On August 26, the OpenMage project released new security and bug fix updates. Version 19.x is an LTS (Long Term Support) version with indefinite lifetime, but at least 5 years. It will ensure a maximum on backwards compatibility to Magento 1 merchants.
OpenMage 19.4.15 Change Log
Security Updates
- CVE-2021-32758 – GHSA-26rr-v2j2-25fh – Layout XML Arbitrary Code Fix
- CVE-2021-32759 – GHSA-xm9f-vxmx-4m58 – Data Flow Sanitation Issue Fix
Bug Fix Updates
- make composer validation workflow use –strict
- Remove phpdoc to parent doc take effect Bump Version – align version with 20.0 branch
- Do not load product when it is already loaded
- Fix as attribute for cookie notice
- Fix ArgumentCountError: array_merge_recursive()
- Fix retrun type of getColumn in Column_Renderer_Interface
- Fix undefined offset on redis session
- Add events list
- Update new events in README.md
- Fix phpdoc of Mage_Core_Model_Resource_Db_Collection_Abstract::addExpressionFieldToSelect
- Remove deprecated flash js (AC_RunActiveContent.js)
- Handle empty Order increment prefix
- Enforce specific PNG compression level of 9
- Do not load captcha.js when disabled
- Grid range filter – optimize SQL query when from === to
- rewrite isTableExists for performance reasons
- fixes regression introduced by PR 1720
- Fix phpdoc of Varien_Data_Collection_Db::getSelectSql
- Allow BASE_URL to be overridden by environment in install script.
- Add support for maintenance mode bypass via maintenance.ip file
- Move ahead commits from 1.9.3.x (#447)
- Move ahead commits from 1.9.3.x (#583)
- Move ahead commits from 1.9.3.x (#575)
- Remov space after «To» in backend grids
- Log exception on api
- Code style (endif)
- Invalidate reset password token when user changes password
- Add event sales_order_creditmemo_refund_before
- Add instruction to add him-/herself to contributors list
- Fix docblock in addStatusHistoryComment()
- Mark indexProcess as STATUS_REQUIRE_REINDEX; it is cleared after
- Add redis, and specify in more details + add php7.4 mention
- Add proof of stability stack
- Fix README.md contributors badge
- Add check to avoid js error
- Add OpenMage version to API ‹magento.info›.
- Update contributors list
- Add int casting in getLogCleanTime
- Phpdoc of Mage_Core_Model_Session_Abstract_Varien
OpenMage 20.0.13 Change Log
OpenMage version 20.x will not be backward compatible with Magento. It is an independent project with «bolder» changes.
Security Updates
- CVE-2021-32758 – GHSA-26rr-v2j2-25fh – Layout XML Arbitrary Code Fix
- CVE-2021-32759 – GHSA-xm9f-vxmx-4m58 – Data Flow Sanitation Issue Fix
Bug Fix Updates
- Fix origData is empty in a quote
- Remov orphan directory and code of compiler and downloder
- Remov unused variable
- Fix incorrect datetime in block and merged changes from v19.4.15
