Skip to content

Releases: OpenMage/magento-lts

v19.5.3

27 Feb 20:02
@fballiano fballiano
v19.5.3
82c06be
Compare
Choose a tag to compare
v19.5.3

Quick security release for OpenMage v19, fixing CVE-2024-20717 (XSS), all the details in GHSA-gp6m-fq6h-cjcx

Assets 3
Loading

v20.4.0

09 Feb 14:02
@fballiano fballiano
v20.4.0
ae12e16
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v20.4.0

🚀✨ Hello OpenMage enthusiasts! It's time for our first release of 2024!
OpenMage 20.4.0 brings many fixes to PHP8.1+ warnings and a few nice addition, be sure to get it while it's hot! 🧙‍♂️🔥

Highlights of OpenMage 20.4.0

  • Updated ZF1F to 1.24.0 by @fballiano in #3804
  • Fixed autoincrement id fetching cache problem in import/export module by @leissbua in #3730
  • Fixed reindex for configurable products without category assigned by @sreichel in #3785
  • Fixed bug on incorrect callback URL when saving OAuth Token. by @kiatng in #3770
  • Added whitelist to OAuth consumer callback URLs to allow custom URL scheme by @kiatng in #3774

Complete changelog

  • Custom option null deprecation by @kiatng in #3731
  • Fixed stripTags() null deprecation. by @kiatng in #3729
  • Fixed null deprecation in Zend_Pdf by @kiatng in #3744
  • Fixed oauth phtml docblock. by @kiatng in #3746
  • Fixed autoincrement id fetching cache problem in import/export module by @leissbua in #3730
  • Removed unused file js/mage/adminhtml/backup.js by @fballiano in #3757
  • Added $product param to catalog_controller_product_init_before event by @kiatng in #3656
  • Fixed Varien_Data_Form_Filter_Date::inputFilter() and Varien_Data_Form_Filter_Datetime::inputFilter() dealing with empty values by @massa-man in #3752
  • Deprecated createEntityTables() in Mage_Eav_Model_Entity_Setup. by @kiatng in #3628
  • Added helper methods to cast Mage::getStoreConfig() to int or float, fixes #3727 by @sreichel in #3736
  • Fixed bug on incorrect callback URL when saving OAuth Token. by @kiatng in #3770
  • DDEV-install: fixes table prefix when using -d and -s flag by @sreichel in #3749
  • Updated allcontributors badge to new format by @fballiano in #3782
  • Removed outdated changelog files from the .github folder by @sreichel in #3791
  • Removed LICENSE.html in favor of LICENSE.txt by @sreichel in #3786
  • Removed openmage's dev-dependencies in PHPUnit workflow by @Flyingmana in #3794
  • Fixed reindex for configurable products without category assigned by @sreichel in #3785
  • Fix Deprecated Functionality Error Caused by Passing NULL to nl2br() in Sharing Template by @ahudock in #3779
  • Fixed strlen(): Passing null to parameter in SalesRule/Model/Resource/Rule/Collection.php by @kiatng in #3675
  • Fixed some PHP8.1 warnings about null parameters by @fballiano in #3800
  • Fixed some PHPStan errors in lib/Varien by @fballiano in #3801
  • Whitespace reformat of licence files by @fballiano in #3798
  • Fixed warning Undefined array key 0 when installing OM via command line (dev mode on) (#3672) by @akunzai in #3677
  • Fixed bug on incorrect date format for 1970-01-01 date. by @kiatng in #3802
  • Updated ZF1F to 1.24.0 by @fballiano in #3804
  • Run code-ql workflow only when certain files change by @Flyingmana in #3789
  • Renamed some github workflows for better readability by @fballiano in #3806
  • Added getReviewSummary() to Mage_Catalog_Model_Product by @luigifab in #2702
  • Added whitelist to OAuth consumer callback URLs to allow custom URL scheme by @kiatng in #3774
  • PHPStan (and PHP syntax) workflows now only run on PHP 7.4 and 8.3 by @fballiano in #3805
  • Fixed strip_tags(): Passing null to parameter #1 in Catalog/Model/Product/Option/Type/File.php by @kiatng in #3775
  • Fixed null deprecation in function is_empty_date(). by @kiatng in #3808
  • Fixed bug on OAuth not redirecting to the authorize page after customer login by @kiatng in #3761
  • DDEV - Removing the sample archive from the root directory by @ADDISON74 in #3799
  • Fixed array_merge TypeError on missing disabled module dependency by @Tomasz-Silpion in #3715
  • Fixed missing layout parameter when choosing widget page group by @ma4nn in #3563
  • Updated composer dependencies by @fballiano in #3817
  • Fixed null parameter warning in Mage_Sales_Block_Recurring_Profile_View by @fballiano in #3819
  • Fixed parameter null parameter warning in Mage_Adminhtml_Block_Newsletter_Template_Edit::getJsTemplateName() by @fballiano in #3820
  • Fixed null parameter warning on Mage_Core_Model_Input_Filter_MaliciousCode::filter() by @fballiano in #3822

