Downloads
Magento releases, patches, and tools.
Resources
Magento.com Magento Marketplace Documentation and resources Security center Magento Help Center Community Forums Developer Portal Developer Documentation Partner PortalReleases
Magento Open Source delivers features to build and grow a unique online store from the ground up. However, if you need an all-in-one cloud solution that is optimized, easy to deploy, provides enhanced security, and is packed with additional integrated capabilities to accelerate sales; consider Magento Commerce.
Which installation method is right for you? | Composer Recommended for most situations | Git For Magento Open Source developers | Archive Download Magento as zip/tar file |
---|---|---|---|
Library management Reuse third-party libraries without bundling them with source code. | |||
Dependency management Component-based architecture to reduce extension conflicts and compatibility issues. | |||
PHP standards compliance Adhere to PHP-Framework Interoperability Group (FIG) standards. | |||
Web Setup Wizard Use the to upgrade the Magento software and third-party extensions. | |||
Repackaging Repackage Magento Open Source with other components. | |||
Production ready Use the Magento software in a production environment. | * | ||
Open source contribution Contribute to Magento open source code repositories. | ** | ||
* Magento 2.2 archives are compatible with PHP 7.0 only. If you’re using PHP 7.1, download Magento 2.2 with Composer instead to avoid compatibility issues during installation. ** If you clone the Magento 2 GitHub repository, you cannot use the Magento software in a production environment. You cannot have a live store that accepts orders and so on. | Get It | Get It | Get It |
Note: Prior to installation we recommend that you review Magento 2.x System Requirements.
Composer
Composer enables you to manage Magento components and their dependencies, providing you with the following advantages over a ZIP install:
- • Enables you to reuse third-party libraries without bundling them with source code
- • Component-based architecture with robust dependency management
- • Semantic versioning
- • Supports the PHP Framework Interoperability standard
Git
A Git clone of the Magento repository is intended for anyone who contributes to the Magento Open Source codebase.
You should be:- • Highly technical,
- • Understand Composer and Git commands, and
- • Be able to upgrade the Magento system software and extensions using those commands.
Archive (zip/tar)
Downloading an archive file allows you to run Magento software on a local server. You can download in either zip or tar format. You can also choose to include sample date, or not, with your download. This is a relatively simple installation method, but it lacks many of the advantages of using Composer. If you may need any of the Composer features noted above, we recommend you use that method instead.
For details on how to install Magento, once downloaded, consult this documentation - Install the Magento archive on your server.Version Description
Patches
MC-38509 Create New Customer Account patch
-Added October 26, 2020
This hotfix resolves an issue with Magento Commerce and Open Source 2.4.1 and 2.3.6 where the "Create an Account" button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error.Affected Magento versions: Magento Commerce and Open Source v2.4.1 / v2.3.6 (on prem and Cloud).
See Applying patches for specific instructions on downloading and applying Magento patches.BUNDLE-2670 Braintree Virtual Terminal patch
BUNDLE-2683 Braintree Settlement Report patch
MC-35984
MC-35514
Patch for specific country payment method issue for Magento 2.3.5-p1
-Added May 20, 2020
This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).
See Applying patches for specific instructions on downloading and applying Magento patches.Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1
-Added May 04, 2020
This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).
See Applying patches for specific instructions on downloading and applying Magento patches.Resend account confirmation email link issue patch for Magento 2.3.5
-Added April 29, 2020
This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)
Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 / v2.3.5-p2 (on prem and cloud).
See Applying patches for specific instructions on downloading and applying Magento patches.
Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1
-Added March 24, 2020
This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.
While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.PayPal Express Checkout issue with region patch for Magento 2.3.4
-Added February 12, 2020
This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.
Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).
See Applying patches for specific instructions on downloading and applying Magento patches.
Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3
This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.
Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).
EmailMessageInterface backward compatibility issue patch for Magento 2.3.3
This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface
, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface
inherits from the old MessageInterface
, and core modules are changed back to rely on MessageInterface
.
Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.
Affected Magento versions: Magento Commerce and Open Source v2.3.3.
See the Magento forum DevBlog post for much more information.
Fixed method chaining contract for Product Collection patch for Magento 2.3.3
This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts.
The addAttributeToFilter
method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php
) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.
PRODSECBUG-2233
An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.
The issue affects the following Magento versions (on prem and cloud):
- Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
- Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
- Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
Scope parameter for Async/Bulk API patch
This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.
Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1
PRODSECBUG-2432
An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location
Admin Dashboard Image-Charts API Composer Patch
This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.
PRODSECBUG-2198
This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can
Authorize.net Direct Post Signature Key patch
This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.
MAGETWO-95591
MAGETWO-93083
MAGETWO-93036
MAGETWO-92926
MAGETWO-67805
MDVA-532
MDVA-449
MDVA-84
Tools and help
Magento 1 to Magento 2 Migration Tools
We’ve developed migration tools to assist you with moving from Magento 1 to Magento 2.
The Magento 2
Data Migration Tool helps you efficiently port all of your key product, customer, and order data, store configurations, promotions and more to from Magento 1 to Magento 2. To learn more about it, see the Data Migration Guide .
The Magento 2
Code Migration Tool enables you to port some of your customizations from Magento 1 to Magento 2. Because of the differences between the two platforms, some additional coding is required. To learn more about it, see the
README.
Open source user’s guide
This most up-to-date documentation for the current Magento 2.x release combines easy-to-follow tutorials with comprehensive reference material.
Developer documentation
Reference articles to assist developers and integrators with installations, upgrades, patches, and customizations.
Designer / front end developer guide
A practical guide to the concepts and best practices of theme design for Magento 2.x stores. Leverage structural components, theme hierarchy, and fallback methods to create custom themes.
Test automation framework
Get instructions on installing and configuring the Magento Testing Framework (MTF).
Security scan
Magento Security Scan allows you to monitor your sites for known security risks from patches updates to malware and unauthorized access. Security tool is FREE for merchants and developers.
- • Monitor your sites security status
- • Increase your security monitoring with an optional SSH scan
- • Receive security updates and site specific notifications
Read these articles to learn more about the Magento Security Scan tool and how to activate the service.