magento-lts

Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.

OSL-3.0 License

Downloads
165.1K
Stars
855
Committers
216
View Code on GitHub Visit Website
Ecosystems: PHP, Composer

Bot releases are visible (Hide)

magento-lts - v20.1.0-rc3

Published by fballiano over 1 year ago

You should absolutely know

Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.

We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).

Release highlights

This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Also:

  • PHP 7.4 is now the minimum required version and 8.2 is now supported.
  • the M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • a great improvement to EAV config cache has been added to v20.
  • support for Google Analytics 4 was added.
  • possibility to set backend locale per every admin user was added.

Changelog

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.1.0-rc2...v20.1.0-rc3

magento-lts - v19.5.0-rc3

Published by fballiano over 1 year ago

You should absolutely know

Since the approval of our second RFC - release schedule OpenMage 19.x enters and "patch only" state, it will be maintained for two more years as promised but only significant security patches or regression fixes will be ported to v19, every other development (and we have many) will be focused on v20+.

We encourage everybody to upgrade to v20, it is our latest and greatest and deserves the bit of work necessary for the upgrade (ask your developer/agency, don't do it yourself).

Highlights

This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.

  • What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
  • PHP 7.4 is now the minimum required version and 8.2 is now supported
  • M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • Support for Google Analytics 4 was added

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.5.0-rc2...v19.5.0-rc3

magento-lts - v20.1.0-rc2

Published by fballiano over 1 year ago

Highlights

This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

Also:

  • the M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • a great improvement to EAV config cache has been added to v20.
  • support for Google Analytics 4 was added.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.1.0-rc1...v20.1.0-rc2

magento-lts - v19.5.0-rc2

Published by fballiano over 1 year ago

Highlights

This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.

  • What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.
  • M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • Support for Google Analytics 4 was added

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.5.0-rc1...v19.5.0-rc2

magento-lts - v20.1.0-rc1

Published by fballiano over 1 year ago

Highlights

This is a big release, that's why we decided to move away from the 20.0.x versioning and go to 20.1.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 20.1.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

Also:

  • the M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.
  • a great improvement to EAV config cache has been added to v20.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.18...v20.1.0-rc1

magento-lts - v19.5.0-rc1

Published by fballiano over 1 year ago

Highlights

This is a big release, that's why we decided to move away from the 19.4.x versioning and go to 19.5.x. Since a lot of changes could have some impact on current installations we decided to release some "rc" versions before the official 19.5.0. Tests are more than welcome now but be extra careful with production environment.

What's most important is the removal of all the 3rd party libraries (phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis and Pelago_Emogrifier and Zend Framework) form our repository, they are now imported via composer. This was an important step to clean up and modernise our code.

Also the M1 legacy themes have been moved to an external repository since it's old (and mostly unused) code.

Don't worry though, if you've always installed OpenMage extracting the zip file, starting from this release you'll find a new zip file attached to the release itself, we build this zip adding all of the old 3rd party libraries so that you will not have to migrate to composer or use composer at all.

Changelog

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.20...v19.5.0-rc1

magento-lts - v20.0.20

Published by fballiano over 1 year ago

This is a security update with a single fix regarding CVE-2020-27511, ReDos (Regular Expression Denial of Service) vulnerability in prototypejs (#3003).

magento-lts - v19.4.23

Published by fballiano over 1 year ago

This is a security update with a single fix regarding CVE-2020-27511, ReDos (Regular Expression Denial of Service) vulnerability in prototypejs (#3003).

magento-lts - v20.0.19

Published by fballiano over 1 year ago

This is an important security update release, it includes six security patches:

  • CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF
  • CVE-2021-41144 - GHSA-5j2g-3ph4-rgvm - Fix for authenticated remote code execution through layout update
  • CVE-2021-41143 - GHSA-5vpv-xmcj-9q85 - Fix for arbitrary file deletion in customer media allows for remote code execution
  • CVE-2021-41231 - GHSA-h632-p764-pjqm - DataFlow upload remote code execution vulnerability
  • CVE-2021-39217 - GHSA-c9q3-r4rv-mjm7 - Fix for arbitrary command execution in custom layout update through blocks
  • CVE-2023-23617 - GHSA-3p73-mm7v-4f6m - DoS vulnerability in MaliciousCode filter

All of these updates should be totally backward compatible, except one, CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF in fact is a breaking change and you will need to take action after upgrading to this version of OpenMage.

