Releases

Magento Open Source delivers features to build and grow a unique online store from the ground up. However, if you need an all-in-one cloud solution that is optimized, easy to deploy, provides enhanced security, and is packed with additional integrated capabilities to accelerate sales; consider Magento Commerce.

Which installation method is right for you? Composer Recommended for most situations Git For Magento Open Source developers Archive Download Magento as zip/tar file
Library management Reuse third-party libraries without bundling them with source code. S Close 18 N S Close 18 N
Dependency management Component-based architecture to reduce extension conflicts and compatibility issues. S Close 18 N S Close 18 N
PHP standards compliance Adhere to PHP-Framework Interoperability Group (FIG) standards. S Close 18 N S Close 18 N
Web Setup Wizard Use the to upgrade the Magento software and third-party extensions. S Close 18 N S Close 18 N
Repackaging Repackage Magento Open Source with other components. S Close 18 N S Close 18 N
Production ready Use the Magento software in a production environment. S Close 18 N S Checkmark 18 N *
Open source contribution Contribute to Magento open source code repositories. S Checkmark 18 N ** S Close 18 N
* Magento 2.2 archives are compatible with PHP 7.0 only. If you’re using PHP 7.1, download Magento 2.2 with Composer instead to avoid compatibility issues during installation. ** If you clone the Magento 2 GitHub repository, you cannot use the Magento software in a production environment. You cannot have a live store that accepts orders and so on. Get It Get It

Note: Prior to installation we recommend that you review Magento 2.x System Requirements.

Composer

Composer enables you to manage Magento components and their dependencies, providing you with the following advantages over a ZIP install:

  • • Enables you to reuse third-party libraries without bundling them with source code
  • • Component-based architecture with robust dependency management
  • • Semantic versioning
  • • Supports the PHP Framework Interoperability standard

Git

A Git clone of the Magento repository is intended for anyone who contributes to the Magento Open Source codebase.

You should be:
  • • Highly technical,
  • • Understand Composer and Git commands, and
  • • Be able to upgrade the Magento system software and extensions using those commands.
If that is not you, please choose another download method.

Archive (zip/tar)

Downloading an archive file allows you to run Magento software on a local server. You can download in either zip or tar format. You can also choose to include sample date, or not, with your download. This is a relatively simple installation method, but it lacks many of the advantages of using Composer. If you may need any of the Composer features noted above, we recommend you use that method instead.

For details on how to install Magento, once downloaded, consult this documentation - Install the Magento archive on your server.
Download

Version Description

Patches

Here you can download the latest patches and updates for all versions of Magento 2.x. For details on patching Magento, read the Applying patches page on DevDocs

MC-38509 Create New Customer Account patch

-Added October 26, 2020

This hotfix resolves an issue with Magento Commerce and Open Source 2.4.1 and 2.3.6 where the "Create an Account" button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error.

Affected Magento versions: Magento Commerce and Open Source v2.4.1 / v2.3.6 (on prem and Cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

BUNDLE-2670 Braintree Virtual Terminal patch

This hotfix resolves an issue with Magento Commerce 2.4.0 and Magento Open Source 2.4.0 where Magento throws an error when opening "Sales > Braintree Virtual Terminal". See Braintree Virtual Terminal page is corrupted Knowledge Base article.
File Size: 0.00 MB

BUNDLE-2683 Braintree Settlement Report patch

This hotfix resolves an issue with Magento Commerce 2.4.0 and Magento Open Source 2.4.0 where merchants could not access the Braintree Settlement Report page (Admin > Reports).
File Size: 0.00 MB

MC-35984

This hotfix resolves an issue with Magento Commerce 2.4.0 where merchants could not interact with any page elements on the Returns page after creating a shipping label for a Return Merchandise Authorization (RMA).
File Size: 0.00 MB

MC-35514

This hotfix resolves an issue with Magento Commerce 2.4.0 and Magento Open Source 2.4.0 where merchants could not add ordered products to a package from the Admin Create Package page and save the package.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 / v2.3.5-p2 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Patch for specific country payment method issue for Magento 2.3.5-p1

-Added May 20, 2020

This patch resolves an issue in Magento 2.3.5 and 2.3.5-p1 where the storefront checkout workflow did not display any payment method that has been enabled for specific countries with the exception of the Klarna and Amazon Pay payment methods.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Patch for Amazon Pay issue with payment method selection on checkout for Magento 2.3.5-p1

-Added May 04, 2020

This patch resolves the issue with inability to change a payment method on checkout "Review & Payments" step from the payments widget, while checking out with Amazon Pay.

