work-banner.jpg

Time to Upgrade: Magento Commerce 2.3.5

April 28, 2020 by Brent W Peterson

Time to Upgrade: Magento Commerce 2.3.5

This entry was posted on April 28, 2020 by Brent W Peterson

Magento will release the latest version of Magento Commerce to the public today, April 28, 2020. This version will include important updates to security, quality, and platform technologies—we strongly recommend you upgrade to ensure your online stores stay compliant and maintain the highest level of security and performance.

The latest security-only patch, 2.3.4-p1, will be released as well, providing you with another option for your update strategy.

Find out how you can get AUTOMATIC UPDATES for a WHOLE YEAR!

Release Notes

Magento Commerce 2.3.5 offers significant platform upgrades, substantial security changes, and performance improvements.

This release includes over 180 functional fixes to the core product and over 25 security enhancements. It includes the resolution of over 46 GitHub issues by our community members. These community contributions range from minor clean-up of core code to significant enhancements in Inventory Management and GraphQL.

Quarterly releases may contain backward-incompatible changes (BIC). Magento 2.3.5 contains minor backward-incompatible changes. To review minor backward-incompatible changes, see BIC reference. (Major backward-incompatible issues are described in BIC highlights. Not all releases introduce major BICs.)

Security-only patch available

Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release (for example, Magento 2.3.5) provides. Patch 2.3.4.1 (Composer package 2.3.4-p1) is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.5. All hot fixes that were applied to the 2.3.4 release are included in this security-only patch. (A hot fix provides a fix to a released version of Magento that addresses a specific problem or bug.) For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.4-p1), see Install Magento using Composer. Security-only patches include only security bug fixes; not the additional security enhancements that are included in the full patch.

With this quarterly release, we have changed how we describe these security issues. Individual issues are no longer described in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento.

Other release information

Although code for these features is bundled with quarterly releases of the Magento core code, several of these projects (for example, Page Builder, Inventory Management, and Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in the separate, project-specific release information that is available in the documentation for each project.

Highlights

Look for the following highlights in this release:

Substantial security enhancements

This release includes the following security enhancements:

Over 25 security enhancements that help close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities

No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. Most of these issues require that an attacker first obtains access to the Admin. As a result, we remind you to take all necessary steps to protect your Admin, including but not limited to these efforts: IP whitelisting, two-factor authentication, use of a VPN, the use of a unique location rather than /admin, and good password hygiene. See Security updates available for Magento for a discussion of these fixed issues. All known exploitable security issues fixed in this release (2.3.5) have been ported to 1.14.4.5 and 1.9.4.5, as appropriate.

With the Magento 2.3.4 release, we changed how we describe these security issues. Individual issues are no longer described in the Magento Security Center. Instead, these issues are documented in an Adobe Security bulletin. Please see Security updates available for Magento.

Security enhancements and fixes to core code

This release includes over 25 security fixes and platform security improvements. Additional security enhancements include:

  • Implementation of Content Security Policy (CSP). Content-Security-Policy is an HTTP response header that browsers can use to enhance the security of a web page. This added layer of security supports the detection and mitigation of attacks, including cross-site scripting (XSS) and data injection attacks. This release implements the CSP SPI, which developers can use. Report-only mode is the default.
  • Removal of session id from URLs. Exposure of session id values in URLs creates a potential security vulnerability in the form of session fixation. We are removing code from the classes and methods add/read session id from URLs.

Starting with the release of Magento Commerce 2.3.2, Magento will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This allows users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment. You can learn more about CVE identifiers at CVE.

Platform upgrades

The following platform upgrades help enhance website security and performance:

  • Support for Elasticsearch 7.5. Elasticsearch 7.5 is now the supported catalog search engine for both Magento Commerce and Magento Open Source. With this release, Magento 2.3.x supports only Elasticsearch 6.x and 7.x. Elasticsearch 2.x and 5.x are now deprecated for Magento 2.3.x and will be removed in Magento 2.4.0.
  • Deprecation of core integration of third-party payment methods. With this release, the integrations of the Authorize.Net, eWay, CyberSource, and Worldpay payment methods are deprecated. These core features are no longer be supported and will be removed in the next minor release (2.4.0). Merchants should migrate to the official extensions that are available on the Magento Marketplace. See the Deprecation of Magento core payment integrations devblog post.
  • Deprecation of the core integration of the Signifyd fraud protection code. This core feature is no longer supported. Merchants should migrate to the Signifyd Fraud & Chargeback Protection extension that is available on the Magento Marketplace.
  • Upgrade of Symfony Components to the latest lifetime support version (4.4). (Symfony Components are a set of decoupled PHP libraries used by the Magento Framework.
  • Migration of dependencies on Zend Framework to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated. Magento 2.3.5 contains the minimal number of changes to code and configuration that are required to support the use of the Laminas libraries. These changes are backward-compatible, and you can continue to use your current code. However, we recommend that extension developers and system integrators begin migrating their extensions to use Laminas. While this migration is not required for compatibility with this patch release, long-term solutions will require it.
    The laminas/laminas-dependency-plugin requires Composer 1.7.0 and higher. To see which version of Composer you are running, run composer –version. Run composer self-update if you are on an older version of Composer.

