Magento Open Source 2.3.2 Release Notes

Release notes published on June 25, 2019 and last updated on June 3, 2020.

We are pleased to present Magento Open Source 2.3.2. This release includes over 200 functional fixes to the core product, over 350 pull requests contributed by the community, and over 75 security enhancements. It includes significant contributions from our community members.

Other release information

Although code for these features is bundled with quarterly releases of the Magento core code, several of these projects (for example, Page Builder, Inventory Management, and Progressive Web Applications (PWA) Studio) are also released independently. Bug fixes for these projects are documented in separate, project-specific release information which is available in the documentation for each project.

New security-only patch available

Merchants can now install time-sensitive security fixes without applying the hundreds of functional fixes and enhancements that a full quarterly release (for example, Magento 2.3.3) provides. Patch 2.3.2.2 (Composer package 2.3.2-p2) is a security-only patch that provides fixes for vulnerabilities that have been identified in our previous quarterly release, Magento 2.3.2.

If you have already upgraded to the pre-release version of this patch (2.3.2-p1), we strongly recommend that you upgrade to 2.3.2-p2 as soon as possible.  Patch 2.3.2-p2 contains the critical security fixes that are included in Magento 2.3.3, 2.2.10, 1.9.4.3, and 1.14.4.3, but that are not included in patch 2.3.2-p1.

For general information about security-only patches, see the Magento DevBlog post Introducing the New Security-only Patch Release. For instructions on downloading and applying security-only patches (including patch 2.3.2-p1), see Install Magento using Composer.

Apply updated hot fix for CVE-2019-8118

The patch addresses an issue with CVE-2019-8118 that was included in Magento 2.3.3 and 2.2.10. While the original fix for that bug stopped the logging of failed login attempts, information collected prior to updating to these current versions may still exist, and previous, unpatched versions of Magento may still have this issue. This hotfix includes both a patch (first released in Oct 2019) that stops the logging of failed login attempts and a new script that clears the login attempts that were previously collected. We recommend that all merchants download and apply this patch and download and run the clean-up script. See Remove failed login attempts from the database for information on how to download and run the patch and clean-up script.

Apply patch PRODSECBUG-2233 to address critical remote code execution vulnerability (RCE)

An unauthenticated cross-site scripting vulnerability combined with an authenticated Phar deserialization vulnerability has left this version of Magento Open Source open to serious exploit. An attacker can use these vulnerabilities to inject JavaScript into the Magento Admin, and subsequently launch malicious code in a store user’s browser. We strongly recommend that all users of the affected versions of Magento download and apply the appropriate patch as soon as possible. This issue is discussed in the xxx blog post. Patches are available from the Magento Download page. Locate the patch by the name. We provide Git-based and Composer-based patches.

Apply the Scope parameter for Async/Bulk API patch to address an issue with the Async/Bulk REST API

In certain versions of Magento Open Source and Magento Commerce, the Asynchronous and Bulk REST endpoints support the default store view scope only. After this patch is applied to deployments running those versions of Magento, the current Magento message queue implementation will factor in the store that executes queue operations. See Patch for Magento Framework Message Queue and Store Scopes for a full discussion of this scope-related issue and patch contents. See Applying patches for specific instructions on downloading and applying Magento patches. Navigate to the Magento Security Center, and select the patch associated with the version of Magento you are running.

Highlights

Look for the following highlights in this release:

Substantial security enhancements

This release is focused on substantial security enhancements:

  • 75 security enhancements that help close cross-site scripting (XSS), remote code execution (RCE), and sensitive data disclosure vulnerabilities as well as other security issues. No confirmed attacks related to these issues have occurred to date. However, certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions. See Magento Security Center for a comprehensive discussion of these issues. All known exploitable security issues fixed in this release (2.3.2) have been ported to 2.2.9, 2.1.18, 1.14.4.2, and 1.9.4.2, as appropriate.

  • Google reCAPTCHA module for PayPal Payflow checkout. The new PaypalRecaptcha module adds Google reCAPTCHA and CAPTCHA to the Payflow Pro checkout form. This enhanced functionality has been added in response to malicious targeting of Magento deployments that implement Payflow Pro. Configuration information can be found in Google reCAPTCHA.

Starting with the release of Magento Commerce 2.3.2, Magento will assign and publish indexed Common Vulnerabilities and Exposures (CVE) numbers with each security bug reported to us by external parties. This will allows users of Magento Commerce to more easily identify unaddressed vulnerabilities in their deployment.

Performance boosts

  • Significant improvement to storefront page response time. The page response times for the catalog, search, and advanced search pages have been significantly improved under high load.

  • Improved concurrent access to block cache storage. We have optimized the logic of concurrent access to the block cache, which has improved the response of storefront pages under high load by approximately 20%.

  • Product page gallery load optimization. Product images are now loaded as quickly as other page content. In previous releases, although the product page loaded quickly, product images needed two to four additional seconds to load completely.

  • Improved page rendering through deferred loading and parsing of storefront JavaScript. All non-critical JavaScript code has been relocated to the bottom of storefront pages, which speeds up page rendering and allows users to see the complete page sooner while nonessential elements remain inactive. To enable this performance enhancement, you must navigate to Stores > Configuration > Developer > JavaScript Settings and enable the Move JS code to the bottom of the page option.

Infrastructure improvements

This release contains 130 enhancements to core quality, which improve the quality of the Framework and these modules: Catalog, Sales, Checkout/One Page Checkout,  UrlRewrite, Customer/Customers, and UI. Here are some additional core enhancements:

  • Braintree payment method is now supported for checkout with multiple addresses. Previously, you could not use Braintree and Braintree PayPal when checking out an order that was being shipped to multiple addresses.

