Download Release, Patches and Tools

-Added April 28, 2020

Magento Open Source 2.3.5-p1 includes over 180 functional fixes to the core product, 25 security enhancements, and the resolution of over 46 issues by our community members. This release includes support for Elasticsearch 7.x, upgrades to core Framework components, and the migration from Zend framework to Laminas. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.5 Release Notes.

-Added April 28, 2020

Patch 2.3.4-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.4, plus hot fixes that were applied to that release. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.5-p1) provides.

You must deploy Magento 2.3.4 before applying this patch. Installation information can be found in the discussion of security patches here.

-Added April 28, 2020

Magento Open Source 2.3.5-p1 includes over 180 functional fixes to the core product, 25 security enhancements, and the resolution of over 46 issues by our community members. This release includes support for Elasticsearch 7.x, upgrades to core Framework components, and the migration from Zend framework to Laminas. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.5 Release Notes.

-Added April 28, 2020

Patch 2.3.4-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.4, plus hot fixes that were applied to that release. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.5-p1) provides.

You must deploy Magento 2.3.4 before applying this patch. Installation information can be found in the discussion of security patches here.

-Added May 20, 2020

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

-Added May 04, 2020

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

• Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
• Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
• Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

-Added January 28, 2020

Magento Open Source 2.3.4 includes over 150 functional fixes to the core product, 32 security enhancements, and the resolution of over 275 issues by our community members. This release includes framework enhancements and performance improvements. Custom layout updates have been removed, and layout updates have been deprecated. We strongly recommend that all merchants upgrade as soon as possible. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.4 Release Notes for more information.

-Added October 8, 2019

Patch 2.3.2-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.2. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.3) provides.

You must deploy Magento 2.3.2 before applying this patch. Installation information can be found in the discussion of security patches here.

-Added October 8, 2019

Magento Open Source 2.3.3 includes over 170 functional fixes to the core product and 75 security enhancements. This release provides support for PHP 7.3.x in additional to PHP 7.2.x. It also introduces PSD2 compliance for core payment methods and the deprecation of the non-PSD2-compliant Cybersource and eWay payment modules. Varnish support for v6.2.0 has been added. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.3 Release Notes for much more information.

-Added October 8, 2019

Patch 2.3.2-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.2. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.3) provides.

You must deploy Magento 2.3.2 before applying this patch. Installation information can be found in the discussion of security patches here.

-Added June 25, 2019

Magento Open Source 2.3.2 includes over 200 functional fixes to the core product, over 350 community-submitted pull requests, and 75 critical security enhancements. Merchants will appreciate the improvements to storefront page response times. This release also includes substantial infrastructure improvements. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.2 Release Notes for much more information.

-Added March 26, 2019

Magento Open Source 2.3.1 offers significant new tools for both merchants and developers as well as over 30 core security improvements. Merchants will appreciate the improved Admin order creation workflow. This release also provides support for Elasticsearch 6.0, a new Authorize.Net extension to replace the Authorize.Net Direct Post module, and enhancements to Progressive Web Apps (PWA) Studio and GraphQL. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.1 Release Notes for much more information.

-Added November 28, 2018

Magento Open Source 2.3.0 offers significant new tools for both merchants and developers as well as over 30 core security improvements. Inventory Management and many CMS enhancements support merchant efforts. Developers will benefit from the new PWA (progressive web applications) tool suite, declarative schema, GraphQL API, asynchronous web APIs, bulk web APIs, and updates to Magento’s tech stack, including compatibility with PHP 7.2. Community contributions to this release are substantial — both overall code quality and special new features such as Inventory Management and bulk APIs. See Magento Open Source 2.3 Release Notes for much more information.

-Added January 28, 2020

Magento Open Source 2.2.11 includes critical security enhancements and 19 core code fixes and improvements. This release is the last release of the 2.2.x product line that will contain functional fixes. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.11 Release Notes for more information.