Performance boosts

  • Improvements to customer data section invalidation logic. This release introduces a new way of invalidating all customer sections data that avoids a known issue with local storage when custom sections.xml invalidations are active. (Previously, private content (local storage) was not correctly populated when you had a custom etc/frontend/sections.xml with action invalidations). See Private content.
  • Multiple optimizations to Redis performance. The enhancements minimize the number of queries to Redis that are performed on each Magento request. These optimizations include:
    • Decrease in size of network data transfers between Redis and Magento
    • Reduction in Redis’ consumption of CPU cycles by improving the adapter’s ability to automatically determine what needs to be loaded
    • Reduction in race conditions on Redis write operations

Infrastructure improvements

This release contains enhancements to core quality, which improve the quality of the Framework and these modules: catalog, sales, PayPal, Elasticsearch, Import, CMS, and B2B.

  • The PayPal Pro payment method now works as expected in the Chrome 80 browser. This payment method previously invoked a Magento callback endpoint that needed access to the customer’s session — access that the new default Chrome same-46 site cookie functionality does not permit. GitHub-26840
  • A PHPStan code analysis check has been integrated into Magento static builds. This tool performs sophisticated static code analysis and identifies additional issues that are currently not detected by PHP CodeSniffer and PHP Mess Detector. See Magento Testing Guide.

Merchant tool enhancements

Page Builder

Page Builder enhancements for this release include:

  • Templates. Page Builder now has templates that can be created from existing content and applied to new content areas. Page Builder templates save both content and layouts of existing pages, blocks, dynamic blocks, product attributes, and category descriptions. For example, you can save an existing Page Builder CMS page as a template and then apply that template (with all its content and layouts) to quickly create new CMS Pages for your site.
  • Video Backgrounds for Rows, Banners, and Sliders. Page Builder Rows, Banners, and Sliders now have the option to use videos for their backgrounds.
  • Full Height Rows, Banners, and Sliders. Page Builder Rows, Banners, and Sliders now have the option to set their heights to the full-height of the page using a number with any CSS unit (px, %, vh, em) or a calculation between units (100vh - 237px).
  • Content type upgrade library. We can now introduce new versions of Page Builder content types without introducing backward-incompatible issues with previous versions. Prior to this release, significant changes to content type configurations would create display and data-loss issues with previously saved Page Builder content types. Our new upgrade library eliminates these issues. The library upgrades previous versions of content types saved to the database to match the configuration changes of the new versions.

Inventory Management

Inventory Management enhancements for this release include:

  • New bulk API for IsProductSalableForRequestedQtyInterface, which is used in checkout and cart verification
  • New extension point for SourceDataProvider and StockDataProvider
  • Ability to view allocated inventory sources from the Orders list

See Inventory Management release notes for a more detailed discussion of recent Inventory Management bug fixes.

GraphQL

With this release, you can now use products and categoryList queries to retrieve information about products and categories that have been added to a staged campaign. See Using queries in the GraphQL Developer Guide for details.

See Release notes for a detailed discussion of recent GraphQL bug fixes.

PWA Studio

For information on these enhancements plus other improvements, see PWA Studio releases.

dotdigital

This release includes:

  • Integration of Engagement cloud and Magento B2B. A new B2B integration module integrates Engagement cloud and the Magento B2B module to enable Magento B2B merchants to leverage their B2B commerce data and better engage with their prospective and existing customers. This will include:
    • Company data sync (customer type, company, company status)
    • Sync of shared catalog data. Syncing additional product catalog data (custom products and product attributes) to dotdigital. Merchants can turn additional product data into marketing campaigns or use it to make recommendations
    • Sync of quote data
  • Improved importer performance and coupon code re-send

Google Shopping ads Channel

The Google Shopping ads Channel bundled extension has reached end-of-life with this release (2.3.5 and 2.3.4-p1). It is no longer supported. Alternative extensions are available on the Magento Marketplace.

B2B

This release includes 18 bug fixes. See B2B release notes.

Vendor-developed extension enhancements

This release of Magento includes extensions developed by third-party vendors. It includes both quality and UX improvements to these extensions.

Klarna

With this release, the Klarna extension is now available in Australia and New Zealand, and a new Oceania endpoint has been added to the existing API. This release also contains UX enhancements and minor bug fixes.

Yotpo

Yotpo is now integrated with Page Builder.

Vertex

This release of Vertex includes the following new feature and enhancements:

  • Address Validation. Addresses that are created or edited in the Customer Account are now validated when the module is enabled.
  • Admin Configuration. Flexible Field dropdown options are now sorted alphabetically by the current Admin user’s locale.
  • Virtual Products. Klarna now uses an order’s billing address to calculate taxes on virtual products. Shipping-related flexible fields are no longer completed for virtual products.
  • Restorable configuration settings. The Use Vertex for orders shipping to, Summarize Tax by, and Global Delivery Term now provide an option to be restored to their default setting.
  • Port in WSDL. The WSDL URL now support ports and basic authentication.
  • Best Practices in Code. Models intended to assist Observers have been relocated into the Model namespace to clean up the Observer namespace.

