Magento Open Source 2.1.7 Release Notes
- Highlights
- System requirements
- Install the Magento software
- Upgrade from an earlier version
- Migration toolkits
- Credits
Release date: May 31, 2017
Page updated: June 1, 2017
We are pleased to present Magento Open Source (formerly Community Edition) 2.1.7. This release includes critical enhancements to the security of your Magento software.
While there are no confirmed attacks related to these vulnerabilities to date, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. We recommend that you upgrade your existing Magento software to the latest version as soon as possible.
Looking for the Magento Commerce (Cloud) Release Notes?
Highlights
Magento 2.1.7 contains over 15 security enhancements as well as one significant functional enhancement. Look for the following highlights in this release:
-
Resolution of multiple high priority and critical security issues. These critical issues include remote code execution for authenticated Admin users, access control bypass, and cross-site request forgery issues. See Magento 2.0.14 and 2.1.7 Security Patches for a comprehensive discussion of these issues.
-
Reversion of the changes to image resizing that we introduced in 2.1.6. Certain image resizing changes introduced unanticipated problems. We have reverted these changes in this release, and will provide improvements to image resizing in a future product update.
Guidelines for upgrading from 2.1.6 to 2.1.7
| Currently installed Magento version | Upgrade to ... | Additional actions |
|---|---|---|
| 2.1.0 - 2.1.5 | 2.1.7 | none needed |
| 2.1.6 without image resizing hot fix (CE-MAGETWO-67805.patch and EE-MAGETWO-67805.patch) | 2.1.7 | After upgrading, run the bin/magento catalog:images:resize command. |
| 2.1.6 with image resizing hot fix (CE-MAGETWO-67805.patch and EE-MAGETWO-67805.patch) | 2.1.7 |
|
Note: As of June 30, 2017, MasterCard may fine merchants who do not support cards that use their recently expanded range of BIN numbers. Transactions for customers that use cards with these new BINs will fail if your software does not support these new BIN numbers. MasterCard describes the issue here. If you are running Magento 2.1.3 or later, your Magento software already provides support for these new BINs.
System requirements
Our technology stack is built on PHP and MySQL. For more information, see System Requirements.
Install the Magento software
You can get Magento Open Source (formerly Community Edition) 2.1 from Github, Composer, or using a compressed archive.
See one of the following sections for more information:
- Get the Magento Open Source software using Composer
- Get a compressed archive
- Complete the installation
Get the Magento Open Source software using Composer
The Open Source software is available from repo.magento.com. Before getting the Open Source software, familiarize yourself with the Composer metapackage prerequisites, then run
composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=<version> <installation directory name>
where <version> is 2.1.0, 2.1.1, and so on
For example, to install Magento Open Source 2.1.1 in the magento2 directory:
composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.1.1 magento2
Get a compressed archive
The following table discusses where to get the Magento software. We provide the following downloads:
- Magento Open Source software only
- Magento Open Source software with sample data (designed to help you learn Magento faster)
These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.
Archives are available in the following formats: .zip, .tar.bz2, .tar.gz
To get the Magento Open Source software archive:
- Go to http://magento.com/download.
-
Choose either the software or the software and sample data:
Magento-CE-<version>.*(without sample data)Magento-CE-<version>+Samples.*(with sample data)
<version>is the three-digit release number (for example,2.0.7,2.1.0, and so on).
Complete the installation
After you get the Open Source software:
- Set file system ownership and permissions.
-
Install the software:
Upgrade from an earlier version
See the following sections for more information.
Upgrade an existing installation from the GitHub repository
Developers who contribute to the Open Source codebase can upgrade manually from the Magento Open Source GitHub repository.
-
Go to the Contributing Developers page.
-
Follow the instructions to pull the updates from the repository and update using Composer.
Other upgrades
Other types of upgrades are discussed in Upgrade to Magento version 2.1 (June 22, 2016).
Migration toolkits
The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.
The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.
Credits
Dear community members, thank you for your suggestions and bug reports.