Magento 1.9.3.7
29 November 2017
Magento version 1.9.3.7 is now available (major release).
Upgrading to Magento 1.9.3.7
Magento 1.9.3.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 1.9.3.7 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 1.9.3.7
Magento 1.9.3.7 fixes multiple critical security issues. These issues include remote code execution, cross-site scripting, and cross-site request forgery issues. We recommend upgrading your Magento store to this latest version.
Highlights
- Magento no longer displays the “Invalid Secret Key. Please refresh the page.” message when a user loads the Admin.
- The one-page checkout page now displays the following message when a customer checks out an order for which no amount is due: No payment information required. Magento versions prior to 1.14.3.3 included this message, but it was missing from v1.14.3.3.
- We’ve fixed a typo in the patch header information. (autocomplete="new-pawwsord” is now autocomplete="new-password”.)
Notes
- We no longer support custom file extensions for Mage::log(). Supported file extensions include .log, .txt, .html, .csv. For more information, navigate to Developers > Log Settings from the Admin. Magento displays this comment: Logging from Mage::log(). File is located in /var/log. Allowed file extensions: log, txt, html, csv.
- Passwords for new users are now limited to 256 characters. If a new user enters a password that exceeds 256 characters, Magento displays this message: Please enter a password with at most 256 characters.