Magento Commerce 2.0.16 Release Notes

Patch code and release notes were published on September 14, 2017.

We are pleased to present Magento Commerce (formerly Enterprise Edition) 2.0.16. This release includes almost 40 security fixes and enhancements to your Magento software.

While there are no confirmed attacks related to these vulnerabilities to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento software to the latest version as soon as possible.

Highlights

Magento 2.0.16 contains almost 40 security fixes and enhancements. Look for the following highlights in this release:

  • enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. See Magento 2.0.16 and 2.1.9 Security Patches for a comprehensive discussion of these issues.

  • support for changes to the USPS API that USPS implemented on September 1, 2017

  • change to how Magento displays status updates during upgrade.

Fixed issue

  • We’ve added support for the change to the USPS API that USPS implemented on September 1, 2017. After installing or upgrading to this release, the discontinued First-Class Mail Parcel service will change to First-Class Package Service – Retail. Previously, the USPS First-Class Mail Parcel option was not available after September 1, 2017 on installations running Magento 2.x unless you applied the workaround described here.
  • We’ve changed how Magento displays status updates during a product upgrade. Previously, potentially vulnerable information such as full paths and module names were displayed in the product GUI, potentially exposing this information to a malicious user. Magento now restricts this potentially vulnerable information to logs that are available to administrators only.

System requirements

Our technology stack is built on PHP and MySQL. See System Requirements.

Install the Magento software

See one of the following sections:

Get Magento Commerce using Composer

This software is available from repo.magento.com. Before installing the Magento Commerce software using Composer, familiarize yourself with these prerequisites, then run:

composer create-project --repository-url=https://repo.magento.com/ magento/project-enterprise-edition=<version> <installation directory name>

where <version> matches the version you want (for example, 2.0.10)

For example, to install 2.0.10 in the magento2 directory:

composer create-project --repository-url=https://repo.magento.com/ magento/project-enterprise-edition=2.0.10 magento2

Get Magento Commerce using a compressed archive

The following table discusses where to get the Magento software. We provide the following downloads:

  • Magento Commerce software only
  • Magento Commerce software with sample data (designed to help you learn Magento faster)

These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.

Archives are available in the following formats: .zip, .tar.bz2, .tar.gz

To get the Magento Commerce archive:

  1. Go to your account on magento.com.
  2. Log in with your Magento user name and password.
  3. In the left navigation bar, click Downloads.
  4. In the right pane, click Magento Commerce 2.X > Full Release or Magento Commerce 2.X > Full Release + Sample Data for the software.

  5. Follow the instructions on your screen to complete the Magento Commerce download:

    • Magento-EE-<version>.* (without sample data)
    • Magento-EE-<version>+Samples.* (with sample data)
  6. Transfer the installation package to your development system.

Complete the installation

After you get the Commerce software:

  1. Set file system ownership and permissions.

  2. Install the Magento software:

Upgrade from an earlier version

To upgrade to version 2.0.x from an earlier version:

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

An updated version of this toolkit is typically available several days after the patch release.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Credits

Dear community members, thank you for your suggestions and bug reports.

Edit this page on GitHub
Give us feedback

相关主题:

Magento电商 github source