Magento 2.0.1
26 January 2016
Magento version 2.0.1 is now available (major release).
Upgrading to Magento 2.0.1
Magento 2.0.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.0.1 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.0.1
We are pleased to present Magento Community Edition 2.0.1, the next generation of the world’s leading digital commerce platform. This patch release contains several important functional updates, including official support for PHP 7.0.2. This release also includes numerous enhancements to improve the security of your Magento 2.0 installation. While there are no confirmed attacks related to these issues to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.
PHP 7 Compatibility
- Magento 2.0.1 adds support for PHP 7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports new PHP language features.
USPS API Changes
- On January 17, 2016, USPS made several changes to their services, rates, and package names. The updates are reflected in this release, and include the following changes: Standard Post renamed "Retail Ground", Flat Rate Box for Priority Mail Express Eliminated
Security Enhancements
- SQL injection
- Persistent XSS vulnerability for order comments made from Admin
- Ability to save XSS code into database
- Reflected XSS in cookie HTTP header
- CSRF vulnerability on cart checkout
- Ability for users to bypass filter by editing inline translations
- Ability to access core system information using CMS blocks and cache entries
- Ability to save XSS code through custom options
- Ability to bypass Magento storefront CAPTCHA
- Persistent XSS using customer name
- Ability for unauthenticated users to delete any product review from the storefront
- Attackers able to access order information in the store
- Lack of password quality enforcement when changing admin passwords
General
- Catalog price rule when specifying subproduct discounts.
- Shopping cart for a registered user not returning a full list of selected products. The shopping cart of a registered user now operates as expected.
- Failure to update minicart after completing an order using PayPal. Magento now clears the minicart as expected after you complete a purchase with PayPal.
- Customer Edit form not appearing when you create a new Customer using a customer attribute. The Customer Edit form now appears as expected.
- Sending messages using the wrong AMQP connection alias. Messages are now sent as expected.
- Redundant calls to plugin methods.
- Cart subtotal not including custom option prices in order calculations for configurable product. Shopping cart subtotal calculations now include custom option prices.
- Catalog price rule not applied to the product created through the web API. Magento now applies the catalog price rule as expected.
- Inconsistent application of discounts across all relevant configurable products. Magento now correctly displays discounts for all relevant options of a configurable product.
- Incomplete display of category fields when working in store view scope. Magento now displays all scope information as expected.
- Inability to create and save a new Content block. You can now add new blocks from the Admin.
- Issue with checkbox component behavior. Checkbox component now displays expected behavior. Magento sends the checkbox input value (original) data only if the checkbox is checked upon form submission.
- Selected country information not appearing at checkout.
- Not all classes able to be intercepted in early stages of application life cycle.
- JavaScript errors when loading product tables on a catalog page.
- Failure during creation when Google experiments is enabled.
- Unspecified resetting of product assignments after applying a filter from a category product listing.
- Incorrect target for the "Learn More" link on the Payment Methods Configuration page.
- Changes in the USPS API to match updated USPS method names.
- Prices incorrect on product page for configurable product when catalog prices include tax.
- Synonyms not working.
- Orders not created when Include Tax in Order Total is set to "Yes."
- Shipping address in the Orders API now exposes the shipping address value.
- The Replace feature of the Import Product works in a multistore environment.
- Magento now displays product tables correctly when an administrator navigates to Product > Inventory > Catalog after either of these two actions: 1) first time after product installation; 2) clearing cache and static file directories.
- Creating a product with an empty file as a custom file option now works correctly.
- Added autoload functionality instead of direct paths to load dependent files.
- Product URL rewrites now works correctly when accessed from a Category page.
Import
- Error during product import. Validation now works correctly.
- Container components not disabled during import.
Testing
- Legacy tests fail due to obsolete paths. References to classes in the legacy build removed.
- Integration tests fail on Magento 2.0.
Performance
- Redundant executions of MessageBox plugin.
- Redundant executions of StoreCookie plugin.
- Catalog pages in Magento installations running Varnish.
- Swatch module on a category product listing page.
- Large stores with a significant number of customers.
Installation and Upgrade
- Issue with precompilation.
- Product performance after an upgrade that modifies the database schema.
- Accessing sample data after deploying Magento with composer create-project.
- Travis Cl build failures due to authentication to repo.magento.com.
PHP
- PHP syntax error prevents the collection of all phrases for translation.
- Magento tries to save twice when a product is added to the catalog.
- Code Migration tool randomly hangs and terminates with an error.