-Added October 8, 2019

Magento Open Source 2.2.10 includes 75 critical security enhancements, 147 core code fixes and improvements, and community-submitted fixes to 56 GitHub issues. This release provides support for PHP 7.2.x. It also introduces PSD2 compliance for core payment methods and the deprecation of the non-PSD2-compliant Cybersource and eWay payment modules. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.10 Release Notes for more information.

-Added June 25, 2019

We are pleased to present Magento Open Source 2.2.9. This release includes 75 critical security enhancements, over 100 core code fixes and improvements, and over 200 community-submitted pull requests. This release also includes substantial infrastructure improvements, including the new Google reCAPTCHA module for PayPal Payflow Pro. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.9 Release Notes for more information.

-Added March 26, 2019

We are pleased to present Magento Open Source 2.2.8. This release addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. Functional enhancements include support for Elasticsearch 6.0 and improved order creation workflow in the Admin. Check out the 250+ community contributions, too! We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.8 Release Notes for more information.

-Added November 27, 2018

We are pleased to present Magento Open Source 2.2.7. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes include enhancements that focus on wish list and shipping features.

Check out the 150+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.7 Release Notes for more information.

-Added September 18, 2018

We are pleased to present Magento Open Source 2.2.6. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes include performance-tuning enhancements that focus on catalog indexing and improvements to the reliability and ease of the checkout process. Check out the 350+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.6 Release Notes for more information.

-Added June 27, 2018

We are pleased to present Magento Open Source 2.2.5. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes contain substantial improvements to indexing performance, performance-tuning, and enhancements to Magento Shipping. Check out the 90+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.5 Release Notes for more information.

-Added May 2, 2018

We are pleased to present Magento Open Source 2.2.4. This release includes significant new bundled extensions (Amazon Pay, Vertex, Klarna), multiple enhancements to Magento Shipping and dotmailer, and performance improvements that enable faster shopping with image loading and optimized search performance. The 200+ community contributions include many functional fixes and performance-tuning enhancements, too. See Magento Open Source 2.2.4 Release Notes for more information.

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.2.3. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. And thanks to our community members, it also includes support for Elasticsearch 5.0.x and enhancements to ACL control for cache management through Magento Admin. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.3 Release Notes for more information.

-Added Dec 12, 2017

We are pleased to present Magento Open Source 2.2.2. This release introduces our new streamlined Instant Purchase option, integrated dotmailer marketing automation software, and Magento Shipping, which provides provides integrated advanced multi-carrier shipping and fulfillment. It also includes numerous functional fixes and enhancements plus a substantial number of contributions from the wider Magento community. See Magento Open Source 2.2.2 Release Notes for more information.

- Added Nov 7, 2017
We are pleased to present Magento Open Source  2.2.1. This release includes critical enhancements to the security of your Magento software and multiple functional fixes. This release also includes  integrated Signifyd fraud protection. Check out the many community contributions! See http://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.1CE.html for more information. 

-Added June 25, 2019

We are pleased to present Magento Open Source 2.1.18. This release includes 75 critical enhancements to the security of your Magento software. This is the last supported release of the Magento 2.1.x product line. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.18 Release Notes for more information.

-Added March 26, 2019

We are pleased to present Magento Open Source 2.1.17. This release addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.17 Release Notes for more information.

-Added November 27, 2018

We are pleased to present Magento Open Source 2.1.16. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. This release also provides support for PHP 7.1. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.16 Release Notes for more information.

-Added September 18, 2018

We are pleased to present Magento Open Source 2.1.15. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.15 Release Notes for more information.

-Added June 27, 2018

We are pleased to present Magento Open Source 2.1.14. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.14 Release Notes for more information.

-Added May 2, 2018

We are pleased to present Magento Open Source 2.1.13. This release includes over 60 bug fixes and enhancements. See Magento Open Source 2.1.13 Release Notes for more information.

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.1.12. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.12 Release Notes for more information.