Fixed issues

We have fixed hundreds of issues in the Magento 2.3.5 core code.

Installation, upgrade, deployment

  • The link accessed from Admin > Stores > Settings > Configuration > General > Advanced Reporting now opens in a new tab as expected.
  • You can now successfully remove a website along with the website’s scope-specific configuration settings in app/etc/config.php as expected. Previously, when you tried to remove the website, the operation failed, and Magento displayed this error: The website with code xxx that was requested wasn't found. Verify the website and try again. Additionally, Magento displayed this error on the storefront: Config files have changed. Run app:config:import or setup:upgrade command to synchronize configuration.
  • Configuration settings that are disabled in index.php are no longer editable from the Admin.

Adobe stock integration

  • Image previews now close as expected when you navigate to a new page of search returns when searching Adobe Stock images.
  • Image details are now hidden when you click on the image in the search result list.
  • You can now use keyboard arrow keys to navigate to the next image in the preview.
  • The Search Stock Images button now remains active as expected after you have searched for and saved an image from the media gallery. Previously, this button was disabled after you used it to search for an image and saved it.

Analytics

  • Analytic reports are now available after changing the store URL.

Bundle products

  • Bundle product prices are now calculated correctly on product pages.
  • The performance of the catalog_product_price reindex operation for bundle products has been improved.
  • Magento now correctly displays required field asterisks for products with custom options in the Admin.
  • Clicking Enter in the Shipping Price field for Negotiable Quotes now correctly updates shipping price.
  • Magento now displays the same price for a bundle product in the mini cart and on the product page.

B2B

  • Administrators can now create a Shared Catalog when Indexer Dimension Mode is set to website. Previously, Magento displayed this error: Could not save shared catalog.
  • You can now search Companies in the Admin by user gender or phone number without error. Previously, Magento logged an exception in exception.log for the search on the phone number search, and the search on Gender=Not Specified did not produce results.
  • You can now successfully configure a downloadable product’s link options from the Admin View Quote page. Previously, you could only update these options if the first downloadable link was selected.
  • You can now use the PUT /V1/company/:companyId endpoint to activate a Company. Previously, Magento threw this error: message: "Invalid attribute value. Rejected date&time and Rejected Reason can be changed only when a company status is changed to Rejected.
  • Administrators with appropriate permissions can now successfully place a quote order when paying with PayPal. Previously, Magento displayed an informative error message and did not process payment.
  • When a bundle product is disabled and then re-enabled from the Admin Product grid after being added to the shopping cart, Magento now displays the Checkout button in the cart as expected. Previously, when a bundle product was disabled and then re-enabled from the Admin Product grid after being added to the cart, Magento displayed an error, and the cart did not display a Checkout button.
  • When you reassign Company administrator privileges from one user to another, Magento assigns the correct address to the administrator. Previously, when the company administrator was changed, Magento incorrectly associated the address of the former administrator to the current one.
  • The correct Company logo is now used in transactional emails for each website.
  • An administrator with appropriate permissions in a multisite deployment can now create a company for a website other than the one the administrator is currently logged in to.
  • Shared catalogs in multi-site deployments are now correctly associated with group_id rather than store_id and can be successfully saved from any store view that is associated with the group_id. Previously, when an administrator opened the shared catalog from a store view other than the store view from which the shared catalog was created, Magento did not save the shared catalog and displayed this error: The store that was requested wasn't found. Verify the store and try again.
  • Clicking Enter when changing a proposed shipping price from Admin > Sales > Quotes no longer causes the page to refresh without an update.
  • Products can be added to cart from Quick Order after a user’s Customer Group is updated. Previously, customers whose customer group had been updated could not add a product to the cart, and Magento displayed this error: The SKU was not found in the catalog.
  • Clicking Enter when changing a proposed shipping price now changes the price as expected. Previously, clicking Enter refreshed the page, and you needed to fetch the relevant rates again.
  • Shared catalog customers can now order unassigned or assigned items from the Admin as expected. Previously, merchants could not order products that were not assigned to the catalog.
  • Merchants can now use a custom attribute named company when creating a new Company account. Previously, Magento displayed a 500 error when you named a custom attribute company.
  • You can now use the /V1/guest-carts/:cartId/items endpoint to change the quantity of products in the cart when the Allowed Qty Below 0 and Notify Customer setting are enabled for the product.
  • Magento now correctly displays products with special characters in Shared Catalogs in the Admin.
  • Administrators with appropriate permissions can now add a configurable product to an order as expected. Previously, although Magento displayed the Configure Product popup window when an administrator selected a configurable product, the pop up’s drop-down list did not contain a Quantity input field.

Cache

  • Frontend cookies are now set as expected when you enable Use Secure URLs on Storefront and Secure Base URL is set to https.

