Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.
OSL-3.0 License
Bot releases are visible (Hide)
Published by fballiano over 1 year ago
Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.
We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).
This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.
What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
Also:
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.1.0-rc2...v20.1.0-rc3
Published by fballiano over 1 year ago
Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.
We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).
This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.5.0-rc2...v19.5.0-rc3
Published by fballiano over 1 year ago
This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.
What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
Also:
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.1.0-rc1...v20.1.0-rc2
Published by fballiano over 1 year ago
This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
qtys
param is null when preparing shipment by @CharlieDelta6 in https://github.com/OpenMage/magento-lts/pull/3062
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.5.0-rc1...v19.5.0-rc2
Published by fballiano over 1 year ago
This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.
What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
Also:
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.18...v20.1.0-rc1
Published by fballiano over 1 year ago
This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.
What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
Also the M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.20...v19.5.0-rc1
Published by fballiano over 1 year ago
This is a security update with a single fix regarding CVE-2020-27511, ReDos (Regular Expression Denial of Service) vulnerability in prototypejs (#3003).
Published by fballiano over 1 year ago
This is a security update with a single fix regarding CVE-2020-27511, ReDos (Regular Expression Denial of Service) vulnerability in prototypejs (#3003).
Published by fballiano over 1 year ago
This is an important security update release, it includes six security patches:
All of these updates should be totally backward compatible, except one, CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF
in fact is a breaking change and you will need to take action after upgrading to this version of OpenMage.
Specifically, you will have to modify the customer/form/resetforgottenpassword.phtml
file of your custom theme (in case you have customized it) and add this code <input name="form_key" type="hidden" value="<?php echo $this->getFormKey(); ?>" />
after the <form
open tag. Please refer to this link in case you want to see how the patch works and copy/paste the simple solution.
In case your custom theme does not have the customer/form/resetforgottenpassword.phtml
or in case you are not using a custom theme then you will not have to do the aforementioned procedure.
Published by fballiano over 1 year ago
This is an important security update release, it includes six security patches:
All of these updates should be totally backward compatible, except one, CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF
in fact is a breaking change and you will need to take action after upgrading to this version of OpenMage.
Specifically, you will have to modify the customer/form/resetforgottenpassword.phtml
file of your custom theme (in case you have customized it) and add this code <input name="form_key" type="hidden" value="<?php echo $this->getFormKey(); ?>" />
after the <form
open tag. Please refer to this link in case you want to see how the patch works and copy/paste the simple solution.
In case your custom theme does not have the customer/form/resetforgottenpassword.phtml
or in case you are not using a custom theme then you will not have to do the aforementioned procedure.
Published by fballiano almost 2 years ago
This is a hotfix release, it includes only the solution to a single bug that was released in 19.4.20: https://github.com/OpenMage/magento-lts/issues/2793.
Said bug doesn't seem to be present on 20.0.18 and that's why you'll not find the matching hotfix release for our v20 branch.
Published by fballiano almost 2 years ago
This is mainly a bugfix release with a couple of optimizations.
Most importantly we've fixed bugs regarding:
Upgrading is highly suggested, but always backup and test before doing it.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.17...v20.0.18
Published by fballiano almost 2 years ago
This is mainly a bugfix release with a couple of optimizations.
Most importantly we've fixed bugs regarding:
Upgrading is highly suggested, but always backup and test before doing it.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.19...v19.4.20
Published by fballiano almost 2 years ago
This is a maintanance release with small bugfixes, code cleanup, documentation improvements and a better overall PHPStan coverage.
We're also bumping the minimum required PHP version to 7.3 with intl extension enabled.
Our source code finally has a much better "copyright" section, to thank all the team that is contributing to this beautiful project.
This release requires PHP 7.3 with intl extension, do not upgrade if your system doesn't match this requirement.
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.16...v20.0.17
Published by fballiano almost 2 years ago
This is a maintanance release with small bugfixes, code cleanup, documentation improvements and a better overall PHPStan coverage.
We're also bumping the minimum required PHP version to 7.3 with intl extension enabled.
Our source code finally has a much better "copyright" section, to thank all the team that is contributing to this beautiful project.
This release requires PHP 7.3 with intl extension, do not upgrade if your system doesn't match this requirement.
system/csrf/use_form_key
config by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2578
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.18...v19.4.19
Published by fballiano about 2 years ago
This is a bugfix release with a couple of really good enhancements.
In the meanwhile we're working on completing the full PHPStan validation, which is allowing us to reformat the whole source code to make it look more beautiful than ever.
Last but not least, we already merged 2 PRs for the upcoming PHP 8.2 support!
<pre>
tag for prettier error print. by @kiatng in https://github.com/OpenMage/magento-lts/pull/2368
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.15...v20.0.16
Published by fballiano about 2 years ago
This is a bugfix release while we're working on completing the full PHPStan validation, which is allowing us to reformat the whole source code to make it look more beautiful than ever.
Last but not least, we already merged 2 PRs for the upcoming PHP 8.2 support!
<pre>
tag for prettier error print. by @kiatng in https://github.com/OpenMage/magento-lts/pull/2368
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.17...v19.4.18
Published by Flyingmana about 2 years ago
In this release we changed the targetNamespace
of all the WSDL files (used in the API modules), from Magento
to OpenMage
.
If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento"
string, your APIs may stop working.
Please replace all occurrences of targetNamespace="urn:Magento"
with targetNamespace="urn:OpenMage"
(or alternatively targetNamespace="urn:{{var wsdl.name}}"
) to avoid any problem.
To find which files need the modification you can run grep -rn 'urn:Magento' --include \*.xml
from the root directory of your project.
null
in REST API by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2230
catalogProductList
SOAP method by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2243
magento-composer-installer
to allowed plugins by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2296
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.14...v20.0.15
Published by Flyingmana about 2 years ago
In this release we changed the targetNamespace
of all the WSDL files (used in the API modules), from Magento
to OpenMage
.
If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento"
string, your APIs may stop working.
Please replace all occurrences of targetNamespace="urn:Magento"
with targetNamespace="urn:OpenMage"
(or alternatively targetNamespace="urn:{{var wsdl.name}}"
) to avoid any problem.
To find which files need the modification you can run grep -rn 'urn:Magento' --include \*.xml
from the root directory of your project.
null
in REST API by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2230
catalogProductList
SOAP method by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2243
magento-composer-installer
to allowed plugins by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2296
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.16...v19.4.17
Published by fballiano over 2 years ago
Mage_Index
helpers declaration to config.xml
by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/1878
Mage_Api2
by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/1938
progressdetail
is an array before calling count
by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/1982
null
to trim()
by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/2002
min_sale_qty
when trying to mass-update product attributes by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/1850
salesOrderInvoiceInfo
SOAP method by @elidrissidev in https://github.com/OpenMage/magento-lts/pull/1999
Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.13...v20.0.14