Magento Commerce, 1.14.x

Magento 1.x Software Support Notice
For Magento Commerce 1, Magento is providing software support through June 2020. Depending on your Magento Commerce 1 version, software support may include both quality fixes and security patches. Please review our Magento Software Lifecycle Policy to see how your version of Magento Commerce 1 is supported.

Release Notes

Magento Enterprise Edition 1.14.2

We are pleased to bring to you Magento Enterprise Edition, 1.14.2, which includes new features for merchants and tools for developers, plus a wide range of product quality enhancements, security improvements, and fixes.

Important! Use Magento Enterprise 1.14.0 or later for all new installations and upgrades to ensure that you get the latest fixes, features, and security updates.

New Features for Merchants
Enhancements to Existing Features
Solutions for Developers

Magento Enterprise Edition 1.14.2 includes the latest versions of the Zend 1 Framework and Redis integration, as well as refinements to full-page caching that enable more pages to be served from cache. In addition, this release includes many enhancements as part of our commitment to continually improve product quality and to integrate previous patches into the core code.

  • Access Control List (ACL) nodes without value are now set to DENY access by default.
  • Admin passwords now expire at the specified time.
  • Cross-site request forgery (CSRF) protection issue that interfered with Varnish caching resolved.
  • Cross-site scripting (XSS) exploit that used CACHED_FRONT_FORM_KEY resolved.
  • Data deserialization potential exploits resolved.3
  • .htaccess added to the shell subdirectory.4
  • JavaScript injection potential exploit of the Wishlist resolved.
  • Pages served using the HTTPS protocol now POST using HTTPS.
  • PHP bug in libxml that could cause the site to crash resolved.
  • Remote code execution potential exploits resolved.5
  • SQL injection potential vulnerabilities related to Advanced Search resolved.
  • XSS potential exploit that uses JavaScript in the Visual Merchandiser window resolved.
Changes in This Release
  • Access Control List (ACL) resources have new resources enabled.
  • Cron jobs now execute at the time they were created, rather than the order in which they were created.
  • Google Universal Analytics now includes information about customer orders. The configuration has been streamlined, and includes three account types: Google Analytics, Universal Analytics, and Google Tag Manager.
  • Internet Protocol version 6 (IPv6) addressing is now supported.
  • Magento can now be updated from Magento Connect Manager.
  • Prices can be saved with a comma to separate thousands.
  • Products can be downloaded over HTTPS.
  • Redis integration has been updated to the latest version.6
  • XMLConnect module has been updated to ver. 24. The module should be delivered in the “disabled” state.
  • Zend framework has been updated to ver. 1.12.10.
Known Issues
Miscellaneous Fixes
  • OAuth log in page now includes the form_key field.
  • REST call to Mage_Sales_Model_Order no longer returns errors.
  • SOAP API correctly populates the min_sale_qty field.
  • When a partial invoice is created using SOAP V2, salesOrderInvoiceCreate no longer changes the value of $itemsQty in subsequent orders.
  • Additional fields in the SOAP API CategoryInfo method:
  • SOAP WSDL URL (/api/v2_soap?wsdl) no longer appears the Admin, which is unreachable by SOAP.
  • Duplicate attribute sets no longer appear if they are several pages long.
  • Product Visibility set to “Search” works correctly.
  • Resolved JavaScript errors related to one-page checkout. (For example, reward points.)
  • Removing the printed gift card option during checkout adjusts the order total.
  • Regions appear in alphabetical order on the checkout page.
  • Customers can register for an account and complete checkout while the compiler is running.
Content Delivery Network (CDN)
  • Small web format (SWF) files can now be served from a content deliver network (CDN).7
Content Staging
  • Opening a staging website no longer returns an error.
  • The correct content appears in the storefront when the store cookie is set.
  • Widgets can be added to CMS pages.
  • Resolved issues uploading images from the WYSIWYG editor.
  • Thumbnails now appear in the WYSIWYG editor.
  • CMS pages that use the Generic Content layout appear normally.
  • The CMS Preview page uses the current theme.
  • Filtering customer attribute issue resolved.
  • The customer’s middle name or initial appears in both the Admin and storefront.
  • When customers log in to their accounts, the account page appears instead of the last page visited.
  • Saving a customer account from the Admin no longer returns an error.
  • If the customer locale does not require a postal code, the administrator does not have to enter one.
  • In the password reset notification, customer can reset their passwords for the correct store view.
  • The dates that customers and customer addresses were created are now correct.This fix does not apply to customers or addresses created in earlier versions. Only customers and addresses created with Magento Enterprise ver. 1.14.2 show the correct dates.
