Magento 2.1.18
26 June 2019
Magento version 2.1.18 is now available (security release).
Upgrading to Magento 2.1.18
Magento 2.1.18 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.1.18 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.1.18
This release includes multiple enhancements to product security.
Security
- This release include security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.
Highlights
- The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for a discussion of using the UPS shipment method. Shipping method configuration settings are described in the Shipping methods.
- Magento now uses the Image-Charts free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019.
- The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. No additional configuration is needed to deploy this feature.
- We have modified the required permissions for updating the design fieldset of categories, products, and CMS pages:
- Existing roles that have save permission for these entities can save everything.
- New roles must be granted permission to edit design manually.
- If you do not have permission to edit the design fieldset or use web API endpoints to update a category, Magento does not save your changes and the design properties remain unchanged.