deployed in your Magento store. Previously, search synonyms did not appear in the Admin menu when Elasticsearch 5.0+ was deployed.

• Product attribute are now displayed as expected in layered navigation with Elasticsearch 5.0+.

• Elasticsearch now works as expected for Chinese locales.

Shipping

• Customers can now add a new address to an order during checkout of an order being shipped to multiple addresses.

• Multishipping checkout now works as expected. Previously, Magento displayed the Shipping address is not set error message when checking out an order with multiple addresses. Fix submitted by Dmytro Cheshun in pull request 16753. GitHub-16555

• The Magento UPS module has been updated to support new UPS API endpoints.

• Customers can now view their completed order from the success page for orders that will be shipped to multiple addresses. Previously, when a customer took a link from the order success page to view their just-completed order, Magento displayed this error, There has been an error processing your request.

• The Shipment grid now displays the status of completed orders correctly. Previously, the Order Status column of the Shipment grid indicated that a completed order was being processed.

Magento Shipping

• Magento Shipping return merchandise authorization (RMA) can no longer be enabled when Magento Shipping is disabled.

Store

• The getUrlInStore() method no longer returns URLs that contain the store code, which has shortened the extremely long URLs it previously returned. Fix submitted by Burlacu Vasilii in pull request 16468. GitHub-16273

Swagger

• Swagger now works as expected when JavaScript minification is enabled. Previously, when JavaScript minification was enabled, the swagger-ui-bundle.js became corrupted, although Swagger worked fine when minification was subsequently disabled, and the files were redeployed. Fix submitted by Pieter Hoste in pull request 17626. GitHub-16927

Testing

• The ProcessCronQueueObserverTest.php integration test now works correctly. Fix submitted by Vishal Gelani in pull request 17191. GitHub-16243

• Deprecated methods throughout the test suite have been replaced. Fix submitted by Tiago Sampaio in pull request 17872.

• An API functional test for the /V1/search (searchV1) resource has been added. Fix submitted by Yaroslav Rogoza in pull request 17840.

• The \Magento\Sales\Model\Validator class is now covered by unit tests. Fix submitted by Dmytro Cheshun in pull request 17876.

• The \Magento\Search\Model\PopularSearchTerms is now covered by unit tests. Fix submitted by Dmytro Cheshun in pull request 17739.

• The \Magento\Search\Model\SynonymAnalyzer class is now covered by a unit test. Fix submitted by Zebra in pull request 17801.

• The Sales Rule model classes are now covered by unit tests. Fix submitted by Dmytro Cheshun in pull request 17710.

• The \Magento\Review\Observer\ProcessProductAfterDeleteEventObserver is now covered by unit tests. Fix submitted by Eduard Chitoraga in pull request 17693.

• The CMS model classes are now covered by unit tests. Fix submitted by Dmytro Cheshun in pull request 17678.

• The \Magento\Newsletter\Model\Problem class is now covered by unit tests. Fix submitted by Yaroslav Rogoza in pull request 17633.

• The \Magento\Braintree\Model\InstantPurchase\CreditCard\TokenFormatter class is now covered by unit tests. Fix submitted by Eduard Chitoraga in pull request 17590.

• The \Magento\Catalog\Test\Unit\Cron\AvailabilityCheckerTest
 and \Magento\Catalog\Test\Unit\Cron\DeleteOutdatedPriceValuesTest classes are now covered by unit tests. Fix submitted by Dmytro Cheshun in pull request 17561.

• The Magento\Braintree\Model\InstantPurchase\CreditCard\AvailabilityChecker class is now covered by a unit test. Dmytro Cheshun in pull request 17454*

• The instant purchase PayPal token formatter is now covered by a unit test. Fix submitted by Yaroslav Rogoza in pull request 17405.

• The \Magento\Braintree\Gateway\Http\Client\TransactionVoid and \Magento\Braintree\Gateway\Http\Client\TransactionRefund classes are now covered by unit tests. Fix submitted by Yaroslav Rogoza in pull request 17368.

• The \Magento\Catalog\CustomerData\CompareProducts class is now covered by unit tests. Fix submitted by Oleksandr Kravchuk in pull request 17250.

• \Magento\Review\Observer\ProcessProductAfterDeleteEventObserver is now covered by an integration test. Fix submitted by Yaroslav Rogoza in pull request 17690.

Translation

• Errors in app/code/Magento/Sales/i18n/en_US.csv have been corrected. Fix submitted by Jignesh Baldha in pull request 17735.

• translate="title"  has been added to Admin menus. Fix submitted by Yogesh Suhagiya in pull request 17521.

• The custom attribute group name on customer and product pages can now be translated. Fix submitted by Grayson in pull request 17602.

• Validation error messages can now be translated. Fix submitted by Yogesh Suhagiya in pull request 17575.

• Error messages in the shopping cart page can now be translated. Fix submitted by Yogesh Suhagiya in pull request 16777.

UI

• The JavaScript validation rule used to validate AM/PM time settings now works as expected when JavaScript is minified. Fix submitted by Mark Shust in pull request 17652. GitHub-17648

• The message list component message type now has a message type of success. Previously, this type was always error when the parameters property was specified. Fix submitted by Dmytro Cheshun in pull request 17701. GitHub-17700

• The confirmation modal buttons that Magento displays when a customer sends a product to the trash are now translated as expected. Fix submitted by Karla Saaremäe in pull request 17275. GitHub-17193

User

• Magento no longer displays stores to which an administrator does not have access when the administrator creates a product and assigns it to a store view. Previously, an administrator with permissions set on one website only could view the All Store Views scope for a product.