  • Deleting large numbers of products from the Admin no longer returns SQLSTATE errors.
  • Disabled products no longer appear in the flat catalog table.
  • Resolved an issue that caused the core_cache_tags database table to grow in size.
Full-Page Cache
  • Resolved an issue with the gift cards price block after the full-page cache is flushed.
  • Resolved several issues related to full-page cache invalidation when products are saved.
Google Universal Analytics
  • Removed extraneous fields from the Google Universal Analytics configuration.
  • Dataflow now exports products in which images are not used as media attributes.
  • Importing and exporting postal codes with a wildcard (*) works correctly.
  • Custom options are preserved during import.
  • Product imports no longer change the Visibility setting.
Magento Connect
  • You can now install extensions without errors using the Database Backup option.
  • Fixed potential issues with extensions.
  • Customers who use the same email address to subscribe to multiple newsletters now receive all newsletters to which they are subscribed.
  • When an order is placed, customers who use the same email address to register with two websites no longer receive notification that they have unsubscribed from a newsletter.
Order Processing
  • Address validation has been enhanced.
  • Printed invoices show the correct price for bundle products.
  • Issues with FedEx error code handling resolved. Choosing FedEx during checkout does not cause a fatal error.
  • Orders can be viewed from the Admin without triggering an error.
  • The percent (%) symbol can be used in order comments. Previously, the percent symbol interfered with the display of order comments.
  • The Fetch button works correctly for Authorize.Net Direct Post.
  • When a returned order that was paid with a gift card is edited from the Admin, the refund amount is applied to the gift card balance.
  • The RMA header prints correctly.
  • JavaScript errors do not occur when processing a return.
  • You can change the value of php_value memory_limit in .htaccess without encountering "out of memory" errors.
  • You can change the price of a product using the website scope without errors.
  • Added validation to make sure the special price is not greater than the actual price.
  • Automated email reminders now work correctly.
  • Resolved a performance issue related to catalog price rules with a large number of configured quotes.
  • The customer segment condition, Customer Created At, now creates a from and to date. 
  • Resolved an issue with related products from a rule-based product relation not appearing in the storefront.
  • The administrator is now prompted to flush the Magento cache when a rule-based product relation is saved.
  • Fixed a fatal error that occurs when a rule that expects a single value, such as category = X, and multiple values are assigned, such as category = X, Y. To resolve the problem, any rule-based product relations with such a condition must be deleted and recreated.
  • The correct date appears in reports that are configured to run for a month or a year.
  • The Bestseller section of the Dashboard displays the correct prices.
  • The Sales Orders report displays the correct profit calculation result.
  • Solr search suggestion counts no longer appear when Show Results Count for Each Suggestion is disabled in the configuration.
  • Rollback now completes without error when running PHP 5.5.
Shopping Cart
  • A message appears when you add an item to your shopping cart.
  • Customers can move unconfigured items from the Wishlist to the shopping cart without encountering an error.
  • Customers can edit Custom Options in a shopping cart without issues.
  • Swatch images no longer change size when clicked in search results.
  • Fixed responsive theme display problem with ZIP/Postal Code field.
  • Implemented correct escape character for translations.
  • International characters can now be used in a Magento storefront domain.8
  • Resolved issues with inline translation links and the Chrome browser.
  • Corrected the spelling of the Austrian province Vorarlberg.
  • Corrected missing translation of a shipping method error message.
  • Chinese locales now appear in the Interface Locale list.
Visual Merchandiser
  • When using Mass Product Assignment to add or remove products, the SKU dialog box appears whether or not SKUs were added.
  • The down arrow and attribute labels are now visible when moving a product from search results to the Merchandiser Window. The number of columns can be set from the Merchandiser Window, including validation.
  • Products are not cleared when using the Visual Merchandiser cron job, or when rebuilding category products for smart categories.

We’d like to thank the following members of the Magento Community for their contributions to this release:

1 Performance enhancements, Thomas Birke

2 Performance enhancements, Ivan Chepurnty

3 Resolution of data deserialization exploit, Matthew Berry

4 Added .htaccess to shell subdirectory, Phillip Jackson

5 Resolution of remote code execution exploits, Netanel Rubin

6 Updated Redis integration, Colin Mollenhour

7 SWF files from CDN, Sean N. Heukels

8 International characters in storefront domain, Yihao Peng