Magento 1.9.4.1 is Out
A new version of Magento has been released. Since a few security issues have been resolved, we’re considering this a security fix and also, this security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. We recommend all Magento website owners have this upgrade done.
Magento Open Source 1.9.4.1 Release Notes (Magento.com)
This version (or patch SUPEE-11086, which applies to older versions of Magento) provides resolution of multiple critical security issues and functional fixes. These security enhancements help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues.
Note: Magento’s implementation of the Authorize.Net Direct Post payment method currently uses MD5-based hash for all M1 and M2 installations. As of June 28, 2019, Authorize.Net will stop supporting MD5-based hash usage.
This will result in Magento merchants not being able to use Authorize.Net Direct Post to process payments. To avoid disruption and to continue processing payments, merchants must apply a patch provided by Magento and add a Signature Key (SHA-512) in the Magento Admin configuration settings. Magento released this patch in late February to address this issue on pre-2.3.1 installations of Magento. See Update Authorize.Net Direct Post from MD5 to SHA-512.
Information about the deprecation of Authorize.Net Direct Post can be found here.
Fixed issues and enhancements
- Google Image Charts has been deprecated and replaced by Image-Charts for dashboard charts.
- Layered navigation now works as expected when full page cache and block caching are enabled. Previously, you could not clear layered navigation filters when these features were enabled.
- Errors caused by problematic PHP error logging have been resolved. Previously, Magento displayed excessive and unnecessary 404 errors.
- Magento now displays the following message when an invalid character is used, Attribute code is invalid. Please use only letters (a-z), numbers (0-9) or underscore(_) in this field, first character should be a letter. Do not use "event" for an attribute code. Previously, Magento did not flag invalid attribute codes.
- You can now add to the cart products with custom options for which the custom option checkbox has not been checked. Previously, Magento did not add the product to the cart, and displayed this message, Cannot add the item to shopping cart.
- URL redirects for products now work as expected. Previously, when you selected a product from the Category page and Add URL Redirect has been enabled, Magento redirected users to URL Redirect Information and threw this error, exception 'Mage_Core_Exception' with message 'Invalid block type: Mage_Adminhtml_Block_Empty_Edit_Form' in app/Mage.php:580
- Magento now displays payment information during the confirmation step of check out and successfully processes an order when inline translation is enabled. Previously, Magento did not display this payment information during check out, and the order was not completed.
- You can now create a staging website when development mode is enabled. Previously, Magento threw an error after you added a website from System > Content Staging > Staging Websites.
- You can now successfully delete a website by clicking Delete Website as expected. Previously, when you clicked this button, Magento threw a fatal error.
- You can now add a banner by clicking Add Banner from the Admin. Previously, Magento threw an error when you clicked this button.
- Magento no longer throws an Undefined index: is_recurring error when when you try to save a product when deploying Magento with development mode enabled.
The previous release was on November 29, 2018.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.
Thank you,
–Webstix Support