Cart and checkout

  • Magento now displays an informative error message when you try to add a product by clicking Order by SKU when the file for upload is corrupt. Previously, Magento displayed a blank page.
  • Cart Price Rules that are based on payment methods are now applied during the checkout workflow.
  • You can now disable zip code validation on the checkout workflow from the Admin as expected. Previously, Magento threw an error when a customer entered a zip code that did not meet specified values for zip codes even after validation was disabled by setting Input Validation to none from Admin > Stores > Attributes > Customer address > Edit Zip/Postal Code.

Catalog

  • Filtering on the Admin product grid website column now works as expected. Previously, filter results did not display the correct number of products, but consistently displayed the total number of products as 1.
  • Magento no longer throws an error during checkout when the Synchronize with Backend configuration setting is enabled. GitHub-23833
  • Magento no longer throws an error when you change the name of a tiered product that is included in a scheduled update. Previously, when you tried to save the product with a new name, Magento displayed this error: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '3-0-0-2.0000-0' for key 'UNQ_EBC6A54F44DFA66FA9024CAD97FED6C7', query was: INSERT INTO catalog_product_entity_tier_price (all_groups, customer_group_id, qty, value, website_id, percentage_value, row_id) VALUES (?, ?, ?, ?, ?, ?, ?)
  • The Recently Viewed Products feature now works as expected in multistore deployments.
  • You can now successfully edit a configurable product with many variants (approximately 5,000) from the Admin. Previously, when you tried to edit a configurable product with many subproducts, Magento displayed this error: Warning: DOMDocumentFragment::appendXML(): Entity: line 1: parser error : CData section too big found in /vendor/magento/framework/View/TemplateEngine/Xhtml/Template.php on line 60
  • Sorting on attribute sets on Admin > Catalog > Products is now based on alphabetical order as expected.
  • Custom attribute values can now be saved as expected in the Admin.
  • Corrected an issue that caused the PUT /V1/products/:sku/media/:entryId call to create a new entry rather than replace the existing one.
  • Customizable options are now imported as expected when row_id is not equal to a product’s entity_id. Previously, Magento did not import customizable options when row_id was not equal to a product’s entity_id, which resulted in certain products not being imported.
  • You can now assign a default watermark to a theme. Previously, after assigning the watermark, Magento threw an fatal error.
  • Magento now displays product images in the mini cart without distortion. Previously, Magento stretched the image in the mini cart to fill the entire width and height of the image container.
  • The Recently View Products feature now shows products associated only with the current store view in multi-store deployments when Stores > Configurations > Catalog > Recently Viewed/Compared Products > Show for Current is set to store view. Previously, Magento displayed recently viewed products from all websites, no matter which website the product was assigned to.
  • The product compare feature now works as expected. It displays only products in the current user’s compare list.
  • Problems with the partial re-indexing of large categories have been resolved. Previously, due to problems with this process, products were randomly excluded from categories on the storefront.
  • The getBasePrice function now returns float value as expected rather than a string.
  • Images are now saved in pub/media/catalog/category as expected when you save category images. Previously, Magento saved these images in pub/media/catalog/tmp/category.

CatalogInventory

  • Magento now displays appropriate feedback when you unsuccessfully attempt to update and save a product. Previously, Magento did not display an error message or take any action when you tried to save a product after updating it.

Catalog Price Rule

  • The mini cart and Admin shopping cart (Admin > Customers > Manage Shopping Cart) now display correct product prices when a Catalog Price Rule is applied. Previously, the storefront shopping cart displayed the correct product price, but the mini cart and Admin shopping cart displayed the original product price.
  • Product prices on the storefront now accurately reflect the application of a scheduled Catalog Price Rule update. Previously, prices did not reflect the scheduled cart price rule until you manually re-indexed (php bin/magento indexer:reindex catalogrule_rule).

Catalog rule

  • The performance of the Catalog Product Rule Indexer has been improved.

Catalog widget

  • The CatalogWidget products list now works as expected with anchor categories, and products from anchor categories are now matched and displayed. Previously, when you selected a parent category that was an anchor, but that did not contain assigned products, products were not visible in the widget.

Cleanup and simple code refactoring

  • Corrected misalignment of the View Details label for configurable products in the order summary of the checkout workflow.
  • Added a margin-bottom value to the static CMS block widget in the Checkout/Cart Summary of the checkout workflow in the Luma and Blank themes.
  • Added a margin between the checkbox and icon when choosing a category when assigning a condition to a new Cart Price Rule.
  • Rating stars no longer overlays the product over which your mouse hovers on the category page.
  • Corrected misalignment of the calendar icon inside the textbook on the Add Design Change page.
  • Deleted unused variable (time_taken) from the Magento/Catalog/view/frontend/templates/product/listing.phtml template.

CMS content

  • Magento now loads blocks that are associated with the website that a restricted user has access to when the user navigates to Content > Blocks.

Configurable products

  • Added validation logic to the Create new value input field of the configurable product creation workflow. Previously, you could create an attribute option value that contained only a space.

Cron

  • bin/magento cron:run -v no longer fails when the database name exceeds 64 characters but instead creates a shorter name.

