Magento 1.9.4.0
9 December 2018
Magento version 1.9.4.0 is now available (security release).
Upgrading to Magento 1.9.4.0
Magento 1.9.4.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 1.9.4.0 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 1.9.4.0
This version provides resolution of multiple critical security issues and functional fixes. This release also provides support for PHP 7.2.
Security
- Resolves security issues including remote code execution (RCE), cross-site scripting (XSS), and cross-site request forgery (CSRF).
Highlights
- This release provides support for PHP 7.2.
- We’ve removed the CC module. As a result, third-party modules that depend upon either the ccsave method or the xmlconnect method will not work as expected. Third-party themes that implement ccsave will not work as expected, either.
- The Magento logo has been updated throughout the code base.
- The Continue button now works as expected on the Payments step of checkout when paying with the PayPal payment method.
- Google Tag Manager now logs sales information in Google Analytics as expected.
- The product export CSV file now contains columns for super attributes.
- Magento no longer throws an error when a customer accesses their shopping cart after items in their cart have been removed due to a timeout. Previously, Magento displayed this error, `Notice: Undefined variable: freePackageValue in /var/www/dev/htdocs/app/code/core/Mage/Shipping/Model/Carrier/Tablerate.php on line 130`.
- Clicking on a configurable product’s swatch on the product list page now updates product price as expected.
- Customers can now successfully add a grouped product to their shopping cart when category permissions are enabled. Previously, Magento did not add the product to the cart, but instead displayed a descriptive error message.
- Magento no longer displays incorrect prices on the storefront after a failure of the enterprise refresh index.
- We’ve resolved issues in the indexing locking mechanism that previously resulted in Magento throwing an exception after indexing completed.
- Magento no longer throws a fatal error when a merchant uses an already reserved word to name a product attribute.
- Magento now adds the correct sales tax to orders being shipped to U.S. addresses that use zip codes with the optional four-digit suffix (for example, 73365-1234). Previously, the Tax rule triggered a failure if the U.S. zip code that had this optional four-digit suffix.
- Magento now displays all products on a production website that were edited by a role-restricted user on the associated staging website.
- We’ve resolved an issue that caused Target Rules to throw an exception when a customer opened a product view page.