Magento Commerce 2.2.11 Release Notes
This release (Magento 2.2.11) marks the final supported software release for Magento version 2.2. Magento 2.2 will no longer receive security updates or product quality fixes now that its support window has expired.
Magento Commerce 2.2.11 offers platform upgrades and substantial security changes. This release includes 29 functional fixes and enhancements to the core product and several security enhancements.
Magento 2.2.11 has not been tested with PHP 7.1. PHP 7.1 reached EOL (End of Life) on December 1, 2019. We recommend updating your deployment to a supported version of PHP.
Security enhancements
Twenty-three security enhancements that help close cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP whitelisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin, and good password hygiene.
With this quarterly release, we’ve changed how we describe these security issues. Individual issues are no longer described in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento (APSB20-02) for more information.
Functional fixes
In addition to security enhancements, this release contains the following functional fixes.
Cart and checkout
- Administrators with appropriate but restricted privileges can now view the list of CMS pages at Content > Pages. Previously, Magento displayed this error:
You cannot define a correlation namestore_table more than once
.
- A shopping cart that contains items no longer displays a subtotal and order total of zero when the Clear Persistence on Sign Out setting is disabled and the Redirect Customer to Account Dashboard after Logging in setting is enabled.
CMS content
- You can now upload a video from the WYSIWYG editor.
Configurable products
- You can now add new options with new images to an existing configurable product. Previously, when you clicked Save, Magento threw an error and did not save the new variations.
- Simple products no longer disappear from the Admin configurable product list when you set the product quantity to 0.
- Out-of-stock configurable product options are now listed as expected on the storefront when the Display Out of Stock Products setting is enabled on Admin > Store > Configuration > Inventory > Stock Options.
Gift wrapping
- Magento now correctly processes orders that include giftwrap for multiple products when PayPal Express is used to pay for an order. Previously, Magento displayed this error:
PayPal gateway has rejected request. The totals of the cart item amounts do not match order amounts (#10413: Transaction refused because of an invalid argument. See additional error messages for details)
.
Inventory
- You can now save an edited product when
max_sale_qty
is set to the Magento default value. GitHub-23319
Import/export
- Magento now adds newly imported images after previously imported ones. Previously, Magento added these most recently imported images randomly.
- The import process now maintains custom option prices that were assigned to different websites and scope before import. Previously, after import, these custom option prices were set to the default scope values.
- Magento now correctly processes product prices during export when the All Store Views scope is set. Previously, the logic for updating the price of custom options in non-default websites was missing when the Catalog > Price setting was set to Website.
Indexing
- The
POST /V1/products/tier-prices
endpoint now considers account indexer mode as expected.
Infrastructure
Magento 2.2.11 has not been tested with PHP 7.1. PHP 7.1 reached EOL (End of Life) on December 1, 2019. We recommend updating your deployment to a supported version of PHP. See Magento 2.2 technology stack requirements for information about supported versions.
Payment methods
- You can now successfully complete an order using Braintree with PayPal when Shipping Flat Rate is activated. Previously, Magento displayed an informative error.
- For orders paid with Payflow Pro, if the Vault Enabled option is set to Yes, Magento now displays accurate stored card information as expected on the order information page.
Persistent
- Guest users can now check out after persistent shopping cart has been disabled. Previously, Magento displayed this error:
No cart with such entityId=0
.
- Magento no longer creates a persistent cart session for logged-in users when the persistent cart feature has been disabled. Previously, Magento did not empty shopping carts for users when the user logged out.
RMA (Return Merchandise Authorization)
- The amount displayed in the Remaining Amount field of Admin > Stores > Configuration > Sales > Sales > RMA Settings is now accurate. Previously, this amount corresponded to the total of items that were originally bought but not the actual remaining amount.
- Magento now properly concatenates first and last names in PayPal Express address fields.
- RMAs created with the
POST V1/returns/
call now render correctly on the Admin.
Sales Rule
- Select All on the coupon list of the Manage Coupon Codes page now works as expected.
Shipping
- Shipping notification emails sent to customers now contain a link to order tracking.
- Magento now displays the correct cost for shipping in the shopping cart when you return to the cart from the checkout page for an order being shipped to multiple addresses.
Search
- Magento no longer throws an exception when search queries contain decimals.
URL rewrite
- Category-specific URL rewrites are now generated as expected when importing and assigning a product to a category.
- A category schedule update no longer unchecks the Use default value setting on the URL key for the store view.
Wishlist
- Wishlists now accurately reflect product availability when a product has been added to a wishlist and then subsequently disabled. Previously, the wishlist displayed these contradictory messages:
You have no items in your wish list
and1 item in wish list
.
- Products that are deleted from a wishlist from the Admin are now deleted from the storefront wishlist.
Installation and upgrade instructions
See How to get the Magento software for complete installation and upgrade information.
Migration toolkits
The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.
The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.2.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.