Customer

  • You can now save a Gender field with a blank value when directly editing customer information from the Customer list. Previously, when you saved this value, Magento displayed a success message, but did not save it.
  • Magento now uses a new PHPSession for each change of password.
  • The steps involved in x-magento-init initialization now happen in the correct order: RequireJS loads section-config.js, and section-config.js constructs and initiates itself as required. Previously, RequireJS loaded section-config.js, but the internal data section-config required for functioning did not load, and section-config.js threw an error: Uncaught TypeError: Cannot read property '*' of undefined.

Customer segment

  • Magento now correctly applies customer segment cart price rules in a multi-website deployment when an administrator creates an order from the Admin and adds products to the cart from different websites.
  • Customer segments now work as expected when segment conditions include the total number of orders.

Custom customer attributes

  • Magento now displays custom customer address attribute values as expected in the address section of the checkout workflow. Previously, Magento displayed the custom customer address attribute code instead of the value, and a JavaScript error was triggered.

Dynamic block (formerly banner)

EAV

  • The Update Attribute action now correctly updates the timestamp of a product’s updated_at column from catalog_product_entity when you update the product from the Admin edit product page.
  • Magento now respects store-specific settings that determine whether the telephone number field of the checkout workflow is required in a multi-site deployment. Previously, in deployments where one store required this field in the checkout workflow and another store did not, customers who did not complete this field while checking out on the store that did not require it encountered this error: Please check the shipping address information. "telephone" is required. Enter and try again.

Email

  • Email templates (Admin > Marketing > Communications > Email Templates) can now be previewed from the Admin when JavaScript magnification is enabled. Previously, when you tried to preview an email template, the Email Preview popup window was empty.
  • The order notification emails sent from Microsoft Outlook now contain the content rendered as expected from the assigned email template. Previously, the notification email that Magento sent contained a blank body that included content as an ATT*-labeled attachment to the email.

Frameworks

  • Dependencies on Zend Framework have been migrated to the Laminas project to reflect the transitioning of Zend Framework to the Linux Foundation’s Laminas Project. Zend Framework has been deprecated.
  • Editing products in the Admin no longer triggers Redis errors.
  • php bin/magento cron:run no longer processes items from the change log table multiple times. Previously, when you had more than 100000 new versions in the change log table, actions could be called several times for the same entity id.
  • Watermark images no longer obscure the product image that they overlay. Previously, when the watermark image was larger than the product image it was applied to, the product image was not visible.
  • Non-cacheable blocks are no longer added to default layout handles. Adding non-cacheable blocks to default layout handlers renders all Magento pages non-cacheable. This results from the layout generation process: During layout generation, Magento collects all available layout handles for a particular page and merges instructions from them into the page’s final layout structure. The default layout handle is used as a basic handle for every page. As a result, layout updates that are declared for the default handler appear on every Magento page.

JavaScript framework

  • Added a check to confirm that a file belongs to the current base URL before setting the .min.js suffix. Previously, when you installed a CDN file using require-config.js, and your store was in production mode, the JavaScript path was changed during compilation, and Magento displayed a 404 error.
  • JavaScript errors no longer occur on the shopping cart/mini cart page when the cart contains a configurable product.
  • Clicking the Refund Offline button in the create a credit memo workflow now generates a credit memo as expected. Previously, a JavaScript error disabled this button, and Magento did not create a credit memo.
  • JavaScript bundling and JavaScript minimization should be disabled by default when Magento_Baler is enabled.

General fixes

  • Comments entered by a customer on the storefront Returns page are now successfully attributed to the correct customer. Previously, these comments were attributed incorrectly to Customer Support.
  • All HTML tags are now supported by the TinyMCE4 editor.
  • Magento now displays an informative error message and continues to display the registration form as expected if an error occurs when a customer tries to complete a registration form that contains a multiselect customer attribute. Previously, Magento displayed a 500 error.
  • The stock alert email sent to customers about the re-stocking of a configurable product now contains the correct product price. Previously, this email contained a product price of 0.
  • You can now delete an empty user model without deleting the Administrators role to which it is assigned.
  • The .fotorama__thumb__arr arrows adjacent to the thumbnail images on the product gallery now work as expected.
  • You can now accurately manipulate a zoomed image using your mouse. Previously, the magnified area was incorrectly offset.
  • LESS styling for the Magento_Contact and Magento_Cms modules has been moved to the correct design directory. This change brings these modules into alignment with the organization of other modules, none of which include any LESS styling.
  • Google Tag Manager tags are no longer triggered when a customer navigates to a new store without accepting the Google Tag Manager cookie.
  • A store’s admin URL no longer redirects to the storefront URL when these two URLs differ.
  • The graphical orders chart accessible from the Orders tab on the Admin dashboard now accurately reflects order quantity.
  • Product price change alert email now includes the correct product price. Previously, this email suggested a new product price of 0.
  • You can now save and duplicate all CMS pages. Previously Magento threw this exception when you tried to duplicate certain pages: Unique constraint violation found.
  • You can now add a child product of a grouped product to your cart when one of the grouped product’s other child products is out-of-stock. Previously, when one child product was out-of-stock, you could not add any other child products to the cart.