  • The CGI URL gateway in UPS module has been updated from HTTP to HTTPS. The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for information about using the UPS shipment method. Shipping method configuration settings are described in Shipping methods.

  • Google chart API updated to the Image-Charts. Magento now uses the Image-Charts free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019.

Merchant tool enhancements

Magento now performs the following tasks as asynchronous background processes and sends system messages to alert Admin users when tasks complete. Moving these common administrative tasks to the background frees administrators to work on other tasks while the initial tasks are processing.

  • Mass editing of products.
  • Data export. Previously, connection timeouts occurred during export of large data sets (for example, the export of 200,000 products). See Export for more information.

Vendor-developed extension enhancements

This release of Magento includes extensions developed by third-party vendors.

Amazon Pay

Amazon Pay is now compliant with the PSD2 directive for UK and Germany. See Payment services (PSD 2) - Directive (EU) for an introduction to PSD2.

Fixed issues

We’ve fixed hundreds of issues in the Magento 2.3.2 core code.

Installation, upgrade, deployment

  • configFactory scope and scope_code values are now passed to configFactory as data arrays. Fix submitted by ochnygosch in pull request 22012. GitHub-21993
  • Magento now renders the value of configuration variables (such as ``) as they are entered in configuration files rather than saving the resolved value. Previously, Magento resolved the variable to its actual value, which lead to the overwriting the value in the database when the configuration was saved instead of storing the value in the variable. Fix submitted by Pieter Hoste in pull request 18067. GitHub-15972
  • Magento no longer throws an error when you use app:config:import to import configuration settings. Previously, the import failed, and Magento threw the following error even when the imported file contained only minor changes to password or URL values: Please specify the admin custom URL. Fix submitted by David Alger in pull request 22281. GitHub-15090
  • Magento no longer throws an error when executing bin/magento setup:static-content:deploy in parallel mode if theme or locale deployment takes more than 400 seconds. Previously, Magento threw the following error under these conditions: 2436; Status: 0.
  • Magento no longer throws an error during catalog set up when you run bin/magento setup:upgrade. Previously, set up failed, and Magento threw the following error even though no problems existed with your catalog, Magento\Catalog\Setup\Media does not exist. Fix submitted by Pieter Hoste in pull request 22446. GitHub-22124
  • All fields are now hidden with appropriate dependencies as assigned in the backup configuration settings. Fix submitted by Keyur Kanani in pull request 22475. GitHub-22474
  • Updated the email template stylesheet for the Magento default and Luma themes to correctly specify the .no-link selector. This update fixes the following less compilation error that displayed when compiling the email-inline.less file using less.js compiler v2.73: extend ' .no-link a' has no matches. Fix submitted by Pieter Hoste in pull request 22332. GitHub-22330

Backend

  • The State/Province field is no longer marked as mandatory in the Admin customer address form. Previously, this field was always marked by an asterisk, even when the field was not required.
  • The icon that identifies a dropdown menu throughout the product interface now reflects the changing state of the dropdown menu’s status (expanded or collapsed). Fix submitted by Eduard Chitoraga in pull request 21197. GitHub-21196
  • Form fields of type multi-line now work as expected on Admin forms. Fix submitted by Vivek Kumar in pull request 20371. GitHub-8086, GitHub-18115
  • Fixed display of Option Title label on Catalog > Product > Customizable Options > Add Option. Fix submitted by Arvinda Kumar in pull request 20339. GitHub-20337
  • Magento now displays the correct date in the Admin for scheduled design changes. Previously, Magento displayed the current date instead of the scheduled date on Content > Design > Schedule. Fix submitted by Shikha Mishra in pull request 21443. GitHub-21425
  • Fixed alignment of the Marketing > Cart Price Rules > Store View Specific labels on the Admin. Fix submitted by Kajal Solanki in pull request 19637. GitHub-19632
  • The Change Status option of the mass actions dropdown menu (available on the products and sales pages) now works as expected. Fix submitted by Ananth Iyer in pull request 20938. GitHub-20928
  • The option type dropdown on the Admin Customizable Options page now works as expected. Fix submitted by Oleksandr Miroshnichenko in pull request 21371. GitHub-20989
  • The JavaScript minify field on Stores > Configuration > Advanced > Developer is now disabled as expected. Fix submitted by Ananth Iyer in pull request 21444. GitHub-21384
  • Magento retains the filter settings you enter on the Admin > System > Permissions > All Users list when you click on an item in the filtered list, then return to the list. Previously, if you navigated away from the list and then returned, all filter parameters were lost. Fix submitted by Jay Ghosh in pull request 22128. GitHub-21824
  • The web setup wizard now uses the correct base path to check if the setup folder exists. Previously, the wizard checked base/data/web/magento2/pubsetup instead of /data/web/magento2/pub/setup. Fix submitted by Jeroen in pull request 20182. GitHub-7623, GitHub-11892
  • Magento now redirects to you the Admin home page or a 404 page as expected when you try to access a nonexisting Admin page and Stores > Configuration > Advanced > Admin > Security > Add Secret Key to URLs is enabled. Previously, redirects did not work properly, and Magento displayed the following message: The page isn’t redirecting properly. Fix submitted by Jitheesh in pull request 21455. GitHub-21454

Back up

  • Magento now creates the var/.maintenance.flag file as expected when you start a database backup (System > Tools > Backups > Database Backup). Previously, Magento did not create this file, but instead displayed the following error: Error: You need more permissions to activate maintenance mode right now. To create the backup, please deselect "Put store into maintenance mode" or update your permissions. Fix submitted by Hiren Pandya in pull request 19993. GitHub-19825

Bundle

  • Magento now calculates and displays the correct tier price for bundle products. Fix submitted by Adarsh Khatri in pull request 21469. GitHub-21467
  • Tier pricing for bundle products now works as expected: Magento displays the correct price in the cart, and reminds customers that they can buy a specific quantity of the product for a discount. Previously, Magento did not calculate the price correctly and did not display any informative messages about tier pricing on the category and product pages.