-Added Dec 12, 2017

We are pleased to present Magento Open Source 2.1.11. This release includes support for the Indian Rupee (INR) in PayPal Express Checkout and new commands and functionality for the command-line interface. It also includes many functional features plus a substantial number of contributions from the wider Magento community. See Magento Open Source 2.1.11 Release Notes for more information.

-Added Nov 7, 2017

We are pleased to present Magento Open Source 2.1.10. This release includes critical enhancements to the security of your Magento software and over 40 functional enhancements, including multiple community-submitted enhancements and pull requests. We strongly recommend that all merchants upgrade to this version as soon as possible.  See http://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.10CE.html for more information. 

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.0.18. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.0.18 Release Notes for more information.

-Added Nov 7th 2017

We are pleased to present Magento Open Source  2.0.17. This release includes critical enhancements to the security of your Magento software, and over 40 functional enhancements., including multiple community-submitted enhancements and pull requests. We strongly recommend that all merchants upgrade to this version as soon as possible.  See http://devdocs.magento.com/guides/v2.0/release-notes/ReleaseNotes2.0.17CE.html for more information. 

-Added January 28, 2020

Magento Open Source 2.3.4 includes over 150 functional fixes to the core product, 32 security enhancements, and the resolution of over 275 issues by our community members. This release includes framework enhancements and performance improvements. Custom layout updates have been removed, and layout updates have been deprecated. We strongly recommend that all merchants upgrade as soon as possible. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.4 Release Notes for more information.

-Added October 8, 2019

Magento Open Source 2.3.3 includes over 170 functional fixes to the core product and 75 security enhancements. This release provides support for PHP 7.3.x in additional to PHP 7.2.x. It also introduces PSD2 compliance for core payment methods and the deprecation of the non-PSD2-compliant Cybersource and eWay payment modules. Varnish support for v6.2.0 has been added. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.3 Release Notes for much more information.

-Added October 8, 2019

Patch 2.3.2-p2 is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.2. Merchants can install these time-sensitive security fixes to keep their site up-to-date with the most recent security fixes without applying the hundreds of functional fixes and enhancements that the full quarterly release (Magento 2.3.3) provides.

You must deploy Magento 2.3.2 before applying this patch. Installation information can be found in the discussion of security patches here.

-Added June 25, 2019

Magento Open Source 2.3.2 includes over 200 functional fixes to the core product, over 350 community-submitted pull requests, and 75 critical security enhancements. Merchants will appreciate the improvements to storefront page response times. This release also includes substantial infrastructure improvements. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.2 Release Notes for much more information.

-Added March 26, 2019

Magento Open Source 2.3.1 offers significant new tools for both merchants and developers as well as over 30 core security improvements. Merchants will appreciate the improved Admin order creation workflow. This release also provides support for Elasticsearch 6.0, a new Authorize.Net extension to replace the Authorize.Net Direct Post module, and enhancements to Progressive Web Apps (PWA) Studio and GraphQL. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.3.1 Release Notes for much more information.

-Added November 28, 2018

Magento Open Source 2.3.0 offers significant new tools for both merchants and developers as well as over 30 core security improvements. Inventory Management and many CMS enhancements support merchant efforts. Developers will benefit from the new PWA (progressive web applications) tool suite, declarative schema, GraphQL API, asynchronous web APIs, bulk web APIs, and updates to Magento’s tech stack, including compatibility with PHP 7.2. Community contributions to this release are substantial — both overall code quality and special new features such as Inventory Management and bulk APIs. See Magento Open Source 2.3 Release Notes for much more information.

-Added January 28, 2020

Magento Open Source 2.2.11 includes critical security enhancements and 19 core code fixes and improvements. This release is the last release of the 2.2.x product line that will contain functional fixes. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.11 Release Notes for more information.

-Added October 8, 2019

Magento Open Source 2.2.10 includes 75 critical security enhancements, 147 core code fixes and improvements, and community-submitted fixes to 56 GitHub issues. This release provides support for PHP 7.2.x. It also introduces PSD2 compliance for core payment methods and the deprecation of the non-PSD2-compliant Cybersource and eWay payment modules. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.10 Release Notes for more information.