Gift cards

  • The GET V1/orders/:orderId call returns gift card codes as expected.
  • An expired gift card becomes active as expected when you change its expiration date to a future date. Previously, the gift card remained expired.

Gift wrapping

  • Invoices now include gift wrapping details including charges and other details.
  • Gift wrapping can now be added to the cart when it is enabled on the product level. Previously, you could add gift wrapping to a product on the storefront, but Magento would not include gift wrapping in the order summary.

Google Tag Manager

  • The missing Magento_GoogleTagManager::checkout/set_checkout_option.phtml template has been restored.

Import/export

  • Magento now updates images as expected when you use the hide_from_product_page setting when importing products in deployments with multiple store views.
  • Magento now deletes temporary files from /var as expected after product import has completed.
  • Magento now removes related, up-sell, and cross-sell products as expected in the import.csv file when you set the value of the Empty attribute value constant field to _EMPTYVALUE_ for products in System > Import. Previously, cross-sell, up-sell, and related products were not removed from the import .csv file.
  • Magento now displays a more informative error message, and does not display a download link, when you try to delete a directory from the System > Export list. Previously, when you tried to delete a directory from this list, Magento continued to display a download link for files that could not be downloaded, and displayed an uninformative error message.
  • The CSV file used during import now contains the correct links for downloadable products and is now correctly formatted to support importing and updating downloadable products.
  • The Stock Indexer is now triggered as expected after import and updates product status. Previously, the Stock Indexer did not index the changed product inventory data.
  • Images associated with configurable products are now properly uploaded during import and available for viewing as expected from the product edit page.
  • Magento now provides a message during product import that identifies which products in the imported CSV file have duplicated keys. Merchants can use this information to resolve conflicts. Previously, Magento displayed this error: Notice: Undefined index: name in /var/www/html/ee233dev/app/code/Magento/CatalogImportExport/Model/Import/Product.php on line 2524
  • Magento now successfully exports a .csv file when you set import behavior for Replace, select a previously exported .csv file, and click Check data. Previously, Magento displayed this error: Data validation failed. Please fix the following errors and upload the file again." and "Following Error(s) has been occurred during importing process.
  • You can now successfully import a product that does not have a store_view_code value. Previously, Magento displayed an error when you tried to import the product.
  • CSV files generated during product import now contain group titles for downloadable products as expected. Previously, unnecessary validation of group_title during import prevented the display of group titles for downloadable products.
  • You can now successfully import or update customers using the Customer and addresses single file option of the import workflow. Previously, when you selected this option, Magento did not import the customer data and displayed this error: Invalid data for insert.
  • Magento now imports all custom options for a configurable product’s child products successfully when store_view_code is specified. This works whether you choose to import configurable products individually or collectively. Previously, Magento did not successfully import all custom options when the import file contained more than one item and store_view_code was specified.
  • Exported .csv files now reflect filter settings for including in-stock or out-of-stock products. Previously, Magento exported all products, no matter which stock setting you selected.

Index

  • The partial indexer no longer incorrectly removes stock data when updating at least 1000 products. Previously, the indexer removed stock data, which resulted in in-stock products appearing out-of-stock.

Infrastructure

  • Elasticsearch 7.5 is now the supported catalog search engine for both Magento Commerce and Magento Open Source. With this release, Magento 2.3.x supports only Elasticsearch 6.x and 7.x. Elasticsearch 2.x and 5.x are now deprecated for Magento 2.3.x and will be removed in Magento 2.4.0.
  • Symfony Components have been upgraded to the latest lifetime support version (4.4). (Symfony Components are a set of decoupled PHP libraries used by the Magento Framework.)
  • Corrected the argument type of the email address constructor.
  • Admin route names can now contain a hyphen in the URL. Previously, validators for the action menu did not accept hyphens.
  • The condition of the shipping method title output in Magento_Checkout/js/view/summary/shipping has been corrected.

Inventory

  • You can now create an offline credit memo. Previously, when you ried to create one, Magento displayed this error: The credit memo couldn't be saved.

Logging

  • Magento now logs sales shipment actions in the Admin Action log as expected.
  • Order status changes are now logged as expected under System > Action Logs > Report.
  • CMS page save actions are now logged in Admin Action Logs. Previously, only view actions were logged.
  • Save actions on CMS pages are now logged as expected in Admin action logs when Select all actions to be logged is enabled on the Admin Actions Logging tab (Admin > Stores > Configuration > Advanced).

Newsletter

  • The preview template feature now works as expected. Previously, Magento displayed this error when you clicked Preview Template from the template edit page: Request-URI Too Long The requested URL's length exceeds the capacity limit for this server.