Cache

  • CMS block cache keys now contain the appropriate store ID in deployments with multiple store views. Previously, Magento always loaded the cached version of the block for the first store view. Fix submitted by Marius Strajeru in pull request 22302. GitHub-22299

Cart and checkout

  • Magento now correctly updates the mini cart if a selected product is disabled during the shopping session.
  • Magento now persists the shipping quote in the shopping cart for guest customers when Persistent Shopping Cart is enabled.
  • Magento now persists customer-related values after a guest customer converts her account to a customer account after checkout. Previously, Magento saved these customer-related values as null during account creation after checkout. Fix submitted by Nazar Klovanych in pull request 19191. GitHub-19166
  • Guests can now complete checkout when a custom shipping carrier with underscores in the carrier code is used. Previously, Magento threw the following exception under these conditions: Please specify a shipping method. Fix submitted by vovsky in pull request 19505. GitHub-5021
  • Fixed alignment of the Update button on the payment page of the checkout workflow. Fix submitted by Govind Sharma in pull request 20307. GitHub-20305
  • Magento no longer displays the infinite loading indicator when you proceed to check out. Previously, Magento displayed the loading indicator, and threw the following JavaScript error: Cannot read property 'quoteData' of undefined. Fix submitted by Ihor Sviziev in pull request 18503. GitHub-14412
  • Magento now displays an error message as expected when a customer clicks on Add to cart without selecting at least one product from the recently ordered product list. Fix submitted by Prince Patel in pull request 21401. GitHub-21398
  • The Cancel button on the checkout page now works as expected. Fix submitted by Jitheesh V O in pull request 21356. GitHub-21327
  • Magento no longer runs UpdateItemQty validation before a Clear Shopping Cart action is triggered. Previously, due to the timing of this validation, you could not empty the shopping cart if any product in the cart was out-of-stock. Fix submitted by Wojtek Naruniec in pull request 21295. GitHub-21294
  • Magento now uses the value of the default billing address attribute as expected during checkout. GitHub-8777
  • Magento now validates the shipping information section of checkout as expected. Previously, a customer could proceed to the Payment Details section of checkout without having added valid shipping details. Fix submitted by Nirav Patel in pull request 22405. GitHub-21596
  • The label elements on the checkout address input fields are now readable by screen readers. Previously, the address input fields did not have a label element with a valid value, which prevented screen readers from reading the values. Fix submitted by Scott Buchanan in pull request 21484. GitHub-10893
  • New downloadable products now show up in a customer’s My Downloadable products list after a customer who completed a purchase as a guest then creates an account. Fix submitted by Jitheesh V O in pull request 21711. GitHub-21702
  • The checkout page now provides the ability to search addresses instead of listing addresses only on the Select shipping and Billing address steps. This new search feature can substantially increase checkout performance for customers with thousands of addresses. It is disabled by default and must be enabled from the Admin. See Checkout.

Cart Price rules

  • Magento now displays the Cart Price Rule code on an order details Admin page if free shipping applies. Previously, Magento did not display information about the Sales rule or why shipping was free.