-Added June 25, 2019

We are pleased to present Magento Open Source 2.2.9. This release includes 75 critical security enhancements, over 100 core code fixes and improvements, and over 200 community-submitted pull requests. This release also includes substantial infrastructure improvements, including the new Google reCAPTCHA module for PayPal Payflow Pro. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.9 Release Notes for more information.

-Added March 26, 2019

We are pleased to present Magento Open Source 2.2.8. This release addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. Functional enhancements include support for Elasticsearch 6.0 and improved order creation workflow in the Admin. Check out the 250+ community contributions, too! We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.8 Release Notes for more information.

-Added November 27, 2018

We are pleased to present Magento Open Source 2.2.7. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes include enhancements that focus on wish list and shipping features.

Check out the 150+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.7 Release Notes for more information.

-Added September 18, 2018

We are pleased to present Magento Open Source 2.2.6. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes include performance-tuning enhancements that focus on catalog indexing and improvements to the reliability and ease of the checkout process. Check out the 350+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.6 Release Notes for more information.

-Added June 27, 2018

We are pleased to present Magento Open Source 2.2.5. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. Functional fixes contain substantial improvements to indexing performance, performance-tuning, and enhancements to Magento Shipping. Check out the 90+ community contributions, too. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.5 Release Notes for more information.

-Added May 2, 2018

We are pleased to present Magento Open Source 2.2.4. This release includes significant new bundled extensions (Amazon Pay, Vertex, Klarna), multiple enhancements to Magento Shipping and dotmailer, and performance improvements that enable faster shopping with image loading and optimized search performance. The 200+ community contributions include many functional fixes and performance-tuning enhancements, too. See Magento Open Source 2.2.4 Release Notes for more information.

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.2.3. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. And thanks to our community members, it also includes support for Elasticsearch 5.0.x and enhancements to ACL control for cache management through Magento Admin. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.2.3 Release Notes for more information.

-Added Dec 12, 2017

We are pleased to present Magento Open Source 2.2.2. This release introduces our new streamlined Instant Purchase option, integrated dotmailer marketing automation software, and Magento Shipping, which provides provides integrated advanced multi-carrier shipping and fulfillment. It also includes numerous functional fixes and enhancements plus a substantial number of contributions from the wider Magento community. See Magento Open Source 2.2.2 Release Notes for more information.

Added Nov 7, 2017

We are pleased to present Magento Open Source  2.2.1. This release includes critical enhancements to the security of your Magento software and multiple functional fixes. This release also includes  integrated Signifyd fraud protection. Check out the many community contributions! See http://devdocs.magento.com/guides/v2.2/release-notes/ReleaseNotes2.2.1CE.html for more information. 

-Added June 25, 2019

We are pleased to present Magento Open Source 2.1.18. This release includes 75 critical enhancements to the security of your Magento software. This is the last supported release of the Magento 2.1.x product line. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.18 Release Notes for more information.

-Added March 26, 2019

We are pleased to present Magento Open Source 2.1.17. This release addresses critical security issues that include cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.17 Release Notes for more information.

-Added November 27, 2018

We are pleased to present Magento Open Source 2.1.16. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. This release also provides support for PHP 7.1. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.16 Release Notes for more information.

-Added September 18, 2018

We are pleased to present Magento Open Source 2.1.15. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.15 Release Notes for more information.

-Added June 27, 2018

We are pleased to present Magento Open Source 2.1.14. This release addresses critical security issues that include remote code execution, cross-site scripting, and cross-site request forgery issues. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.14 Release Notes for more information.

-Added May 2, 2018

We are pleased to present Magento Open Source 2.1.13. This release includes over 60 bug fixes and enhancements. See Magento Open Source 2.1.13 Release Notes for more information.

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.1.12. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.1.12 Release Notes for more information.