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.
File Size: 0.00 MB

Resend account confirmation email link issue patch for Magento 2.3.5

-Added April 29, 2020

This patch resolves an inability to re-send an account confirmation email link from storefront account login page. (This known issue was first identified in Magento 2.3.5.)

Affected Magento versions: Magento Commerce and Open Source v2.3.5 / v2.3.5-p1 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Remove failed login attempts from the database patch for Magento 2.3.0 - 2.3.2p1

-Added March 24, 2020

This patch addresses a lingering issue created by the fix for CVE-2019-8118 (PRODSECBUG-2452) included in Magento 2.3.3 and 2.2.10.

While the fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This patch clears the login attempts that were previously collected. See Remove failed login attempts from the database for information on how to download and install this patch.
File Size: 0.00 MB

PayPal Express Checkout issue with region patch for Magento 2.3.4

-Added February 12, 2020

This patch resolves the issue which affects orders placed with PayPal Express Checkout where the order’s shipping address specifies a country region that has been manually entered into the text field rather than selected from the drop-down menu on the Shipping page.

Affected Magento versions: Magento Commerce and Open Source v2.3.4 (on prem and cloud).

See Applying patches for specific instructions on downloading and applying Magento patches.

File Size: 0.00 MB

Catalog pagination issue on Elasticsearch 6.x patch for Magento 2.3.3

This patch resolves issues that users of Magento 2.3.3 experience in deployments where Elasticsearch 6.x is used as the catalog search engine. Users who attempt to navigate past the first page of search results are unsuccessful, and Magento displays an error message. After this patch is installed, users will be able to page through all search results.

Affected Magento versions: Magento Commerce and Open Source v2.3.3 (on Prem and Cloud).

File Size: 0.00 MB

EmailMessageInterface backward compatibility issue patch for Magento 2.3.3

This patch addresses backward compatibility issues that extension developers may have experienced after the introduction of Magento\Framework\Mail\EmailMessageInterface, which was released in Magento 2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and core modules are changed back to rely on MessageInterface. Merchants should apply this patch as soon as possible, especially if their deployments include extensions or customizations that use the mail interface.

Affected Magento versions: Magento Commerce and Open Source v2.3.3.

See the Magento forum DevBlog post for much more information.

File Size: 0.00 MB

Fixed method chaining contract for Product Collection patch for Magento 2.3.3

This patch addresses changes that were introduced in Magento 2.3.3 that resulted in problems with extensions and customizations of the product collection feature that rely on method chaining contracts. The addAttributeToFilter method (in file app/code/Magento/Catalog/Model/ResourceModel/Product/Collection.php) was refactored without a return statement, which broke the method-chaining that is used extensively in customizations of this feature. This patch refactors the method to add the missing return statement and ensure that method chaining works.

File Size: 0.00 MB

PRODSECBUG-2233

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left older versions of Magento Commerce and Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible.

The issue affects the following Magento versions (on prem and cloud):

  • Magento Open Source v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases
  • Magento Commerce Cloud v2.3.1, 2.3.0, 2.2.8, and earlier 2.2.x releases

File Size: 0.00 MB

Scope parameter for Async/Bulk API patch

This patch resolves an issue with the Async and Bulk APIs, which in certain versions of Magento do not provide the information needed to update or create data for specific stores. Without this patch, the Async/Bulk REST APIs will support the default store view scope only.

Affected Magento versions are: Magento Open Source v2.3.2, 2.3.1

File Size: 0.00 MB

PRODSECBUG-2432

An issue has been discovered in Magento Open Source and Magento Commerce that can be used to disclose the URL location of a Magento Admin panel. While there is currently no reason to believe this issue would lead to a compromise directly, knowing the URL location could make it easier to automate attacks. To help prevent against potential attacks, Magento has released patches for this issue. For complete details, install instructions, and recommendations, see: https://magento.com/security/security-update-potential-vulnerability-magento-admin-url-location

File Size: 0.00 MB

Admin Dashboard Image-Charts API Composer Patch

This patch provides a replacement for the deprecated Google Image Charts service that Magento uses for all 2.x instances and replaces it with the Image-Charts free service. Users of Magento 2.x deployments will not be able to view static charts in Magento 2.x instances unless they download and apply this patch. See Switch from deprecated Google Image Charts to Image-Charts for Magento for more information.