Catalog

  • You can now use the term configurable as a group name in attribute sets. Previously, Magento threw an error when you used this term as a group name and subsequently tried to add or edit a product. GitHub-6123
  • Product search results now display the correct special price as set by a scheduled update. Previously, search results displayed the original special price, not the price set by the scheduled update. This fix can degrade performance in deployments that implement flat catalogs. To avoid this potential performance degradation, consider disabling flat catalogs.
  • Clicking on a store’s root category now causes only that root category to expand. Previously, Magento expanded all other Root Categories into the top-level categories.
  • Magento now maintains correct pagination when a Catalog list has multiple pages of products. Previously, users were redirected to the first page (instead of the correct page) after navigating to a product from the list and saving it.
  • We have improved the performance of the grouped product detail pages and category pages that contain a large number of grouped products.
  • You can now use storeview-level attributes to filter products on the products list.
  • Magento does not display the Country of Manufacture field under the More Information tab of the product page when this value is empty.
  • A product’s product:price:amount metatag now contains the price converted to the appropriate base currency in multistore deployments with stores using different base currencies. Previously, the price in this metatag was always calculated in the base currency. Fix submitted by Milind Singh in pull request 20011. GitHub-20010
  • Magento now correctly calculates multi-currency custom option prices when the option price type is percentage. Previously, when the multi-currency custom option was set to a percentage price type, Magento calculated the price incorrectly. Fix submitted by Emipro Technologies Pvt Ltd in pull request 19608. GitHub-19561
  • The product_types_base.xsd, product_options.xsd, import.xsd, export.xsd files now allow modules with names that contain numbers. Fix submitted by Lisovyi Yevhenii in pull request 20617. GitHub-14882
  • Magento no longer adds tax twice when adding a new product with tier pricing. Previously, MinimalTierPriceCalculator applied the tax twice when calculating the minimal price. Fix submitted by Jitheesh V O in pull request 21395. GitHub-21383
  • The Admin product grid now displays default values when no filter is set. Fix submitted by Eduard Chitoraga in pull request 21363. GitHub-13338
  • The Magento implementation of the CategoryManagementInterface::getTree($rootCategoryId) now provides a tree that is populated with children instead of an empty array. Fix submitted by Patrick McLain in pull request 18705. GitHub-17297
  • Magento no longer empties the shopping cart when you click Enter after changing a product’s quantity. Fix submitted by Leandro F. L. in pull request 21509. GitHub-21499
  • Fixed issue with excessive white space on the related, cross sell and upsell product grids. Fix submitted by Amol Chaudhari in pull request 21582. GitHub-21541
  • You can now sort the Admin product list by website. Fix submitted by Ievgenii Gryshkun in pull request 20512. GitHub-20511
  • Magento now creates unique values for product attributes as expected when you duplicate a product. Previously, Magento duplicated a product, but both products had the same attribute values.
  • During product creation, Magento now displays default attribute values from the Admin column on the Manage Options (Values of Your Attribute) window when creating options. Previously, Magento displayed options from the default storeview. GitHub-6507
  • You can now add an out-of-stock item to a product comparison. Previously, Magento displayed a success message, but did not add the item to the comparison. GitHub-21518
  • The catalog product flat data table for a store view is now populated with data from the specified store view as expected. Previously, this table was populated with data from the default store view. Fix submitted by Oleg Volkov in pull request 22318. GitHub-21747
  • Magento now applies the correct tier price for a product after a customer who is assigned to a customer group logs in after first adding items to their cart as a guest. Previously, Magento did not apply the tier price after the customer logged in.
  • The product_type attribute now contains the correct value in the CVS file that is created during export after you create a custom type_id attribute. Fix submitted by Govind Sharma in pull request 20115. GitHub-19891
  • Magento now increments product quantity correctly when you add products to your cart first as a guest user, and then logged in. Previously, Magento added items separately instead. Fix submitted by Jitheesh V O in pull request 21501. GitHub-21375
  • Meta Keywords and Meta Description are now defined as textarea throughout product forms. Fix submitted by Amit Vishvakarma in pull request 20556. GitHub-20555
  • Magento now saves customizable option price input on the store-view level when Catalog Price Scope is set to Global. Previously, customizable option prices were not saved on the store-view level when Catalog Price Scope was to Global.
  • We have modified the required permissions for updating the design fieldset of categories, products, and CMS pages:

    • Existing roles that have save permission for these entities can save everything.

    • New roles will need to be granted permission to edit design manually.

    If you do not have permission to edit the design fieldset or use web API endpoints to update a category, Magento does not save your changes and the design properties remain unchanged

  • When you configure a price rule for configurable products with swatches, Magento now a shows the special price for products that match the price rule. Previously, Magento displayed both the old price and the special price for the matching configurable products. Fix submitted by Sarfaraz Bheda in pull request 19376. GitHub-19276

CatalogInventory

  • We have fixed the wrong proxy resourceStock argument for the \Magento\CatalogInventory\Observer\UpdateItemsStockUponConfigChangeObserver in di.xml. (Specifically, <argument name="resourceStock" xsi:type="object">Magento\CatalogInventory\Model\ResourceModel\Stock\Proxy</argument> has been changed to <argument name="resourceStockItem" xsi:type="object">Magento\CatalogInventory\Model\ResourceModel\Stock\Item\Proxy</argument>.) Fix submitted by Vitaliy in pull request 21731. GitHub-167

Catalog URL rewrite

  • URL rewrites are no longer overwritten in multisite deployments. Fix submitted by Anshu Mishra in pull request 21462. GitHub-21329

Cleanup and simple code refactoring

  • Corrected overlapping Rating field and Add to cart button on the cart page. Fix submitted by Kajal Solanki in pull request 21178. GitHub-21177
  • Corrected length of the customer login page input field in tablet view. Fix submitted by Nainesh Waghale in pull request 20173. GitHub-20172
  • Fixed misalignment of the checkbox in the fields enclosure on Admin > System > Export. Fix submitted by suryakant-krish in pull request 19631. GitHub-19630
  • Corrected misalignment of the products in category checkboxes on the Admin catalog categories page. Fix submitted by Priti in pull request 21022. GitHub-21021
  • Corrected misalignment of the order item details label in mobile view. Fix submitted by Priti in pull request 20466. GitHub-20299
  • Corrected misalignment of page elements on the Admin product reorder page. Fix submitted by Arvinda Kumar in pull request 21009. GitHub-20919
  • You can now open a product’s details page from the compare products side bar. Fix submitted by Eduard Chitoraga in pull request 21102. GitHub-21101
  • Added padding to the shippingAddress telephone tool tip on the shipping page of checkout. Fix submitted by Abrar Pathan in pull request 20839. GitHub-20838
  • Corrected misalignment of product prices in the order summary block of the checkout page in tablet view. Fix submitted by Dipti in pull request 20856. GitHub-20855
  • Corrected size of the pagination drop-down on Admin > Content > Blocks. Fix submitted by Pratik Oza in pull request 21298. GitHub-21296
  • Corrected a tabbing issue on the product page. Fix submitted by Prakash Gunthe in pull request 21079. GitHub-21077
  • Corrected alignment of page elements on the Recent Orders section of the My Accounts page in mobile view. Fix submitted by Nainesh Waghale in pull request 20429. GitHub-20414
  • Corrected formatting of the Advance Search link in page footers. Fix submitted by Amol Chaudhari in pull request 21611. GitHub-20809
  • Corrected alignment of the minicart search logo. Fix submitted by Amol Chaudhari in pull request 21638. GitHub-20905
  • Added missing asterisk adjacent to the Checkout Agreements checkbox. Fix submitted by Karla Saaremäe in pull request 21649. GitHub-21648
  • Removed unneccessary white space between li tags in the product table. Fix submitted by Akhilesh Singh Shrinet in pull request 21948. GitHub-21244, GitHub-20140
  • The documentation for Travis CI static tests has been improved. Fix submitted by Francesco Haymar d’Ettory in pull request 18386. GitHub-13951
  • Corrected typos on the Admin sales shipment and credit memo pages. Fix submitted by Vishal Sutariya in pull request 22031. GitHub-22030
  • The Equalize product count operation in Layered Navigation now works as expected. Fix submitted by Nazar Klovanych in pull request 21968. GitHub-6715
  • Corrected misalignment of page elements on the popup window that Magento displays when you edit an order that contains a downloadable product when Links can be purchased separately is enabled. Fix submitted by Ansari in pull request 22298. GitHub-20917
  • Fixed misalignment of the shipping method block on Order pages that are accessed through Sales > Orders. Fix submitted by Vishal Sutariya in pull request 21963. GitHub-21962
  • In the Conditions section of the New Cart Price Rule page in the Admin, the dropdown arrow in the _If ALL of these conditions are TRUE _ field now points in the correct direction. Fix submitted by Hiren Pandya in pull request 22456. GitHub-20366

