Magento 2.2.9
26 June 2019
Magento version 2.2.9 is now available (security release).
Upgrading to Magento 2.2.9
Magento 2.2.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Magento updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Magento install to test the 2.2.9 upgrade prior to applying it live. Get started managing your Magento installations with Installatron
What's New in Magento 2.2.9
This release includes 75 critical enhancements to product security, over 100 core code fixes and enhancements.
Security
- 75 security enhancements that help close cross-site scripting (XSS), remote code execution (RCE), and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. See Magento Security Center for a comprehensive discussion of these issues. All known exploitable security issues fixed in this release (2.2.9) have been ported to 2.3.2, 2.1.18, 1.14.4.2, and 1.9.4.2, as appropriate.
- Google reCAPTCHA module for PayPal Payflow checkout. The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. Configuration information can be found in Google reCAPTCHA.
Infrastructure
- Braintree payment method is now supported for checkout with multiple addresses
- The CGI URL gateway in UPS module has been updated from HTTP to HTTPS
- Google chart API updated to the Image-Charts
Bug Fixes
- Includes dozens of bug fixes