Specifically, you will have to modify the customer/form/resetforgottenpassword.phtml file of your custom theme (in case you have customized it) and add this code <input name="form_key" type="hidden" value="<?php echo $this->getFormKey(); ?>" /> after the <form open tag. Please refer to this link in case you want to see how the patch works and copy/paste the simple solution.

In case your custom theme does not have the customer/form/resetforgottenpassword.phtml or in case you are not using a custom theme then you will not have to do the aforementioned procedure.

magento-lts - v19.4.22

Published by fballiano over 1 year ago

This is an important security update release, it includes six security patches:

  • CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF
  • CVE-2021-41144 - GHSA-5j2g-3ph4-rgvm - Fix for authenticated remote code execution through layout update
  • CVE-2021-41143 - GHSA-5vpv-xmcj-9q85 - Fix for arbitrary file deletion in customer media allows for remote code execution
  • CVE-2021-41231 - GHSA-h632-p764-pjqm - DataFlow upload remote code execution vulnerability
  • CVE-2021-39217 - GHSA-c9q3-r4rv-mjm7 - Fix for arbitrary command execution in custom layout update through blocks
  • CVE-2023-23617 - GHSA-3p73-mm7v-4f6m - DoS vulnerability in MaliciousCode filter

All of these updates should be totally backward compatible, except one, CVE-2021-21395 - GHSA-r3c9-9j5q-pwv4 - Reset Password not protected against well-timed CSRF in fact is a breaking change and you will need to take action after upgrading to this version of OpenMage.

Specifically, you will have to modify the customer/form/resetforgottenpassword.phtml file of your custom theme (in case you have customized it) and add this code <input name="form_key" type="hidden" value="<?php echo $this->getFormKey(); ?>" /> after the <form open tag. Please refer to this link in case you want to see how the patch works and copy/paste the simple solution.

In case your custom theme does not have the customer/form/resetforgottenpassword.phtml or in case you are not using a custom theme then you will not have to do the aforementioned procedure.

magento-lts - v19.4.21

Published by fballiano almost 2 years ago

This is a hotfix release, it includes only the solution to a single bug that was released in 19.4.20: https://github.com/OpenMage/magento-lts/issues/2793.

Said bug doesn't seem to be present on 20.0.18 and that's why you'll not find the matching hotfix release for our v20 branch.

magento-lts - v20.0.18

Published by fballiano almost 2 years ago

Overview

This is mainly a bugfix release with a couple of optimizations.
Most importantly we've fixed bugs regarding:

  • fixer.io currency exchange rate provider
  • CSS merge
  • indexes

Upgrading is highly suggested, but always backup and test before doing it.

What's Changed

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.17...v20.0.18

magento-lts - v19.4.20

Published by fballiano almost 2 years ago

Overview

This is mainly a bugfix release with a couple of optimizations.
Most importantly we've fixed bugs regarding:

  • fixer.io currency exchange rate provider
  • CSS merge
  • indexes

Upgrading is highly suggested, but always backup and test before doing it.

What's Changed

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.19...v19.4.20

magento-lts - v20.0.17

Published by fballiano almost 2 years ago

Overview

This is a maintanance release with small bugfixes, code cleanup, documentation improvements and a better overall PHPStan coverage.
We're also bumping the minimum required PHP version to 7.3 with intl extension enabled.
Our source code finally has a much better "copyright" section, to thank all the team that is contributing to this beautiful project.

Important things you should check before upgrading

This release requires PHP 7.3 with intl extension, do not upgrade if your system doesn't match this requirement.

What's Changed

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.16...v20.0.17

magento-lts - v19.4.19

Published by fballiano almost 2 years ago

Overview

This is a maintanance release with small bugfixes, code cleanup, documentation improvements and a better overall PHPStan coverage.
We're also bumping the minimum required PHP version to 7.3 with intl extension enabled.
Our source code finally has a much better "copyright" section, to thank all the team that is contributing to this beautiful project.