And the dependency related ones:

New Contributors

Full Changelog: v20.3.0...v20.4.0

Contributors

Flyingmana, akunzai, and 11 other contributors
Assets 3
Loading

v20.3.0

26 Dec 11:55
@fballiano fballiano
v20.3.0
11eca9d
Compare
Choose a tag to compare
v20.3.0

🎉🛒 Greetings, fellow Mage aficionados!
Brace yourselves for the magical unveiling of our latest release for this great 2023: OpenMage 20.3.0! 🚀🪩

This release isn't just another update; it's a recipe for the end of the year ecommerce party, with great ingredients like bugfixes, security enhancements, components and subsystems upgrades with a sprinkle of performance improvements.

Highlights of OpenMage 20.3.0

📝 TinyMCE is updated to v6.8.2 but most importantly script and style tags inside the WYSIWYG editor are supported again
📊 Our Google Analytics 4 module now correctly handles projects where the manufacturer attribute is missing
🚀 ConfigurableSwatches module loads its JS only if it's actually used
🛡️ Improved stampede prevention with empty config cache under high loads
🏋️ Many minor PHP8+ warnings have been fixed
👉 And so much more, check the full list of changes below

Complete changelog

  • Updated Mage_Core_Model_File_Uploader instantiation to use Mage::getModel() by @kyrena in #3618
  • Fixed bug in google analytics if the product attribute "manufacturer" is missing by @kiatng in #3632
  • Better tab configuration error message in Mage_Adminhtml_Block_Widget_Tabs by @sreichel in #3637
  • Fixed strtr(): Passing null to parameter #1 ($string) of type string is deprecated by @kiatng in #3639
  • Updated TinyMCE to 6.7.2 by @fballiano in #3641
  • Be more lenient in reading maintenance.ip addresses by @loekvangool in #3634
  • Orphaned ACL resource exceptions are now logged only in developer mode by @empiricompany in #3642
  • Fixed strip_tags(): Passing null to parameter #1 in Fulltext.php by @kiatng in #3655
  • Fixed passing null for trim is deprecated in Mage_Core_Model_Resource_Db_Abstract by @kyrena in #3535
  • Fixed docblock on page phtml templates. by @kiatng in #3661
  • Fixed deprecated passing null to imagecolorallocate() by @sreichel in #3636
  • Fixed bug which prevented uploading .ico favicon in backend by @empiricompany in #3690
  • Fixing warning about providing null instead of an expected string by @alexh-swdev in #3663
  • Added possibility to customize attributes used in associated products by @kiatng in #3674
  • Call ConfigurableSwatches' js only if necessary, catalog/product/view/type/configurable/swatch-js.phtml by @empiricompany in #3685
  • Improved stampede prevention with empty config cache under high loads by @colinmollenhour in #3530
  • Updated TinyMCE to 6.8.2 by @fballiano in #3707
  • Fixed issue #3692, fatal error on saving empty tier price. by @kiatng in #3693
  • Enabled script/style tags support in TinyMCE 6 by @empiricompany in #3653
  • Filtering of php tags in Mage_Core_Model_Input_Filter_MaliciousCode by @Judx in 66eaec5
  • Bump colinmollenhour/cache-backend-redis from 1.16.0 to 1.17.0 by @dependabot in #3620
  • Bump tj-actions/changed-files from 39 to 40 by @dependabot in #3622
  • Bump phpstan/phpstan from 1.10.39 to 1.10.41 by @dependabot in #3630
  • Fix for php-cs-fixer v3.37.1 by @sreichel in #3638
  • Bump friendsofphp/php-cs-fixer from 3.35.1 to 3.37.1 by @dependabot in #3621
  • Bump friendsofphp/php-cs-fixer from 3.37.1 to 3.38.0 by @dependabot in #3650
  • Bump friendsofphp/php-cs-fixer from 3.38.0 to 3.38.2 by @dependabot in #3667
  • Bump phpstan/phpstan from 1.10.41 to 1.10.43 by @dependabot in #3666
  • Added funding links to composer.json and github config by @Flyingmana in #3649
  • Bump friendsofphp/php-cs-fixer from 3.38.2 to 3.40.0 by @dependabot in #3681
  • Bump phpstan/phpstan from 1.10.43 to 1.10.44 by @dependabot in #3680
  • Bump phpseclib/phpseclib from 3.0.33 to 3.0.34 by @dependabot in #3682
  • Bump phpunit/phpunit from 9.6.13 to 9.6.15 by @dependabot in #3689
  • Bump friendsofphp/php-cs-fixer from 3.40.0 to 3.40.2 by @dependabot in #3687
  • Bump pelago/emogrifier from 7.1.0 to 7.2.0 by @dependabot in #3697
  • Bump friendsofphp/php-cs-fixer from 3.40.2 to 3.41.1 by @dependabot in #3699
  • Bump squizlabs/php_codesniffer from 3.7.2 to 3.8.0 by @dependabot in #3700
  • Bump phpmd/phpmd from 2.14.1 to 2.15.0 by @dependabot in #3703
  • Bump github/codeql-action from 2 to 3 by @dependabot in #3702
  • Bump tj-actions/changed-files from 40 to 41 by @dependabot in #3711
  • Bump colinmollenhour/cache-backend-redis from 1.17.0 to 1.17.1 by @dependabot in #3710
  • Bump friendsofphp/php-cs-fixer from 3.41.1 to 3.42.0 by @dependabot in #3709
  • Update Autolabeler Config to Version 5.0.0 by @Sdfendor in #3695

