Magento Open Source 2.2.3 Release Notes

Patch code and release notes published on February 27, 2018.

Release notes updated on March 22, 2018.

We are pleased to present Magento Commerce 2.2.3. This release includes 35 enhancements to product security, a change to the Magento Admin to support recent USPS shipping changes, and a copyright update. And thanks to our community members, it also includes enhancements to ACL control for cache management through Magento Admin.

For security reasons, this release limits the ability to use symlinks for /media and other folders. If you are using symlinks for deployment, or if your /media is using symlinks, you may experience problems uploading or removing images. Magento will announce a fix for this issue when available. See GitHub-13929 for more information.

Highlights

Look for the following highlights in this release:

  • Enhancements that help close cross-site request forgery (CSRF), unauthorized data leaks, and authenticated Admin user remote code execution vulnerabilities. See Magento Security Center for more information.

  • Support for Elasticsearch 5.x. See Install and configure Elasticsearch for more information about using Elasticsearch with Magento. Fix submitted by community member Aurélien Foucret.

  • Change to Magento Admin to support recent USPS shipping changes. On February 23, 2018, USPS removed APIs that support the creation of shipping labels without postage. In response, we’ve removed this functionality from the Magento Admin. Consequently, you cannot create and print shipping labels that do not have postage applied. If you require USPS postage printing capabilities, please visit Magento Shipping to learn more, and explore various shipping extensions on Magento Marketplace.

  • New layers of control for cache management tasks managed through the Magento Admin. This release introduces finer permissions for cache management tasks such as flushing cache storage, flushing the Magento cache, and refreshing cache types. Fix submitted by community member Bartosz Herba.

  • Updated copyright to 2018.

Security enhancements

Magento 2.2.3 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions, so we recommend that you upgrade your Magento software to the latest version as soon as possible.

See Magento Security Center for more information.

System requirements

Our technology stack is built on PHP and MySQL. For details, see Technology stack requirements

For more information, System Requirements.

Installation and upgrade instructions

You can install Magento Open Source 2.2.x using Composer.

Install the Magento software

You can get Magento Open Source (formerly Community Edition) 2.1 from Github, Composer, or using a compressed archive.

See one of the following sections for more information:

Get the Magento Open Source software using Composer

The Open Source software is available from repo.magento.com. Before getting the Open Source software, familiarize yourself with the Composer metapackage prerequisites, then run

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=<version> <installation directory name>

where <version> is 2.1.0, 2.1.1, and so on

For example, to install Magento Open Source 2.1.1 in the magento2 directory:

composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.1.1 magento2

Get a compressed archive

The following table discusses where to get the Magento software. We provide the following downloads:

  • Magento Open Source software only
  • Magento Open Source software with sample data (designed to help you learn Magento faster)

These packages are easy to get and install. You don’t need to use Composer, all you need to do is to upload a package to your Magento server or hosted platform, unpack it, and run the web-based Setup Wizard.

Archives are available in the following formats: .zip, .tar.bz2, .tar.gz

To get the Magento Open Source software archive:

  1. Go to http://magento.com/download.

  2. Choose either the software or the software and sample data:

    • Magento-CE-<version>.* (without sample data)
    • Magento-CE-<version>+Samples.* (with sample data)

    <version> is the three-digit release number (for example, 2.0.7, 2.1.0, and so on).

Complete the installation

After you get the Open Source software:

  1. Set file system ownership and permissions.

  2. Install the software:

Upgrade from an earlier version

See the following sections for more information.

Upgrade an existing installation from the GitHub repository

Developers who contribute to the Open Source codebase can upgrade manually from the Magento Open Source GitHub repository.

  1. Go to the Contributing Developers page.

  2. Follow the instructions to pull the updates from the repository and update using Composer.

Other upgrades

Other types of upgrades are discussed in Upgrade to Magento version 2.1 (June 22, 2016).

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.

Edit this page on GitHub
Give us feedback

相关主题:

Magento电商 github source