Wishlist

• Products disabled in the Admin no longer appear in storefront wishlists. Previously, disabled products still appeared in the storefront wishlist, although when a customer clicked on a disabled product, Magento correctly returned “page not found”.

• Customers can now choose which wishlist to add a product to when adding products to the wishlist from the shopping cart.

• Magento now displays a success message when a customer successfully updates a wishlist.

Known issues

• Magento currently does not display the requested quote information when you select Get Quotes for an order from a storefront that supports collection point delivery.

• The Vertex customer tax code that is defined on Vertex Cloud and specified in the Customer Code field ignores a new customer tax class if both are specified on the customer detail page in the Magento Admin.

• Customers will not be able to complete purchases if merchants configure Klarna payments to work in a different region than the store has been configured for.

Community contributions

This release includes substantial community contributions: over 100 GitHub issues resolved and over 350 pull requests merged. We are grateful to the wider Magento community for this effort and would like to acknowledge their contributions to this release.

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the external pull requests, the GitHub issue number associated with it (if available), and the community member who contributed the pull request.

Contributing community member	Pull Requests	Related GitHub Issues
likemusic	#16000
AnshuMishra17	#16505
gwharton	#16594	15009, 16580
navarr	#17127
woutersamaey	#17122
TomashKhamlai	#17153
mage2pratik	#17203
tiagosampaio	#17236
mage2pratik	#17217
mage2pratik	#17246
lbajsarowicz	#16788
mage2pratik	#17103
gelanivishal	#17191	16243
Karlasa	#17275	17193
DanielRuf	#17291
AndreaRivadossi	#15650	13445
Yogeshks	#16354
DmitryChukhnov	#16510
hitesh-wagento	#16582	16302
dverkade	#16656	16653, 16655
mhauri	#16848
mhauri	#16849
deepjoshi94	#17070
hryvinskyi	#17066
arnoudhgz	#17189
swnsma	#17250
DanielRuf	#17327
arnoudhgz	#17365
rogyar	#17368
quisse	#14537	12250
jayankaghosh	#15335	13480
Scarraban	#15606	10687
cream-julian	#15691	4803
zamboten	#15720	15028
swnsma	#16597	7372, 13177
VitaliyBoyko	#16724	16544
DanielRuf	#16955
guillaumegiordana	#17078
rogyar	#17405
bentideswell	#14397
AurelienLavorel	#16570
tiagosampaio	#17101
sreichel	#17395	16479
alexeya-ven	#17437
phoenix128	#15535	15457
DanielRuf	#15507
dmytro-ch	#16753	16555
dmytro-ch	#17454
teddysie	#17383	17289
andrewhowdencom	#15171
GlennCheng	#16855
mimarcel	#13649
Karlasa	#17479
arnoudhgz	#17505
emiprotech	#17515	16499
dmytro-ch	#17561
driskell	#13133
elioermini	#14973	12362
Madhumalak	#15357	6305
Ananth747	#15369	13102
thomas-blackbird	#16021
dannynimmo	#17491	17416
gelanivishal	#17526	17492
vasilii-b	#17540	15041
adrian-martinez-interactiv4	#17552
eduard13	#17590
swnsma	#16777
Yogeshks	#17527
arnoudhgz	#17543	13948
Yogeshks	#17575
ronak2ram	#17013	16929
iGerchak	#17484
eduard13	#17593	14819
eduard13	#15942	13747
GraysonChiang	#17602
centerax	#14393	6585
rogyar	#17633
markoshust	#17652	17648
dmytro-ch	#17678
Yogeshks	#17521
rogyar	#17690
eduard13	#17693
dmytro-ch	#17701	17700
dmytro-ch	#17710
hostep	#17626	16927
eduard13	#16733	14248
p-bystritsky	#17718	17715
jignesh-baldha	#17735
MartinAarts	#17776	17587
furseyev	#17801
ishakhsuvarov	#17817
Drischie	#17385
dmytro-ch	#17739
insanityinside	#17773
hitesh-wagento	#17877	17851
dmytro-ch	#17876
rogyar	#17840
ronak2ram	#17870	17789
fooman	#16800
tiagosampaio	#17872
hitesh-wagento	#16775	7903

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request, and the GitHub issue number associated with it (if available).

Partner	Pull Request	Related GitHub Issue
Atwix	17540, 17368, 17405, 16753, 17454, 17515, 17561, 17593, 15942, 17633, 17678, 17690, 17693, 17701, 17710, 17739, 17876, 17840, 17801, 16724, 17590, 16733	15041, 16555, 16499, 14819, 13747, 17700, 16544, 14248
Interactiv4	17552, 17191, 16955, 15535, 17575, 16733, 17735, 17840, 17877, 16775	16243 , 15457, 14248, 17851, 7903
TechDivision	15369	13102
MageSpecialist	15720, 15535	15028, 15457
Wagento	16582, 16775, 17877	16302, 7903, 17851
Krish TechnoLabs	17203, 17217, 17246, 17103, 17013, 17870	16929, 17789
Comwrap	8: magento/bulk-api-ee/pull/8
Imagination Station	17217
SNOW.DOG	17203
Basecom	15606	10687
ISM eCompany	17250, 16597, 16777	13177, 7372
Mediotype	17127
MediaCT	17189, 17365, 17505, 17543	13948
Sitewards	15171
i.cube	17383	17289

System requirements

Our technology stack is built on PHP and MySQL. For details, see Technology stack requirements.

Installation and upgrade instructions

See How to get the Magento software for complete installation and upgrade information.

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.2.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.