Releases v19¶

New Release 19.4.13 and 20.0.10

Placeholder for the change ^{1 2}

• CVE-2021-21426 ³- Fixing a bug in Zend Framework’s Stream HTTP Wrapper
• CVE-2021-21427 ⁴ - Security Update for SQLi for Magento 2 (a backport of CVE-2021-3007 of laminas-http)

New Release 19.4.12 and 20.0.8

Placeholder for the change ^{1 2}

New Release 19.4.11 and 20.0.7

Placeholder for the change ^{1 2}

New Release 19.4.10 and 20.0.6

Placeholder for the change ^{1 2}

• CVE-2020-15244 ³ CMS Editor code execution
• CVE-2020-26285 ⁴ Widget instances allows a hacker to inject an executable file on the server
• CVE-2020-26252 ⁵ Layout XML RCE Vulnerability

New Release 19.4.9 and 20.0.5

Increase composer.json php version range to include 8.0 ^{1 2}

New Release 19.4.8 and 20.0.4

CVE-2020-15244 ³ is our second OpenMage CVE and our first CVE that is wholly independent of Adobe! ^{1 2}

New Release 19.4.7 and 20.0.3

Placeholder for the change ^{1 2}

New Release 19.4.6 and 20.0.2

Our Release Today marks a new and Important Milestone for the OpenMage Project. Not even 2 Months since the end of life for Magento 1, we are now shipping the first Security Patch, which is not included in the official Magento 1 Release.

New Release 19.4.5 and 20.0.1

Merged changes from v19.4.5 ^{1 2}

New Release 19.4.4 and 20.0.0

Include the Magento Patch SUPEE-11346 ^{1 2 3}