Configurable products

  • Magento no longer describes a configurable product as in-stock in the product list when the product is set to out-of-stock.
  • Corrected the position of the labels in the configurable product variations table. Fix submitted by Burlacu Vasilii in pull request 20528. GitHub-20527
  • Configurable products can no longer be added as a variation of another configurable product in the Admin.
  • The configurable product page’s attribute dropdown menu shows an accurate price and tax is rendered correctly in the final price at the top of the page. Previously, configurable products that had only one configurable attribute displayed a price increase in the dropdown of the tax amount. This affected stores when prices were entered excluding tax and configurable products with only one configurable attribute. Fix submitted by Daniel Farmer in pull request 22466. GitHub-22270
  • Configurable products can now be successfully updated through the bulk API (specifically, this API endpoint: rest/async/bulk/V1/configurable-products/bySku/child). Fix submitted by Pedro Sousa in pull request 21083. GitHub-20366

cron

  • Added support for Zookeeper and flock lock providers. We have also added new options to configure locks during installation:

    • --lock-provider=LOCK-PROVIDER—Lock provider name

    • --lock-db-prefix=LOCK-DB-PREFIX—Installation specific lock prefix to avoid lock conflicts

    • --lock-zookeeper-host=LOCK-ZOOKEEPER-HOST —Host and port to connect to Zookeeper cluster. For example, 127.0.0.1:2181

    • --lock-zookeeper-path=LOCK-ZOOKEEPER-PATH— The path where Zookeeper will save locks. The default path is /magento/locks

    • --lock-file-path=LOCK-FILE-PATH—The path where file locks will be saved.

    See Install.

Customers

  • Magento no longer empties your shopping cart after you have reset your password. Previously, if you added items to your shopping cart using a guest account, then logged in and reset your password, Magento emptied your cart. GitHub-14530
  • Magento now saves dates that are associated with custom customer attributes of type date. Previously, Magento did not save these dates, but displayed the following message: Please enter a valid date.
  • The Customer Name Prefix on the customer configuration page no longer displays extraneous white space when an extra separator is added. Fix submitted by Shikha Mishra in pull request 20896. GitHub-17861
  • Fixed a horizontal scrolling issue that affected the address book display in mobile view. Fix submitted by Pratik Oza in pull request 21272. GitHub-21271
  • The default sort order setting for the shopping cart and customer orders page is now by create date in descending order. Fix submitted by Jitheesh V O in pull request 21498. GitHub-21493
  • The customer login block (defined as Magento\Customer\Block\Form\Login) no longer sets the page title. Fix submitted by Lisovyi Yevhenii in pull request 20583. GitHub-13982
  • An admin user with full permissions for all website scopes can now see any country listed in the Countries column or filter in the Customers list. Previously, if one of the website scopes did not allow a country, an admin with full permission could not see it.
  • Magento no longer applies the default customer group settings to customers that have already been assigned to another group.
  • Customer groups can now be successfully reassigned during order creation in the Admin.
  • Customer accounts are now confirmed when a customer clicks the email activation link. Previously, Magento confirmed the customer account even when the customer did not click on the email activation link. Fix submitted by Shikha Mishra in pull request 22147. GitHub-22052

Dashboard

  • Magento no longer throws a 404 error when you click the Most viewed products on the Admin dashboard. Fix submitted by Vishal Sutariya in pull request 22002. GitHub-22001

Downloadable

  • Product prices are no longer duplicated on the Downloadable products page. Fix submitted by Govinda Sharma in pull request 20239. GitHub-20187
  • Sales rule validation has been refactored to eliminate a leak in the salesrule collection. Previously, a poorly constructed SQL query resulted in poor performance. Fix submitted by Govind Sharma in pull request 20239. GitHub-20187
  • You can now successfully change the sample file for an existing downloadable product. Previously, when you tried to change this sample file, Magento did not save the new file, and did not display an error message. Fix submitted by Ravi Chandra in pull request 19806. GitHub-6272
  • A logged-in user’s My Downloads page now displays links to the relevant downloadable products when Order Item Status to Enable Downloads is set to Pending. Previously, Magento displayed only the names of the pending products, and no links for downloadable products were displayed. Fix submitted by James in pull request 22073. GitHub-21753
  • Added missing sort order to columns on Downloadable Product links page. Fix submitted by Mahesh Singh in pull request 21279. GitHub-21278