Important things you should check before upgrading

This release requires PHP 7.3 with intl extension, do not upgrade if your system doesn't match this requirement.

What's Changed

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.18...v19.4.19

magento-lts - v20.0.16

Published by fballiano about 2 years ago

Overview

This is a bugfix release with a couple of really good enhancements.
In the meanwhile we're working on completing the full PHPStan validation, which is allowing us to reformat the whole source code to make it look more beautiful than ever.

Last but not least, we already merged 2 PRs for the upcoming PHP 8.2 support!

Important things you should check before upgrading

What's Changed

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.15...v20.0.16

magento-lts - v19.4.18

Published by fballiano about 2 years ago

Overview

This is a bugfix release while we're working on completing the full PHPStan validation, which is allowing us to reformat the whole source code to make it look more beautiful than ever.

Last but not least, we already merged 2 PRs for the upcoming PHP 8.2 support!

Important things you should check before upgrading

Complete changelog

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.17...v19.4.18

magento-lts - v20.0.15

Published by Flyingmana about 2 years ago

Important things you should check before upgrading

In this release we changed the targetNamespace of all the WSDL files (used in the API modules), from Magento to OpenMage.
If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento" string, your APIs may stop working.
Please replace all occurrences of targetNamespace="urn:Magento" with targetNamespace="urn:OpenMage" (or alternatively targetNamespace="urn:{{var wsdl.name}}") to avoid any problem.
To find which files need the modification you can run grep -rn 'urn:Magento' --include \*.xml from the root directory of your project.

What's Changed

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.14...v20.0.15

magento-lts - v19.4.17

Published by Flyingmana about 2 years ago

Important things you should check before upgrading

In this release we changed the targetNamespace of all the WSDL files (used in the API modules), from Magento to OpenMage.
If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento" string, your APIs may stop working.
Please replace all occurrences of targetNamespace="urn:Magento" with targetNamespace="urn:OpenMage" (or alternatively targetNamespace="urn:{{var wsdl.name}}") to avoid any problem.
To find which files need the modification you can run grep -rn 'urn:Magento' --include \*.xml from the root directory of your project.

What's Changed

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v19.4.16...v19.4.17

magento-lts - v20.0.14

Published by fballiano over 2 years ago

What's Changed

New Contributors

Full Changelog: https://github.com/OpenMage/magento-lts/compare/v20.0.13...v20.0.14

Package Rankings
Top 1.27% on Packagist.org
Related Projects
openmage-translations

Translations for OpenMage from Magento 1/2 and old languages packs.

12 Jan 2022 8
app-search-magento

A first party module to integrate Elastic App Search in Magento 2.

20 Mar 2019 26
magento2-fast-vm

Optimal vagrant developer box for Magento2. Folders synced by nfs/rsync. This box includes Magent...

06 Sep 2018 108
magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, availabl...

30 Nov 2011 11,239
magento-module-composer-installer

A Composer plugin to manage Magento Modules: Fork of: https://github.com/magento-hackathon/magent...

03 Jan 2015 10
openmage-rector

Refactor OpenMage/Magento 1 code.

31 Dec 2022 1
magento2-phpstorm-plugin

PHPStorm Plugin for Magento 2

05 Dec 2017 435
opencart

A free shopping cart system. OpenCart is an open source PHP-based online e-commerce solution.

02 Aug 2011 7,227
magento2-skipcart

21 Nov 2015 6
openmage-minifier

A module to minify and merge CSS/JS files for OpenMage.

11 Nov 2020 4
magento-api2basicauth

HTTP Basic authentication support for Magento 1.9 and OpenMage's Api2.

24 Oct 2021 3
openmage-versioning

A module to automatize the updates using GIT for OpenMage.

13 Sep 2017 7
magento-community

THIS REPOSITORY IS DEPRECATED - PLEASE USE https://github.com/firegento/magento. THERE WILL BE NO...

08 Dec 2014 11
magento2-floating-buy-button

Get your customer attention the most important action in your online store, the purchase.

01 Feb 2018 10
magento-Defcon2-Imaclean

Free extension from magento connect.

05 Nov 2015 10