Magento Community Edition 2.0.1
We are pleased to present Magento Community Edition 2.0.1, the next generation of the world’s leading digital commerce platform. This patch release contains several important functional updates, including official support for PHP 7.0.2.
Magento 2.0.1 adds support for PHP 7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports new PHP language features.
This release includes numerous enhancements to improve the security of your Magento 2.0 installation. While there are no confirmed attacks related to these issues to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento 2.0 installation to the latest version as soon as possible.
Security fixes in this release include the following:
- SQL injection
- Persistent XSS vulnerability for order comments made from Admin
- Ability to save XSS code into database
- Reflected XSS in cookie HTTP header
- CSRF vulnerability on cart checkout.
- Ability for users to bypass filter by editing inline translations
- Ability to access core system information using CMS blocks and cache entries.
- Ability to save XSS code through custom options.
- Ability to bypass Magento storefront CAPTCHA.
- Persistent XSS using customer name.
- Ability for unauthenticated users to delete any product review from the storefront.
- Attackers able to access order information in the store.
- Lack of password quality enforcement when changing admin passwords.
To learn more, see the Security Center. We recommend that you review Magento’s Security Best Practices, and make sure that all safeguards are in place to protect your system from compromise. Use this occasion to examine your system for indications of possible attack, such as strange administrator accounts, unfamiliar files on the server, etc. To receive direct notification from our security team regarding any emerging issues and solutions, sign up for the Security Alert Registry.
On January 17, 2016, USPS made several changes to their services, rates, and package names. The updates are reflected in this release, and include the following changes:
- Standard Post renamed “Retail Ground”
- Flat Rate Box for Priority Mail Express Eliminated
Changes in This Release
The Magento CHANGELOG file itemizes the changes and enhancements specific to Magento Release 2.0.x. The
CHANGELOG.md file is organized into categories by minor releases, with the most recent release first.
- Catalog price rule when specifying subproduct discounts.
- Shopping cart for a registered user not returning a full list of selected products. The shopping cart of a registered user now operates as expected.
- Failure to update minicart after completing an order using PayPal. Magento now clears the minicart as expected after you complete a purchase with PayPal.
- Customer Edit form not appearing when you create a new Customer using a customer attribute. The Customer Edit form now appears as expected.
- Sending messages using the wrong AMQP connection alias. Messages are now sent as expected.
- Redundant calls to plugin methods.
- Cart subtotal not including custom option prices in order calculations for configurable product. Shopping cart subtotal calculations now include custom option prices.
- Catalog price rule not applied to the product created through the web API. Magento now applies the catalog price rule as expected.
- Inconsistent application of discounts across all relevant configurable products. Magento now correctly displays discounts for all relevant options of a configurable product.
- Incomplete display of category fields when working in store view scope. Magento now displays all scope information as expected.
- Inability to create and save a new Content block. You can now add new blocks from the Admin.
- Issue with checkbox component behavior. Checkbox component now displays expected behavior. Magento sends the checkbox input value (original) data only if the checkbox is checked upon form submission.
- Selected country information not appearing at checkout.
- Not all classes able to be intercepted in early stages of application life cycle.
- Failure during creation when Google experiments is enabled.
- Unspecified resetting of product assignments after applying a filter from a category product listing.
- Incorrect target for the "Learn More" link on the Payment Methods Configuration page.
- Changes in the USPS API to match updated USPS method names.
- Prices incorrect on product page for configurable product when catalog prices include tax.
- Synonyms not working.
- Orders not created when Include Tax in Order Total is set to "Yes."
- Shipping address in the Orders API now exposes the shipping address value.
- The Replace feature of the Import Product works in a multistore environment.
- Magento now displays product tables correctly when an administrator navigates to Product > Inventory > Catalog after either of these two actions: 1) first time after product installation; 2) clearing cache and static file directories.
- Creating a product with an empty file as a custom file option now works correctly.
- Added autoload functionality instead of direct paths to load dependent files.
- Product URL rewrites now works correctly when accessed from a Category page.
- Error during product import. Validation now works correctly.
- Container components not disabled during import.
- Legacy tests fail due to obsolete paths. References to classes in the legacy build removed.
- Integration tests fail on Magento 2.0.
Redundant executions of
Redundant executions of
- Catalog pages in Magento installations running Varnish.
- Swatch module on a category product listing page.
- Large stores with a significant number of customers.
- Issue with precompilation.
- Product performance after an upgrade that modifies the database schema.
Accessing sample data after deploying Magento with
Travis Cl build failures due to authentication to
- PHP syntax error prevents the collection of all phrases for translation.
- Magento tries to save twice when a product is added to the catalog.
- Code Migration tool randomly hangs and terminates with an error.
Magento 2.0 Resources
Magento provides the following resources to support your migration and development projects:
Code Migration Toolkit
The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.1. The command-line interface includes scripts for converting Magento 1.x modules and layouts.
Data Migration Toolkit
The Magento Data Migration Toolkit, which allows to migrate store data from 1.x CE or EE to 2.x EE, is currently available to users of Magento 2.0.0 EE. This toolkit will be available soon to users of Magento 2.0.1 CE. The Magento Data Migration Toolkit helps transfer existing Magento 1.x customer, product and other data to Magento 2.0.x. The command-line interface includes verification, progress tracking, logging, and testing functions. To learn more, see Data Migration, and check out Data Migration Tool.
We provide a rich set of code samples, such as modules and other components, that demonstrate how to customize Magento 2.0.
Our technology stack is built on PHP and MySQL. Magento 2.0.1 supports PHP 5.5, 5.6x, 7.0.2, and MySQL 5.6.
|1.||Go to the Magento Community Edition download page.|
|2.||Under Full Release for version 2.0.1, select a format for the download archive file. Then, tap Download.|
|3.||Follow the instructions to install Magento.|
Upgrading Existing Installations
|1.||Log in to your store Admin with Administrator privileges.|
|2.||On the Admin sidebar, tap System. Then under Tools choose Web Setup Wizard.|
|3.||Tap the System Upgrade tile. Then, follow the instructions to complete the upgrade.|