EAV

  • Attribute code validation (specifically, maximum characters allowed) has been improved during attribute creation. Fix submitted by Eduard Chitoraga in pull request 20526. GitHub-20766, GitHub-20943
  • Initialization has been added to two class variables that can be returned by class methods as parameters of type array. Without this initialization, both variables are returned as null, which can cause Magento to throw an Invalid argument supplied for foreach() warning. Fix submitted by Wojtek Naruniec in pull request 21135. GitHub-21134
  • The \Magento\Eav\Model\Entity\Collection\AbstractCollection::importFromArray() method now returns a usable collection. Previously, the _isCollectionLoaded property was false, and every interaction threw an exception. Fix submitted by Lorenzo Stramaccia in pull request 21869. GitHub-21868
  • You can now retrieve product attribute values for store-view scope types in the product collection that is loaded for a specific store. Fix submitted by Shikha Mishra in pull request 20071. GitHub-18374
  • You can now programmmatically upload an image for the customer attribute. Previously, Magento threw the following error: error: Base64 is not defined. Fix submitted by Nazar Klovanych in pull request 19988. GitHub-19983
  • Scope assigned to prices in Catalog Price Scope (set in Configuration > Price) are now maintained when price is set to empty. Previously, you could not leave leave special prices empty.
  • Added an is_array parameter value check to the getOptionText($value) function in app/code/Magento/Eav/Model/Entity/Attribute/Source/AbstractSource.php to fix an error that caused Magento to throw a UI error when you make the _quantity_and_stock_status (Qty)_ product attribute visible in the storefront properties. Previously, the getOptionText($value) function expected integer or string input and failed because the quantity_and_stock_status (Qty) configuration parameters were passed as an array.` Fix submitted by Aditi Singh in pull request 20001. GitHub-13612

Email

  • Magento no longer sends via asynchronous email sending any sales-related emails that were created when email sending was disabled once email sending is enabled. Fix submitted by Serhiy Zhovnir in pull request 21788. GitHub-21786
  • The Insert variable popup window that is accessed from the Email Template Information window is now populated as expected. Fix submitted by Bartłomiej Szubert in pull request 22469. GitHub-20111

Frameworks

  • The performance of product image loading has been significantly improved. GitHub-14667
  • You can now successfully download a downloadable product by clicking the link to the product in your downloadable products list. Previously, when you clicked this link, the page did not open correctly, and Magento threw the following error: Something went wrong while getting the requested content. Fix submitted by Shikha Mishra in pull request 19996. GitHub-18944
  • Added the as attribute to linkType in lib/internal/Magento/Framework/View/Layout/etc/head.xsd with three possible options: style, script, and font. Fix submitted by Burlacu Vasilii in pull request 20495. GitHub-18347
  • Corrected misalignment of the Admin success message icon. Fix submitted by Kajal Solanki in pull request 21069. GitHub-19328
  • The use of the SessionManagerInterface class has replaced the direct use of SessionManager. Fix submitted by Jaimin Sutariya in pull request 19274. GitHub-19359
  • The module ranking in the app/etc/config now remains consistent when a new module is added without any other changes. Previously, a module addition affected the module ranking, which resulted in multiple unnecessary conflicts. Fix submitted by Alexandre Jardin in pull request 21020. GitHub-8479
  • Magento now logs exceptions during autoloading instead of throwing them. This conforms with PSR-4 guidelines. Fix submitted by Vinai Kopp in pull request 20950. GitHub-20773
  • Running the php bin/magento setup:upgrade command on modules that have a db_schema.xml without an indexType now creates the index, and subsequent runs result in no modifications as expected. Previously, running this command multiple times resulted in index creation followed by an error. Fix submitted by Milind Singh in pull request 21328. GitHub-21322

Cache framework

  • The purge cache feature in \Magento\CacheInvalidate\Model\PurgeCache::sendPurgeRequest has been updated to flush the cache on all hosts even when a Varnish servers is offline. Magento also displays a warning message about unresponsive cache hosts. Previously, the bin/magento cache:flush full_page operation stopped as soon as it encountered a host that was offline. Fix submitted by Wiard van Rij in pull request 18852. GitHub-18056

JavaScript framework

  • JavaScript validation on UI form components now works as expected. Previously, adding the validate-per-page-value-list validation rule resulted in a failure for every non-empty value in the field to which it as applied. Fix submitted by Roman Kis in pull request 21776. GitHub-21734