Full Changelog: v20.2.0...v20.3.0

Contributors

colinmollenhour, Flyingmana, and 10 other contributors
Assets 3
Loading
0 Join discussion

v20.2.0

27 Oct 12:16
@fballiano fballiano
v20.2.0
c7d6d55
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v20.2.0

OpenMage continues its remarkable journey with an important new release!
Among the numerous pull requests, one truly stands out. After months of development, we are thrilled to announce a significant upgrade to a core component of the OpenMage backend: the tinyMCE rich text editor skyrockets from its "more than 10-years-old" version 3 to the new and shining version 6.7!

Highlights of OpenMage 20.2.0

📝 TinyMCE is updated from v3 to v6.7.1
🔌 composer.json now allows PHP 8.3
🧹 Added a cron job to clean expired API sessions
📊 Added "googleanalytics_ga4_send_data_before" to customize GA4 data
🚀 Improved rate limit functions
🛠️ Fixed "Credit Memo not created when refund issued by merchant"
📄 Switched DOCTYPE for base/adminhtml themes to HTML5

Disclaimer

Since this is another substantial update please be sure to backup and test before deploying to production!

Changelog

Full Changelog: v20.1.1...v20.2.0

Contributors

colinmollenhour, Hanmac, and 11 other contributors
Assets 3
Loading
5 Join discussion

v19.5.2

27 Oct 10:21
@fballiano fballiano
v19.5.2
f824bc8
Compare
Choose a tag to compare
v19.5.2

What's Changed

  • [PHP 8.2] Fixed some deprecation warnings by @kiatng in #3592

Full Changelog: v19.5.1...v19.5.2

Contributors

kiatng
Assets 3
Loading

v20.1.1

05 Sep 09:18
@fballiano fballiano
v20.1.1
0f032f3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v20.1.1

After the colossal 20.1.0 release just a few weeks back, it's time for a little "smooth the edges" update, but don't be fooled, it's as important as your morning coffee!

