Blog¶

New Release 19.4.15 and 20.0.13

With the release of OpenMage 19.4.15 ¹ and 20.0.13 ², the system is now fully compatible with PHP 8.

New Release 19.4.14 and 20.0.12

Placeholder for the change ^{1 2}

New Release 19.4.13 and 20.0.10

Placeholder for the change ^{1 2}

• CVE-2021-21426 ³- Fixing a bug in Zend Framework’s Stream HTTP Wrapper
• CVE-2021-21427 ⁴ - Security Update for SQLi for Magento 2 (a backport of CVE-2021-3007 of laminas-http)

New Release 19.4.12 and 20.0.8

Placeholder for the change ^{1 2}

New Release 19.4.11 and 20.0.7

Placeholder for the change ^{1 2}

New Release 19.4.10 and 20.0.6

Placeholder for the change ^{1 2}

• CVE-2020-15244 ³ CMS Editor code execution
• CVE-2020-26285 ⁴ Widget instances allows a hacker to inject an executable file on the server
• CVE-2020-26252 ⁵ Layout XML RCE Vulnerability

New Release 19.4.9 and 20.0.5

Increase composer.json php version range to include 8.0 ^{1 2}

New Release 19.4.8 and 20.0.4

CVE-2020-15244 ³ is our second OpenMage CVE and our first CVE that is wholly independent of Adobe! ^{1 2}

New Release 19.4.7 and 20.0.3

Placeholder for the change ^{1 2}

New Release 19.4.6 and 20.0.2

Our Release Today marks a new and Important Milestone for the OpenMage Project. Not even 2 Months since the end of life for Magento 1, we are now shipping the first Security Patch, which is not included in the official Magento 1 Release.