General fixes

  • The Sodium crypto adapter now consistently returns a string in accordance with the strict return type on its signature. Previously, the adapter sometimes did not return a string, which resulted in exceptions and a failure to bootstrap Magento. GitHub-19590
  • Watermarks now appear on product images as expected. Fix submitted by Yevhenii Dumskyi in pull request 21338. GitHub-21154
  • You can now use a period (.) for inline CMS content edits. Previously, if you included a period (.) in your edits, Magento displayed this error: There are 1 messages requires your attention. Please make corrections to the errors in the table below and re-submit. Fix submitted by Nirav Patel in pull request 21376. GitHub-21374
  • The pagination count of My Account > My addresses > Additional Address Data Table is now correct. Fix submitted by Dharmesh Vaja in pull request 21399. GitHub-21396
  • fatalErrorHandler now returns 500 only on fatal errors. Previously, simple deprecation warnings on the page triggered an internal server error, which was invalid. Fix submitted by WEXO team in pull request 22200. GitHub-22199
  • CodeSniffer no longer marks correctly aligned DocBlock elements as code style violations. Fix submitted by p-bystritsky in pull request 22321. GitHub-22317
  • The Adminhtml textarea field now accepts the maxlength attribute. Fix submitted by Roman Kis in pull request 21816. GitHub-21779
  • The Reporting Security Issues section of the [Magento 2 README file] (https://github.com/magento/magento2/blob/2.3-develop/README.md) has been updated to reflect the use of HackerOne for the Magento 2 Bug Bounty program. Fix submitted by Andreas Mautz in pull request 22195. GitHub-22166
  • You can now save an inactive admin user token by navigating to System > Permissions > All Users, and clicking Save User on an inactive Admin user. Previously, if you tried to save an inactive Admin user token fom the Admin this way, Magento did not save the token, but threw an error. Fix submitted by Pratik Oza in pull request 20772. GitHub-16513
  • The missing $msrpPriceCalculators argument for Magento\Msrp\Pricing\MsrpPriceCalculator has been added. Previously, Magento threw an MsrpPriceCalculator exception after an upgrade. Fix submitted by Leandro F. L. in pull request 22197. GitHub-22190, GitHub-22090
  • stream_wrapper_unregister('phar') in app/boostrap.php is now unregistered only when appropriate. Previously, calling stream_wrapper_unregister('phar') without checking to see if it were registered triggered a warning. Fix submitted by Antoine Daudenthun in pull request 22171. GitHub-22190, GitHub-21973
  • The sitemap generation cron job no longer flushes the entire cache. A dummy cache tag has been added to the frontend for sitemap and robots generation to prevent the default and page_cache from being dropped completely. Previously, the sitemap generation cron job flushed the entire cache. Fix submitted by David Führ in pull request 20818. GitHub-14857
  • Magento now sets an accurate CURRENT_TIMESTAMP on updated_at fields in the database schema. Previously, this timestamp displayed 0000-00-00 00:00:00. Fix submitted by Danny Verkade in pull request 21486. GitHub-21477
  • grunt watch no longer triggers livereload twice. Fix submitted by Torben Höhn in pull request 22276. GitHub-19544
  • You can now duplicate a product with translated URL keys over multiple storeviews without generating non-unique keys. Previously, when a product was duplicated, only one URL key was used and set for all store views. Fix submitted by Vechirko Yurii in pull request 22178. GitHub-21737

Google Analytics

  • Google Analytics Anonymize Ip no longer always set to on. Fix submitted by Nazar Klovanych in pull request 21303. GitHub-21292

Google Chart API

  • The Google chart API has been updated to the Image-Charts. Magento now uses the Image-Charts free service to render static charts in Admin dashboards. Earlier deployments used Google Image Charts, which was deprecated in 2012 and turned off on March 18, 2019. GitHub-21599

Import/export

  • Magento now imports existing products that have a price change and unchanged url-key with no unnecessary updates. Previously, the product’s price was updated as expected, but its unchanged url-key was deleted.
  • Magento now displays informative messages when you create a new product and try to set its SKU to one that is assigned to an existing product. Previously, under these circumstances, Magento displayed an informative message, but also imported the newly created product’s configurable options to the older product. GitHub-9457
  • The import process replace method now works as expected. Fix submitted by Denys Saltanakhmedov in pull request 21189. GitHub-18761
  • The import process now imports product quantity as expected. Fix submitted by Nazar Klovanych in pull request 22382. GitHub-22355
  • Custom import adapters now validate CSV files as expected if column and data are available. Previously, the CSV file was not validated, and Magento threw the following error: Notice: Undefined index: sku in /var/www/html/hamtc/vendor/magento/module-import-export/Model/Import/Entity/AbstractEntity.php on line 411. Fix submitted by Jaimin Sutariya in pull request 19765. GitHub-19761
  • The _coreConfig field in Magento/ImportExport/Model/Import is no longer declared dynamically. Fix submitted by Roman Kis in pull request 21999. GitHub-21998
  • Tooltip styles now use the appropriate variables for mobile view. Fix submitted by Nazar Klovanych in pull request 22382. GitHub-22246
  • Magento now displays the correct import status data for an import that is created using System > Import > Advanced Pricing > Add/Update. Fix submitted by Denys Saltanakhmedov in pull request 21476. GitHub-21192
  • The store_view_code column now contains data from the chosen product store. Previously, Magento did not populate the store_view_code column. Fix submitted by Valant13 in pull request 19395. GitHub-17784, GitHub-19786

Index

  • You can now access a list of Admin indexers after creating a custom index. Previously, when you tried to access the Admin’s indexer list, Magento threw a fatal error. Fix submitted by Cristiano Casciotti in pull request 21575. GitHub-21510
  • Magento now validates CSV files that are created by custom adapters when you click Check Data if column and data are available. Previously, Magento threw an error. Fix submitted by Jaimin Sutariya in pull request 19765. GitHub-19761