Highlights of OpenMage 20.1.1

  • 🛠️ ZF1Future's version in composer is strictly specified now, it order to fix problems with future upstream upgrades and our composer patches
  • 🚀 Totally new JSON-RPC API is now available, with support for instal-login via HTTP basic auth, it seems to be much more performant than the SOAP one so definitely check it out
  • 📦 USPS module got a nice upgrade to support the latest changes in USPS APIs and services
  • 🍪 A vulnerability about "guest order view" cookie tampering was fixed, with the introduction of a "rate limiting" API you can use in your own code too
  • 🐞 Few other bugfix and updates

Complete changelog

New Contributors

  • @daboss84 made their first contribution in #3438

Full Changelog: v20.1.0...v20.1.1

Contributors

colinmollenhour, fballiano, and 7 other contributors
Assets 3
Loading
3 Join discussion

v19.5.1

05 Sep 09:14
@fballiano fballiano
v19.5.1
797d2a0
Compare
Choose a tag to compare
v19.5.1

What's Changed

  • Fixed a vulnerability about "guest order view" cookie tampering
  • Forced ZF1F 1.22.0 in order to make ZF1F future releases not break our composer patches by @fballiano in #3484
  • Added 'redis' option for Cm_RedisSession to make rewrite unnecessary. Refs #3464 by @colinmollenhour in #3465

Full Changelog: v19.5.0...v19.5.1

Contributors

colinmollenhour and fballiano
Assets 3
Loading
0 Join discussion

v20.1.0

02 Aug 09:17
@fballiano fballiano
v20.1.0
3e7be11
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v20.1.0

You should absolutely know

Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.

We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).

Release highlights

This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

  • If you want to clean up your project from all the files that were removed during this release cycle, please check this link for the complete list.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Also:

  • PHP 7.4 is now the minimum required version and 8.2 is now supported.
  • The M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • A great improvement to EAV config cache has been added to v20.
  • Support for Google Analytics 4 and Google Tag Manager was added with enhanced ecommerce data (which historically was always provided by 3rd party extensions).
  • Possibility to set backend locale per every admin user was added.
  • "pub/" folder structure was introduced (optional), to have extra security for your installation
  • Massive performance improvement in complex SQL queries (#2210)
  • Native WebP support
  • Many, many smaller bugfix and improvements

Things you should be aware of:

  • Support for Google Analytics3 and Universal Analytics were removed.
  • Support for UPS CGI API (which was shut down in May 2023) was removed.
  • Old inactive quotes are now actually purged from the database (#1489).

Known issues:

  • The "pub/" folder structure won't work in composer managed projects, because the composer-magento plugin can't manage symlinks inside "pub/" correctly (#1210).

Changelog

The list of changes is too long, so please check it at v20.0.20...v20.1.0

New Contributors

Contributors

sidealice, Hanmac, and 12 other contributors
Assets 3
Loading
28 Join discussion

v19.5.0

02 Aug 09:14
@fballiano fballiano
v19.5.0
24e9ce7
Compare
Choose a tag to compare
v19.5.0

You should absolutely know

Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.

We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).

Highlights

This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.

  • What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
  • PHP 7.4 is now the minimum required version and 8.2 is now supported
  • M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • Support for Google Analytics 4 was added

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

The list of changes is too long, so please check it at v19.4.23...v19.5.0

New Contributors

Contributors

rfeese, alexkirsch, and 2 other contributors
Assets 3
Loading

v20.1.0-rc7

26 Jul 08:52
@fballiano fballiano
v20.1.0-rc7
1fde8f7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v20.1.0-rc7 Pre-release
Pre-release

This is gonna be the last RC release before tagging v20.1.0/v19.5.0 as stable. This will be done in about a week if no major problem is discovered. In this timeframe nothing new will be merged in OpenMage's repository, unless it's an important bugfix for this specific release. See you soon with the biggest release of OpenMage ever! 🎉

You should absolutely know

Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.

We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).