-Added Dec 12, 2017

We are pleased to present Magento Open Source 2.1.11. This release includes support for the Indian Rupee (INR) in PayPal Express Checkout and new commands and functionality for the command-line interface. It also includes many functional features plus a substantial number of contributions from the wider Magento community. See Magento Open Source 2.1.11 Release Notes for more information.

-Added Nov 7, 2017

We are pleased to present Magento Open Source 2.1.10. This release includes critical enhancements to the security of your Magento software and over 40 functional enhancements, including multiple community-submitted enhancements and pull requests. We strongly recommend that all merchants upgrade to this version as soon as possible.  See http://devdocs.magento.com/guides/v2.1/release-notes/ReleaseNotes2.1.10CE.html for more information. 

-Added Feb 27, 2018

We are pleased to present Magento Open Source 2.0.18. This release includes multiple enhancements to product security, a change to the Magento Admin to support upcoming USPS shipping changes, and a copyright update. We strongly recommend that all merchants upgrade as soon as possible. See Magento Open Source 2.0.18 Release Notes for more information.

-Added Nov 7th 2017

We are pleased to present Magento Open Source  2.0.17. This release includes critical enhancements to the security of your Magento software, and over 40 functional enhancements., including multiple community-submitted enhancements and pull requests. We strongly recommend that all merchants upgrade to this version as soon as possible.  See http://devdocs.magento.com/guides/v2.0/release-notes/ReleaseNotes2.0.17CE.html for more information. 

-This patch replaces SUPEE-11314 which was released on April 28, 2020. Previously installed SUPEE-11314 patch needs to be reverted prior to installing this version.

- Please use the SUPEE-11314-v2 patch to apply all the security fixes as soon as possible. if you have earlier downloaded and applied SUPEE-11314, please revert the changes and apply the new patch SUPEE-11314-v2 as soon as possible. - Added May 12, 2020

- This patch provides protection against several types of security-related issues including critical issues. - Added Jan 20, 2020

- This patch provides protection against several types of security-related issues including critical issues. - Added Oct 8, 2019

- This patch provides protection against several types of security-related issues including critical issues. - Added Jun 25, 2019

- Version 4 of the patch works also with sites that applied the PHP 7.2 support patch - Added Jul 31, 2019.

- This patch provides protection against several types of security-related issues including critical issues. - Added Mar 26, 2019

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

- This patch provides protection against several types of security-related issues. - Added Nov 28, 2018

- This patch provides protection against several types of security-related issues. - Added Sep 18, 2018

This patch provides compatibility with PHP 7.2 for core Magento. Make sure to test thoroughly before updating production sites as extensions or custom code might require additional modifications for PHP 7.2 compatibility.

- This patch provides protection against several types of security-related issues. - Added Jun 27, 2018

- This patch provides protection against several types of security-related issues. - Added Feb 27, 2018
- Note: an updated version of this patch is available - Added Mar 28, 2018

- This patch combines SUPEE-10415 and SUPEE-10266 for Magento Open Source 1.9.1.1. To install, remove both patches first then install SUPEE-10497.

- This patch provides protection against several types of security-related issues. - Added Nov 28, 2017

- This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. - Added Sep 14, 2017

-This patch addresses USPS method name changes starting Sep 1, 2017 - Added Sep 11, 2017

-This patch replaces SUPEE-9767. Previously installed SUPEE-9767 patch needs to be reverted prior to installing this version.

- This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. - Added Jul 12, 2017

- This patch is deprecated. Please use SUPEE-9767 v2 instead. This patch needs to be reverted prior to installed the new version. - This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. - Added May 30, 2017

- This patch provides protection against attacks abusing Zend library vulnerability. - Added Feb 7, 2017

- This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. - Added Oct 11, 2016

- This patch fixes issues introduced with patch SUPEE-7405 - Added Feb 23, 2016

- This patch provides protection against several types of security-related issues, including information leaks and cross-site scripting. - Added Jan 20, 2016