Magento Open Source 2.2.0 – Out Now
We’re happy to inform you that the long-awaited 2.2 version of Magento is available. This release includes numerous functional fixes and enhancements.
Magento Open Source 2.2.0 includes a wealth of new, exciting features, and hundreds of enhancements and fixes. Look for the following highlights in this release:
- Bundled extensions. This release of Magento includes the first third-party extension that we are bundling with Magento Commerce – Magento Social. This extension establishes a connection between your store and your corporate Facebook account, and creates a page with products from your catalog. When shoppers click a product, they are redirected to the corresponding product page in your Magento store.
- Significant enhancements in platform security and developer experience. Security improvements include the removal of unserialize calls and protection of this functionality to increase resilence against dangerous code execution attacks. We have also continued to review and improve our protection against Cross-Site Scripting (XSS) attacks.
- Upgraded technology stack. We’ve dropped support for PHP 5.6, and Varnish 3. We now support PHP 7.1 Varnish 5, and MySQL 5.7. All third-party libraries have been upgraded to the latest stable version.
- Pipeline deployment, a new deployment process, enables build and deployment stages to minimize production system downtime for site updates. Resource-intensive processes can run on the build server. Pipeline deployment supports easy management of configuration between environments, too. Read more about pipeline deployment here.
- Performance gains from improvements in indexing, cart, and cache operations. Customers can browse and shop on a storefront while indexers are running with no visible impact to their experience. Additionally, long-running indexers operate in batches to better manage memory and run times. Cart improvements enable a buyer to create a cart with more than 300 line items, and merchants can process a cart with at least 300 line items. Varnish cache configuration now includes saint and grace mode to ensure Varnish is always presenting a cached page to a shop’s customers. Enhancements to cache invalidation logic and optimization of edge side include blocks for frequently changing data that significantly boost cache hit ratios.
- Substantial contributions from our Community members. Our Community Engineering Team has been working with skilled and enthusiastic community members, and together they’ve added hundreds of pull requests to the Magento code base. For more information about our Community Engineering Team. see Magento Community Engineering.
Looking for more information on these new features as well as many others? Check out Magento 2.2 Developer Documentation.
Magento 2.2.0 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.
In general, we’ve removed serialize/unserialize from most the code to improve protection against remote code execution attacks. We’ve enhanced protection of code where use of object serialization or unserialization was unavoidable. Additionally, we’ve increased our use of output escaping to protect against cross-site scripting (XSS) attacks.
Magento 2.2.0 GA includes the following known issues. Fixes for these issues are scheduled for patch releases in the near future.
Issue: This issue affects Magento installations that include multiple store views. If you delete a store view, any product grid filtered to that Store View does not load. If you’ve set your product filter to a store view you’ve deleted, when you open Catalog > Products, Magento displays the following behavior:
- spinner widget spins indefinitely
- error message:
A technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later.
Issue: Errors result when a deleted customer tries to log in or register for new account. When you delete a customer from the Admin panel, a fatal error occurs if someone tries to log in or register using that deleted customer account.
Issue: A mistake entering credit card information during an order for a new customer can cause subsequent errors even after the user has corrected the credit card information.
Issue: Failure to specify a
– base_url during installation when using custom server ports results in unresolved static content. Workaround: You can use the CLI command
config:set web/secure/base_url <base_url> to set the
Issue: The Performance Toolkit does not currently work.