File Size: 0.00 MB

PRODSECBUG-2198

This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. To quickly protect your store from this vulnerability only, install this patch. However, to apply protection against this vulnerability and others, you must apply the 2.3.1, 2.2.8, or 2.1.17 patch code. We strongly suggest that you install these full patches as soon as you can

File Size: 0.00 MB

Authorize.net Direct Post Signature Key patch

This patch updates Authorize.Net Direct Post integration to continue processing payments beyond March 14th 2019 (see MD5 Hash End of Life & Signature Key Replacement). There are additional steps that you need to execute after installing this patch to ensure continued use of Authorize.Net – read more Update Authorize.Net Direct Post from MD5 to SHA-512.

File Size: 0.00 MB

MAGETWO-95591

This hot fix resolves issues that merchants experienced with custom attributes after upgrading to Magento 2.2.6. Merchants were not able to save a newly created multiselect or dropdown customer attribute. Additionally, merchants could not edit existing customer attributes from the customer’s account on the storefront.
File Size: 0.00 MB

MAGETWO-93083

This patch provides performance optimization for retrieving product attributes in Magento 2.2.5
File Size: 0.00 MB

MAGETWO-93036

This patch provides a fix for problems that merchants experienced when trying to change a storefront’s applied theme in Magento 2.2.4 or 2.2.5. See GitHub-14968 for more information. Merchants who are running Magento 2.2.4 should upgrade to 2.2.5 and then apply this patch. Merchants who are running 2.2.5 should apply this patch or upgrade to 2.2.6 when it becomes available.
File Size: 0.00 MB

MAGETWO-92926

Resolution of issues that customers were experiencing when upgrading to Magento 2.2.4 in deployments that span multiple websites. Magento multi-store installations were not using the store view-specific values from the store configuration settings if these settings differed from the global default configuration settings. Instead, Magento used the default configuration for all store views. See GitHub-15205 and GitHub-15245 for more detailed discussions of the problems some customers encountered.
File Size: 0.00 MB

MAGETWO-67805

Hot fix MAGETWO-67805 provides a fix for the image resizing issue that affects installations of Magento 2.1.6 CE. For details, see Image Resize Issue with Magento version 2.1.6.
File Size: 0.00 MB

MDVA-532

Patch MDVA-532 fixes an issue with the Magento composer-installer component that causes upgrades to fail. For details, see Upgrade to Magento version 2.1 (June 22, 2016)
File Size: 0.00 MB

MDVA-449

Patch MDVA-449 provides a fix for potential upgrade issues for Magento CE installations running PHP 5.5.x and a specific version of the Magento Setup application (also known as the Updater application). Please review the Required patch for PHP 5.5.x and Setup Application environments (June 2, 2016) Technical Bulletin to assess your need for this patch, and how to apply it, if you do.
File Size: 0.00 MB

MDVA-84

Patch MDVA-84 for Magento Community Edition – MDVA-84.zip, .tar.gz, and .tar.bz2, Apply this patch if you are running Magento CE 2.0.1 and your Magento server runs 7.0.1 or PHP 7.0.2. It adds support for PHP 7.0.2 to the updater application. See technical bulletin Issues upgrading to 2.0.1 (Jan. 28, 2016) for more information.
File Size: 0.00 MB

Tools and help

Magento 1 to Magento 2 Migration Tools

We’ve developed migration tools to assist you with moving from Magento 1 to Magento 2.

The Magento 2 Data Migration Tool helps you efficiently port all of your key product, customer, and order data, store configurations, promotions and more to from Magento 1 to Magento 2. To learn more about it, see the Data Migration Guide .

The Magento 2 Code Migration Tool enables you to port some of your customizations from Magento 1 to Magento 2. Because of the differences between the two platforms, some additional coding is required. To learn more about it, see the README.

Open source user’s guide

This most up-to-date documentation for the current Magento 2.x release combines easy-to-follow tutorials with comprehensive reference material.

Developer documentation

Reference articles to assist developers and integrators with installations, upgrades, patches, and customizations.

Designer / front end developer guide

A practical guide to the concepts and best practices of theme design for Magento 2.x stores. Leverage structural components, theme hierarchy, and fallback methods to create custom themes.

Test automation framework

Get instructions on installing and configuring the Magento Testing Framework (MTF).

Security scan

Magento Security Scan allows you to monitor your sites for known security risks from patches updates to malware and unauthorized access. Security tool is FREE for merchants and developers.

  • • Monitor your sites security status
  • • Increase your security monitoring with an optional SSH scan
  • • Receive security updates and site specific notifications

Read these articles to learn more about the Magento Security Scan tool and how to activate the service.