Magento 1.9.1.0
24 November 2014
Magento version 1.9.1.0 is now available (security release).
Upgrading to Magento 1.9.1.0
Magento 1.9.1.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 1.9.1.0 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 1.9.1.0
Highlights
- Configurable Swatches: Configurable swatches help you optimize the way products are presented on your site. New "swatch" capabilities make products more appealing—and boost conversion rates—by offering shoppers quick access to information, like available colors, fabrics, sizes, and more. Clicking on a swatch automatically updates the product image so shoppers see exactly what a color or fabric looks like, giving them confidence to proceed with their purchase.
- Responsive Design Improvements: It has never been easier to create a mobile-friendly site now that Magento's responsive design reference theme includes all core Magento features, including gift registries, downloadable products, multiple wish lists, add-to-cart by SKU, and private sales. It even boasts responsive default email templates so customers can read your order confirmation emails and newsletters on any device.
- Technology Updates: Magento Community Edition boosts performance and security by adding support for MySQL 5.6 and PHP 5.5. With MySQL 5.6, you benefit from improved site speed and scalability, reduced memory usage on the database server, and enhanced debugging tools. PHP 5.5 provides security improvements and ensures you have continued access to code updates. And, for those of you who haven't already upgraded from PHP 5.3, there are potential performance improvements—up to 25% based on reports from some customers. Magento Community Edition 1.9.1 has been updated to support Universal Analytics, the new standard for Google Analytics. With this update, merchants can define more custom dimensions and metrics for tracking, incorporate offline and mobile app interactions, and gain access to ongoing feature updates that will only be available on Universal Analytics.
- Other Improvements: Magento CE 1.9.1 includes updates to promotions, product import/export capabilities, security, and other features as part of our commitment to continually improve product quality.
Security Enhancements
- SUPEE-1533 - Addresses two potential remote code execution exploits
- Resolved potential issues as discussed in Resolving a Remote Code Execution Exploit.
- Magento thanks Matt Barrah for contributing to this fix.
- To change their password, a Magento administrator must first enter their existing password.
- Resolved a potential XML External Entity Processing (XXE) exploit with the potential to cause a Denial of Service attack.
- Customer passwords are no longer stored in clear text during registration.
- Storefront users no longer see each others' user names in certain circumstances.
- To change an administrator password using the Admin Panel, you must first enter your existing password.
- Added a secure cookie flag for the storefront to prevent man-in-the-middle attacks. Configuration options haven't changed; they are still under System > Configuration > GENERAL > Web, option groups Secure and Unsecure.
Changes
- Changed the following PayPal Express Checkout configuration options (System > Configuration > SALES > Payment Methods, PayPal Express Checkout):
- Shortcut on Shopping Cart renamed to Display on Shopping Cart and moved from Basic to Advanced.
- The recommended Display on Shopping Cart option is now worded Yes (PayPal recommends this option).
- It's more important than ever for you to configure a Magento cron job. In addition to indexing and other core functions, all Magento e-mails (including order confirmation and transactional) are now queued and sent according to your configured cron schedule.
- The PayPal Bill Me Later logo and name has been replaced by PayPal Credit.
- Bill Me Later options now display only in U.S. stores.
- The Zend Framework version has been updated to 1.12.7.
- Check out with PayPal and PayPal Credit buttons now display on product pages for gift cards and dynamic bundled products.
- Updated PayPal buttons for US-based stores.
- Orders with PayPal viewed on the Admin Panel have a link that enables a Magento administrator to view the order on the PayPal site.
- Magento thanks Florinel Chis of Elastera for contributing to this fix.
- The PayPal Standard API has been replaced with the newer PayPal Express Checkout API.
- Magento CE and EE now use Google Universal Analytics.
- When defining a tax rate, you can now use a wildcard character for State in any locale.
- Implemented responsive transactional e-mails.