Payment methods

  • The integration of third-party payment methods into the core Magento code has been depreciated. With this release, the integrations of the Authorize.Net, eWay, CyberSource, and Worldpay payment methods are deprecated. These core features are no longer be supported and will be removed in the next minor release (2.4.0). Merchants should migrate to the official extensions that are available on the Magento Marketplace.
  • You can now successfully complete an order using the Payflow Link payment method. Previously, the Payflow Link payment method always rejected payment because the order status remained in the Pending payment state, even though the order status in the payment method logs was Approved.
  • The core implementation of Signifyd fraud protection is no longer supported. Merchants should migrate to the Signifyd Fraud & Chargeback Protection extension that is available on Magento Marketplace.
  • The Place Order button on the shipping workflow is now enabled as expected when you select Braintree as the payment method and the My billing and shipping address are the same setting is disabled.
  • You can now create an order from the Admin using Authorize.net as the payment method. Previously, Magento did not create the order, and displayed this error: Transaction has been declined. Please try again later.
  • The WorldPay payment integration with the Magento core has been deprecated. Please use the official Marketplace extension instead.
  • The Place order button on the checkout workflow is now disabled as expected until the customer updates the billing address when paying with Braintree. Previously, when secure 3D was enabled and the customer was paying with Braintree, Magento did not correctly validate the shipping address and displayed this JavaScript error: TypeError: Cannot read property 'firstname' of null.
  • The PayPal Pro payment method now works as expected in the Chrome 80 browser. This payment method previously invoked a Magento callback endpoint that needed access to the customer’s session — access that the new default Chrome same site cookie functionality does not permit.
  • Magento now successfully processes orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that the customer has manually entered into the text field rather than selected from the drop-down menu on the Shipping page. Previously, Magento displayed this error on the order review page: Error 500: NOTICE: PHP message: PHP Fatal error: Uncaught Error: Call to a member function getId() on null in httpdocs/vendor/magento/module-paypal/Model/Api/Nvp.php:1527.
  • Magento now displays an informative error message each time a customer clicks Pay with PayPal after entering an invalid shipping address in the checkout workflow. Previously, Magento displayed an error message only when the customer first clicked the button, not for subsequent clicks.
  • Magento no longer changes an order’s status to processing in the Payment Review section of the checkout workflow when a payment with PayPal fails.
  • Magento now saves the information a customer enters in the default billing and shipping fields during checkout when the transaction is initially declined due to invalid credit card but later completed successfully. Previously, although Magento created the order when the customer enters valid payment information, it did not update the default billing or shipping addresses in the My Account section of the checkout workflow.

Performance

Reviews

  • Magento now disables the Submit Review button after the user clicks the button once. Previously, Magento did not disable this button after the first click and created multiple reviews when the user clicked the Submit Review button multiple times.
  • The Admin > Reports > Reviews > By Products filter list now displays results as expected. Previously, when you tried to filter this list, Magento did not display any results.

Return Merchandise Authorizations (RMA)

  • Tracking links included in storefront order returns now work as expected. Previously, when a customer clicked the shipment tracking link on the order return page, Magento displayed this error: PHP Fatal error: Uncaught Error: Call to a member function getTitle() on null in /app/z7kvt3uys6daq/var/view_preprocessed/pub/static/vendor/magento/module-shipping/view/frontend/templates/tracking/details.phtml:1.
  • The Returns tab is now present as expected after you create an order return from the Admin.
  • Magento no longer displays an error when you successfully create an order and RMA from the storefront. Previously, Magento created the RMA as expected, but also displayed this error: We can't create a return right now. Please try again later.
  • Setting Enable RMA on Storefront to yes (Admin > Enable RMA in Stores > Configuration > Sales > Sales > RMA Settings ) now works as expected. Previously, returns were not preselected no matter how return-related settings were configured in the Admin.
  • Magento now sends RMA processing emails to customers from the store from which the purchase was made in a multi-store deployment. Previously, Magento sent these emails from the default store.

Rewards

  • Magento now refunds reward points as expected when an order is returned to a store running in a multi-store environment where different reward point rates are set for each store. Previously, Magento did not refund points as expected for a returned order that was purchased using reward points.

Sales

  • The State/Province field of the Billing Address section of the checkout workflow is now of type Dropdown in multisite deployments where the default store has country restrictions. Previously, the State/Province field was of type Text, which permitted you to enter an incorrect state.
  • Completed orders now appear in both the payment system and Magento. Previously, orders appeared in the payment system but not in Magento.

Sales Rule

  • quote_item.applied_rule_ids is now updated as expected after a cart price rule is disabled.
  • Cart Price rules with a condition set as Category (Parent only) now work as expected consistently.

Search

  • Filtering results no longer include out-of-stock options when you filter configurable products in a category.
  • Selecting all products from the products list page using Elasticsearch now displays all products in the search results as expected. Previously, Magento displayed no search results when this search was run on a staging server.
  • Elasticsearch now works as expected when you sort a product list that contains bundle products by alphabetized product names.
  • Magento now renders the < and > symbols correctly in storefront catalog search strings.

Shipping

  • Magento now prints shipping labels as a .pdf file as expected when you select Print Shipping Label from the Action drop-down list from an order in the order archive list. Previously, Magento displayed a 404 error.
  • The incorrect initial option values for the DHL shipping method have been corrected, and this shipping method now works as expected when enabled. Previously, when DHL shipping was enabled, Magento displayed this error in the shipping section of the checkout workflow: This shipping method is currently unavailable. If you would like to ship using this shipping method, please contact us.
  • The multishipping page of the checkout workflow now correctly displays discounted shipping prices when discounts are determined by a Cart Price rule.
  • Magento now correctly calculates refunds for orders that include discounts. Previously, Magento incorrectly calculated the shipping tax and shipping discount, and the refunded total did not match the total paid.
  • Support for Columbia regions has been added, and these regions are now available from the shipping and billing country dropdown menus in the checkout workflow.
  • The drop-down list that is available for selecting shipping methods during the process of creating a Cart Price Rule now contains only valid values. Previously, this dropdown list contained empty or extra values.

