Magento 1.9.4.2
26 June 2019
Magento version 1.9.4.2 is now available (security release).
Upgrading to Magento 1.9.4.2
Magento 1.9.4.2 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 1.9.4.2 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 1.9.4.2
This version provides resolution of multiple critical security issues and functional fixes. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. We recommend upgrading your Magento store to this latest version.
Bug Fixes
- The Magento logging feature now works as expected after the SUPEE-11086 patch is installed. Previously, after application of this patch, Magento could only write only to a file that already existed on the server, and did not create new log files.
- Magento 1.14.4.0 and the PHP7.2 support patch now include the same files as expected. The previous version of the patch did not include the following three files, which were included in Magento 1.14.4.0. Magento 1.14.4.0: lib/phpseclib/PHP/Compat/Function/array_fill.php, lib/phpseclib/PHP/Compat/Function/bcpowmod.php, and lib/phpseclib/PHP/Compat/Function/str_split.php.
Known Issues
- You can no longer upload files with the extension .swf to the WYSIWYG editor.
- Third-party checkout extensions and closed security cases will either not not work securely or will not work at all.
- The Authorize.net Direct Post module has been enhanced to support the replacement of Authorize.net’s MD5-based hash with a (SHA-512) signature key. Authorize.net will no longer support implementations using the MD5-based hash as of June 28, 2019. You will need to update your signature key after upgrading to this version of Magento. For information about updating your signature key, see the Get a New Signature Key discussion in the Update Authorize.Net Direct Post from MD5 to SHA-512 help article. Note that although this help article describes how to install the earlier patch, merchants upgrading to this release of Magento are not applying the patch and should consult only the Get a New Signature Key discussion. If you’ve applied the patch to your Magento installation while running an earlier version of Magento, uninstall the Update Authorize.Net Direct Post from MD5 to SHA-512 patch before upgrading to this release.
- You can no longer preview JavaScript in a newsletter template in the Admin.
- Sitemap names cannot exceed 32 characters.