Magento 1.9.3.1
This update contains mostly functional fixes but also one fix for a CSRF vulnerability.
- It restored the old tax calculation algorithm for shipping charges.
- Resolved an issue with setting the session lifetime to 0.
- The monthly cron job that cleans up the table that contains IP addresses and passwords runs properly.
- All configurable product images are imported.
- You no longer get an exception due to an undefined addCrumbs()method call.
- Resolved the error Notice: Undefined index: session_expire_timestampwhen accessing the storefront.
- Values for drop-down label values are saved correctly.
- The «Price as configured» for bundle products displays correctly in the shopping cart.
- Auto-generated passwords are sent to new customers as expected.
- The default MySQL Full-Text search works as expected; it no longer returns all products.
- Prevented a potential Cross-Site Request Forgery (CSRF) vulnerability by changing the form key when a customer signs out of the storefront.
- Catalog price rules return the correct price.
- Indexers now update all products instead of skipping the last product updated.
Magento 1.9.3
Magento Community Edition 1.9.3 delivers more than 120 quality improvements, as well as support for PHP 5.6 in addition to PHP 5.4 and 5.5.
It contains functional fixes and security fixes for XSS, CSRF, password enhancements and fixes for other security related bugs.
There are no new features in this update, it just improves the quality of Magento 1.9.
A full list of the changes can be found on devdocs.magento.com.#
Remember to backup before installing an update!
Pingback: The Openstream Nr. 6, Dezember 2016 – Openstream