Releases: magento/magento-cloud-patches
Releases · magento/magento-cloud-patches
1.0.10
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
Changelog (7 related PRs)
We have included all Magento Open Source 2.x patches from the Magento Technical resources in the magento-cloud-patches v1.0.1 release. If you copied any patches into your project previously, remove them to avoid conflicts.
This release includes the following updates:
- Fix cron deadlocks and improve cron locking–
- Fixes an issue with some cron jobs not running due to an incorrect status value in the cron_schedule table. Now, we use the Magento lock framework to check and update cron job status instead of using the cron_schedule table. Cron jobs that have ended with an error status are retried during the next cron run instead of waiting 24 hours.
- Adds a retry operation to avoid deadlock during updates to the data in the cron_schedule table.
- Updated patches to include all available patches for Magento Open Source 2.x–Updated the magento-cloud-patches package to include all Magento Open Source 2.x patches available on the Magento Download page. If you copied any Magento Open Source patches into your Magento Commerce Cloud project previously, remove them to avoid conflicts.
- Updated patch for Elasticsearch catalog pagination fix –Replaced the Elasticsearch catalog pagination patch delivered in magento-cloud-patches v1.0 with a more effective fix.
- Updated the Magento Page Builder patches–In Magento Cloud Patches 1.0.0, we bundled Page Builder patches to address a known Page Builder remote code execution (RCE) vulnerability, with the initial fix based on Magento 2.3.3. We have updated these patches with a more stable implementation based on Magento 2.3.4, which includes multiple optimizations for fixing the issue. If you have the magento-cloud-patches 1.0.0 package, you are still protected from the Page Builder RCE vulnerability issues. If you update to magento-cloud-patches 1.0.1 or later, you have a better implementation of the same fix.
1.0.0
Changelog (6 related PRs)
Overview—
- The ece-tools
2002.0.22release changes the structure of the ece-tools package to decouple the release of Magento patches from the main ece-tools release. Starting with this release, patches and critical fixes will be delivered using this repository and respective package, which is a new dependency for the ece-tools package. We made these changes to reduce complexity for scheduling release updates and working with community contributions.
Patches and critical fixes—
- Update Cloud environment to use magento-cloud-patches version
1.0.0to apply the following critical fixes:- Page Builder security patches for
2.3.1and2.3.2releases. Fixes an issue in Page Builder preview that allows unauthenticated users to access some templating methods that can be used to trigger arbitrary code execution over the network (RCE). This issue can occur when using unsupported versions of Page Builder with Magento Commerce versions2.3.1and2.3.2. - MSI patches. Fixes issues that caused indexing errors and performance issues when using default inventory settings for managing stock.
- Backward Compatibility of new Mail Interfaces. Fixes a backward incompatibility issue caused by the
Magento\Framework\Mail\EmailMessageInterfacePHP interface introduced in Magento Commerce2.3.3. In the scope of this patch, the newEmailMessageInterfaceinherits from the oldMessageInterface, and Magento Commerce core modules are reverted to depend onMessageInterface. - Catalog pagination does not work on Elasticsearch
6.x. Fixes a critical issue with search result pagination that affects customers using Elasticsearch6.xas the catalog search engine.
- Page Builder security patches for