Magento Open Source 1.9.3.7 и Magento Commerce 1.14.3.7

02.12.2017

Magento Open Source 1.9.3.7 Release Notes

This patch (SUPEE-10415) provides resolution of multiple critical security issues. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.

Fixed issues

  • Magento no longer displays the “Invalid Secret Key. Please refresh the page.” message when a user loads the Admin.
  • The one-page checkout page now displays the following message when a customer checks out an order for which no amount is due: No payment information required. Magento versions prior to 1.14.3.3 included this message, but it was missing from v1.14.3.3.
  • We’ve fixed a typo in the patch header information. (autocomplete="new-pawwsord” is now autocomplete="new-password”.)

Known issue

Issue: Magento displays a "404: Page Not Found" error from the errors/ directory after upgrading to SUPEE-10415. This issue occurs only in Magento installations that run certain third-party extensions.

Description: Magento is not properly logging PHP warnings that occur early during page initialization. Instead, of logging the error and continuing operation, Magento generates a 404 page. (Previously, Magento logged these warnings in the system.log file, and execution would continue as usual.)

Workaround: Confirm that there are no PHP warnings generated by any of the extensions or customizations.

Notes

  • We no longer support custom file extensions for Mage::log(). Supported file extensions include .log.txt.html.csv. For more information, navigate to Developers > Log Settings from the Admin. Magento displays this comment: Logging from Mage::log(). File is located in /var/log. Allowed file extensions: log, txt, html, csv.
  • Passwords for new users are now limited to 256 characters. If a new user enters a password that exceeds 256 characters, Magento displays this message: Please enter a password with at most 256 characters.
  • Magento Commerce 1.14.3.7 Release Notes

    This patch (SUPEE-10415) provides resolution of multiple critical security issues. These critical security issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version. See Magento Security Center for a comprehensive discussion of these issues.

    Fixed issues

    • Magento no longer displays the “Invalid Secret Key. Please refresh the page.” message when a user loads the Admin.
    • The one-page checkout page now displays the following message when a customer checks out an order for which no amount is due: No payment information required. Magento versions prior to 1.14.3.3 included this message, but it was missing from v1.14.3.3.
    • We’ve fixed a typo in the patch header information. (autocomplete="new-pawwsord” is now autocomplete="new-password”.)

    Known issue

    Issue: Magento displays a "404: Page Not Found" error from the errors/ directory after upgrading to SUPEE-10415. This issue occurs only in Magento installations that run certain third-party extensions.

    Description: Magento is not properly logging PHP warnings that occur early during page initialization. Instead, of logging the error and continuing operation, Magento generates a 404 page. (Previously, Magento logged these warnings in the system.log file, and execution would continue as usual.)

    Workaround: Confirm that there are no PHP warnings generated by any of the extensions or customizations.

    Notes

    • We no longer support custom file extensions for Mage::log(). Supported file extensions include .log.txt.html.csv. For more information, navigate to Developers > Log Settings from the Admin. Magento displays this comment: Logging from Mage::log(). File is located in /var/log. Allowed file extensions: log, txt, html, csv.
    • Passwords for new users are now limited to 256 characters. If a new user enters a password that exceeds 256 characters, Magento displays this message: Please enter a password with at most 256 characters.

Комментарии

Пока нет комментариев

Написать комментарий