Sitemap

  • The partial sitemaps that are listed in the sitemap index now have the correct URL (for example, storeurl/pub/sitemap-1-1.xml). Previously, these URLs included the folder structure between the Magento user home folder and the installation folder.

Store

  • Customer sessions now persist as expected when a customer logs in to one store, adds products to the shopping cart, and then switches to a new store in a multi-store deployment. Previously, when the customer navigated to the second store, Magento logged out the customer and emptied the shopping cart.
  • Magento now redirects you to the correct product details page when you switch store view while on a product page in a multistore deployment. Previously, when you switched store view, Magento redirected you to a 404 page instead of the correct product page.

Swagger

  • Magento no longer displays an informative console error when you try to navigate to the Swagger index page. Magento previously threw an error as a result of a previous fix in which the requirejs-config block was removed from the layout file of the Swagger index page.

Swatches

  • Merchants can now successfully add color swatch attributes to products using the Visual Swatch option on Stores > Attributes > Product > New Attribute. Previously, a JavaScript error was triggered when you tried to open the newly created swatch attribute.

Target Rule

  • We have improved the performance of indexer_update_all_views. Indexing is now faster, inactive rules are no longer processed, and caches are cleared of entries about only changed products.
  • We’ve improved the performance of the Product/Target Rule and Target Rule/Product indexers. Indexing operations and editing and saving product operations are now faster.

Tax

  • Magento now performs VAT calculations correctly in all stores in a multistore deployment. Previously, Magento displayed an incorrect shipping rate in the default store but the correct one in the en_gb store.
  • Magento now updates shipping rates and prices as expected when a customer changes the destination country for an order during checkout.

Testing

  • Infrastructure static tests now check for missing return statements in class methods.

Theme

  • Product names are no longer translated if their text matches a global key.

Translation and locales

  • Special price range settings (from/to dates) now work correctly for administrator accounts using a Dutch locale.

UI

  • Radio buttons for shipping methods are now enabled as expected in the checkout workflow.
  • The product edit page now loads successfully when the default attribute set for the page contains a dropdown attribute with the select label.
  • You can now scroll as expected to the top of the Admin Import page.
  • Watermark size now remains consistent with the image to which it has been applied when you resize the image.
  • Magento now correctly renders the Read more … page element that is associated with a product that has an additionalOption value that exceeds 55 characters on the storefront shipment and invoice pages. Previously, these option values were escaped.
  • Corrected position of the wishlist item delete button on the category page.
  • Magento now displays a N/A where needed on the product compare list page. Previously, the field for an attribute that was not relevant for the selected product was left blank.
  • Magento now displays the dropdown icon as expected when you click Load template during the creation of a new email template from the Admin.
  • Magento now retains the correct aspect ratio when a store icon is resized for mobile display.
  • The focus function on the fourth level of a multi-level navigation menu now works consistently.
  • Magento now displays the correct error message in the confirmation popup dialog when you delete a customer group.
  • Accordion widgets placed in tab widgets now work as intended. Previously, when you clicked on the accordion widget, the tab closed.
  • Corrected the CSS-defined color for the Minimum Quantity allowed in Shopping Cart field of the Admin > Store > Configuration > Inventory page.
  • Logo images that are being uploaded into the Admin are now displayed with its native dimensions if no width and height parameters are explicitly set. Previously, an administrator could set the logo_img_width and logo_img_height block arguments in the layout file for the logo block, which potentially distorted the display of the logo.

URL rewrites

Visual Merchandiser

Web API framework

  • Corrected issues with the POST /rest/default/async/bulk/V1/orders calls.
  • Corrected issues with the POST /rest/default/async/bulk/V1/products calls.
  • Child products of a configurable product can now be successfully disabled through the API.

Wishlist

  • A wishlist now works as expected when it is enabled at the store-view level and disabled at the global level. Previously, when these settings were in place, adding a product to a wishlist resulted in a 404 error.
  • Magento now correctly saves and displays a new name for a wishlist when you rename a wishlist in deployments that contain multiple wishlists. Previously, Magento continued to display the former wishlist name.

WYSIWYG

  • The WYSIWYG editor now works as expected on Internet Explorer 11.x. Previously, when you edited a field using the editor, the selected text was deselected when you clicked Link.
  • Magento can now successfully display two or more WYSIWYG editors on a catalog product edit page. Previously, only one working editor was displayed.
  • The WYSIWYG editor no longer hangs indefinitely when you try to upload an image from the Admin. Previously, the image upload popup window hung until you refreshed the page.

 

Find out how you can get
AUTOMATIC mAGENTO UPDATES
for a WHOLE YEAR!