Magento 2.0.5
28 April 2016
Magento version 2.0.5 is now available.
What's New in Magento 2.0.5
Security
- Issue with persistent cross-site scripting through a user account has been resolved.
- Magento now supports setting limits on password attempts. Previously, Admin and Customer Token API access did not limit the number of attempts to enter a password, inadvertently allowing brute force attempts to guess passwords.
- APIs that previously granted access to anonymous users are now configured to require a higher permission level. Default product behavior does not permit anonymous access to Catalog, Store and CMS APIs. However, if you would like to allow anonymous access, you can change this setting.
- Magento now prevents the arbitrary execution of PHP code through the language package CSV file.
- The encryption keys that are generated in System > Manage Encryption Key have been strengthened.
- Reflected XSS can no longer occur through the Authorizenet module's redirect data.
Upgrade and Installation
- Magento no longer creates store data inconsistently during installation.
- During upgrade, the setup:config:set script no longer deletes values in the env.php file.
Import
- Magento now successfully imports existing products as well as products that use custom URLs.
- Product import now works successfully in a multi-store environment. Previously, Magento would display the following error message, "URL key for specified store already exists", when importing products into a multi-store configuration.
Export
- Export performance has been enhanced. Pages no longer hang randomly, and CPU usage is no longer pegged. (GITHUB-3217)
APIs
- The Orders API now exposes the shipping address. This corrects an issue with using this API to integrate with third-party systems.
- The SOAP API now returns attributes of type "text swatch" and "visual swatch" when you use the API to add attribute options. Previously, this feature did not work for these attribute types.
PHP
- Magento now allows you to use arguments of url type in nested arrays. Previously, you could pass route parameters only if the url argument was declared at the top level.
Database
- Magento no longer duplicates queries to the database from the Catalog page. Instead, if Magento has already loaded specific data during request processing, it re-uses it instead of duplicating the query.
- Magento no longer duplicates SQL queries on CMS and Category pages. Previously, significant duplications occurred.
Miscellaneous
- Magento no longer displays HTML tags in messages.
- Product performance has been enhanced when loading catalog products with multiple color swatches.
- Magento now successfully saves and displays new customer attributes.
- Magento performance has been improved by the removal of redundant get requests that previously occurred during shopping cart refresh.
- Selecting the Use Aggregated Data option now correctly displays Dashboard data. (GITHUB-3459)
- Magento now displays the expected color swatch when you select a color swatch for a configurable product. Previously, Magento did not change the color when you selected a swatch.
- HTML template minification now properly handles commented code.
- Deleting one of several custom options no longer deletes all options. Previously, deleting one option from the Product page also deleted all other custom options. (GITHUB-2989)
- When Full Page Cache (FPC) is enabled, the CAPTCHA image differs for every user. Previously, the CAPTCHA image on the registration page remained the same for every customer after FPC was enabled.
- Google no longer indexes the Admin URL. Previously, Google indexed the Admin side meta tag. The frontend meta tag was not affected.
- Magento no longer sends a subscription success email whenever a customer enters his email address to subscribe to a newsletter. Users receive a "thank you for your subscription" message and a subscription success email only when registering for the first time.
- Guests can now successfully click on the product page link for any item in an emailed shared wishlist.
- Custom customer attributes are now saved at checkout.