Magento Commerce, 2.0.11

Magento 2.0.18 is the final 2.0.x release. After March 2018, Magento 2.0.x will no longer receive security patches, quality fixes, or documentation updates. To maintain your site's performance, security, and PCIPayment Card Industry: Refers to debit and credit cards and their associated businesses. compliance, upgrade to the latest version of Magento.

Release Notes

Magento Enterprise Edition 2.0.1

We are pleased to present Magento Enterprise Edition 2.0.1. This patch release contains several important functional updates, including official support for PHP 7.0.2.

PHP 7.0.2 Compatibility

Magento 2.0.1 adds support for PHP 7.0.2, which provides dramatic performance improvements, drastically reduces memory consumption, and supports new PHP language features.

Security Enhancements

This release includes numerous enhancements to improve the security of your Magento 2.0 installation. While there are no confirmed attacks related to these issues to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento 2.0 installation to the latest version as soon as possible.

Security fixes in this release include the following:

  • SQL injection
  • Magento back office persistent XSS vulnerability on order comments
  • Ability to save XSS code into database
  • Reflected XSS in cookie HTTP header
  • CSRF vulnerability on cart checkout.
  • Ability for users to bypass filter by editing inline translations
  • Ability to access core system information using CMSContent Management System: A software system that is used to create, edit, and maintain content on a website. blocks and cache entries.
  • Ability to save XSS code through custom options.
  • Ability to bypass Magento storefront CAPTCHA.
  • Persistent XSS using customer name.
  • Ability for unauthenticated users to delete any product review from the storefront.
  • Attackers able to access order information in the store.

To learn more, see the Security Center. We recommend that you review Magento’s Security Best Practices, and make sure that all safeguards are in place to protect your system from compromise. Use this occasion to examine your system for indications of possible attack, such as strange administrator accounts, unfamiliar files on the server, etc. To receive direct notification from our security team regarding any emerging issues and solutions, sign up for the Security Alert Registry.

USPS API Changes

On January 17, 2016, USPS made several changes to their services, rates, and package names. The updates are reflected in this release, and include the following changes:

  • Standard Post renamed “Retail Ground”
  • Flat Rate Box for Priority Mail Express Eliminated
Changes in This Release

The Magento CHANGELOG file itemizes the changes and enhancements specific to Magento Release 2.0.x. The file is organized into categories by minor releases, with the most recent release first.

Fixed Issues
Magento 2.0 Resources

Magento provides the following resources to support your migration and development projects:

Code Migration Toolkit

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.1. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Data Migration Toolkit

The Magento Data Migration Toolkit, which allows to migrate store data from 1.x CE or EE to 2.x EE, is currently available to users of Magento 2.0.0 EE. This toolkit will be available soon to users of Magento 2.0.1 CE. The Magento Data Migration Toolkit helps transfer existing Magento 1.x customer, product and other data to Magento 2.0.x. The command-line interface includes verification, progress tracking, logging, and testing functions. To learn more, see Data Migration, and check out Data Migration Tool.

Code Samples

We provide a rich set of code samples, such as modules and other components, that demonstrate how to customize Magento 2.0.

Technology stack

Our technology stack is built on PHP and MySQL. Magento 2.0.1 supports PHP 5.5, 5.6x, 7.0.2, and MySQL 5.6.

New Installations
Upgrading Existing Installations