Release highlights

This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

  • If you want to clean up your project from all the files that were removed during this release cycle, please check this link for the complete list.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Also:

  • PHP 7.4 is now the minimum required version and 8.2 is now supported.
  • The M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • A great improvement to EAV config cache has been added to v20.
  • Support for Google Analytics 4 and Google Tag Manager was added with enhanced ecommerce data (which historically was always provided by 3rd party extensions).
  • Possibility to set backend locale per every admin user was added.
  • "pub/" folder structure was introduced (optional), to have extra security for your installation
  • Massive performance improvement in complex SQL queries (#2210)
  • Native WebP support
  • Many, many smaller bugfix and improvements

Things you should be aware of:

  • Support for Google Analytics3 and Universal Analytics were removed.
  • Support for UPS CGI API (which was shut down in May 2023) was removed.
  • Old inactive quotes are now actually purged from the database (#1489).

Known issues:

  • The "pub/" folder structure won't work in composer managed projects, because the composer-magento plugin can't manage symlinks inside "pub/" correctly (#1210).

Changelog

  • Added DDEV command to install OM (incl. sample data) by @sreichel in #3248
  • Allowed customization of the checkout page identifiers for the Mage_GoogleAnalytics module by @fballiano in #3363
  • Bump phpstan/phpstan from 1.10.21 to 1.10.22 by @dependabot in #3359
  • Removed unexisting branch alias from composer.json by @fballiano in #3364
  • Clear config cache after maintenance check for DB Update by @Hanmac in #3365
  • Added hidden element before multiselect form elements in adminhtml by @Hanmac in #3352
  • Added decimal/thousand separator specification when sending Analytics4 data by @fballiano in #3366
  • Added DDEV command to create/update the administrator account by @ADDISON74 in #3256
  • New feature to repopulate product form in frontend on errors. by @kiatng in #3367
  • Bump phpstan/phpstan from 1.10.22 to 1.10.25 by @dependabot in #3372
  • Bump phpseclib/phpseclib from 3.0.20 to 3.0.21 by @dependabot in #3369
  • Bump friendsofphp/php-cs-fixer from 3.20.0 to 3.21.0 by @dependabot in #3370
  • Bump magento-ecg/coding-standard from 4.5.2 to 4.5.4 by @dependabot in #3371
  • Converted line ending of some files in order to avoid warnings from git by @fballiano in #3368
  • Resized panels height in "attribute set" backend view by @fballiano in #3247
  • Fixed $address is null in AddressController. by @kiatng in #3373
  • Fixed exception in Dob.php during customer registration. by @kiatng in #3374
  • Better clearing of session messages after display by @kyrena in #3326
  • Do not reindex catalog_product_flat for disabled stores by @empiricompany in #3251
  • Mage_Report: Migrated hardcoded cron expressions to configurable fields by @Sekiphp in #1869
  • Mage_Eav_Model_Attribute_Data_Date::extractValue() should not return false by @fballiano in #3268
  • Fixed customer not receiving order notification email when the email … by @kiatng in #3290
  • Removed double save on quote in Mage_Checkout_CartController::ajaxUpdateAction() by @fballiano in #3378
  • Rewrote part of GA4 to support add/remove quantity from cart and cart_updates by @fballiano in #3377
  • Fixed implicit conversion from float to int in Mage_SalesRule_Model_Validator by @kyrena in #3345
  • Rewrote afterSave of product and category image attributes by @luigifab in #3301
  • Bump friendsofphp/php-cs-fixer from 3.21.0 to 3.22.0 by @dependabot in #3385
  • Bump phpunit/phpunit from 9.6.9 to 9.6.10 by @dependabot in #3386
  • Fixed passing null for number_format is deprecated for downloadable products by @fballiano in #3382
  • Allowed to upload images in WebP format by @empiricompany in #3384
  • Removed phpstan.dist.issues.neon by @sreichel in #3257
  • Fixed issue #3392 clearInstance() method in Mage_Catalog_Model_Product. by @kiatng in #3395
  • Bump phpstan/phpstan from 1.10.25 to 1.10.26 by @dependabot in #3402
  • Fixed a bug with UPS that prevented saving the shipping methods page from backend by @fballiano in #3397
  • Fixed documentation block typo on Mage::addObserver by @denisahac in #3404
  • Fixed truecolor detection for WebP images by @fballiano in #3403
  • Fixed a bug with overlapping menu items in backend by @seifer7 in #3396

New Contributors

Full Changelog: v20.1.0-rc6...v20.1.0-rc7

Contributors

Hanmac, fballiano, and 10 other contributors
Assets 3
Loading
9 Join discussion