Infrastructure

  • The default behavior of view models has changed in this release. Instances of view models are now shared by default. As a result, you must add the attribute shared="false" on the argument node of the layout.xml file if you want a new instance of a view model.
  • The FrontController now explicitly requires actions to specify if they respond to HEAD requests. HEAD action mapping has also been changed to the GET action interface, which results in HEAD requests returning 200 instead of 404. Fix submitted by Matti Vapa in pull request 21378. GitHub-21299
  • Logic has been removed from the constructor of Magento\Sales\Model\Order\Address\Validator. Previously, installation of the product could fail if this class was injected in the constructor through a command in a custom module when this class contined logic. Fix submitted by Bartłomiej Szubert in pull request 21693. GitHub-21692, GitHub-21752
  • The productAvailabilityChecks argument has been added to Magento\Sales\Model\Order\Reorder\OrderedProductAvailabilityChecker. Previously, this required argument was missing. Fix submitted by Roman Kis in pull request 21820. GitHub-20825
  • The errors/local.xml and error page templates are no longer publicly accessible. Fix submitted by Fabian Schmengler in pull request 20212. GitHub-20209
  • We added the missing attributes validated_country_code and validated_vat_number to quote_address. Fix submitted by Erik Pellikka in pull request 19265. GitHub-17658
  • We added Type casting to \Magento\Shipping\Model\Carrier\AbstractCarrier::getTotalNumOfBoxes() to improve validation. Fix submitted by Mudit Shukla in pull request 20898. GitHub-13319
  • Widget parameters can now contain multidimensional arrays. Fix submitted by Eduard Chitoraga in pull request 21008. GitHub-19909
  • phpcs now reports all errors and warnings in the terminal as expected. Previously, phpcs threw an error instead of reporting errors under certain circumstances. Fix submitted by Nazar Klovanych in pull request 22081. GitHub-20186
  • The getSize() method in \Magento\Framework\Data\Collection now returns results that reflect added filters as expected when the clear() method is called after getSize(). Previously, this method returned results that always remained the same after the first call and the clear() method was ignored. Fix submitted by Sergey Nezbritskiy in pull request 21670. GitHub-21654
  • Magento no longer caches absolute file paths in the validator factory (Magento\Framework\Validator\Factory::_initializeConfigList). Previously, caching absolute file paths resulted in problems during transactions when a customer, a customer_address, or quote for a registered customer was saved. Fix submitted by David Führ in pull request 21856. GitHub-21842
  • QuoteRepository get methods now return an object of instance Vendor\Module\Model\Quote. Fix submitted by Bartłomiej Szubert in pull request 22149. GitHub-12802
  • Magento no longer throws an exception under these conditions:

    • a product configuration specifies a Minimum Qty Allowed in Shopping Cart as a decimal value less than one

    • this configuration is later updated by setting Qty Uses Decimals to no, and later updating the Qty Uses Decimals attribute in the product congiration to no. Fix submitted by Valerij Ivashchenko in pull request 21928. GitHub-21926

Layered navigation

  • Setting price navigation step calculation for layered navigation to Automatic (equalize product counts) now works as expected. Previously, results were not in the equals range, but omitted products. Fix submitted by Nazar Klovanych in pull request 21968. GitHub-21960
  • Use of the Yes/No attribute in the Layered Navigation filter no longer degrades filter performance. Fix submitted by Stephan Kechedzhi in pull request 21772. GitHub-3283, GitHub-21771
  • Magento now retrieves the configuration value (store ID) that is based on the current store scope in multistore deployments. Previously, Magento occasionally returned an incorrect configuration scope ID when attempting to resolve a scope ID set to null. Fix submitted by Pratik Oza in pull request 21633. GitHub-16939

Logging

  • Magento now creates a log entry if an observer does not implement ObserverInterface in modes other than developer mode. Previously, Magento created a log entry when in developer mode only. Fix submitted by Nazar Klovanych in pull request 21767. GitHub-21755

Magento Shipping

  • Fixed issue with the event stream cron job.

  • Fixed issue with retrieving shipping labels from some AWS environments.

New Relic reporting

  • Improved performance of New Relic queries. The New Relic Reporting module now cleans the Magento 2.x report data to prevent the reporting data store from growing too large and slowing query performance.
  • Magento 2.x CLI command names are now reported in the transaction names in the New Relic APM Monitoring Data. The transaction name is based on the Magento CLI command name, for example cli app:config:import, cli indexer:reindex, and cli cache:flush. In previous releases, the New Relic transaction names for CLI commands initiated by Magento 2.x CLI command names was missing and reported as unknown. Fix submitted by Lukasz Bajsarowicz in pull request 22059. GitHub-22047

Newsletter

  • You can now change pages at an expected speed from the Admin newsletter subscribers page (Marketing > Communications > Newsletter Subscribers). Previously, it took excessively long to move off this page.
  • The newsletter subscription input box now displays all text in mobile view. Fix submitted by Arvinda Kumar in pull request 20165. GitHub-20163

Orders

  • The quick order form now handles the SKUs that you enter for configurable products as expected. Previously, Magento threw an error when you tried to enter the SKU for a configurable product, and displayed a link to the simple product which typically returned a 404 page.
  • Programmatically created invoices now include all items as expected when both simple products and bundled products are mixed in an order. Previously, when Magento\Sales\Model\Service\InvoiceService::prepareInvoice was called without a specified quantity, the function did not discards items as expected after bundled items were processed, which resulted in a partial invoice. Fix submitted by Ryan Palmer in pull request 22263. GitHub-22246
  • When you create new extension attributes for orders, these attributes are now correctly joined when querying orders. Fix submitted by Oleksandr Kravchuk in pull request 21797. GitHub-8035

Page cache

  • Page cache is no longer active when maintenance mode is enabled. Previously, Magento cached pages from all IP addresses during maintenance mode.

Payment methods

  • Magento no longer throws an error indicating that a transaction was declined when Authorize.net successfully processes the order. Previously, orders were successfully created but Authorize.net indicated that the transaction had been declined. GitHub-22373
  • Magento creates an order using PayPal PayflowPro as expected when a customer enters all the credit card information that PayPal needs to create the transaction. Previously, Magento did not create the order even though all necessary credit card information has been entered.
  • Alt attribute text that describes credit card type or stored payment methods during checkout has been added to support accessibility. Fix submitted by Patrick McLain in pull request 21090. GitHub-21089

Performance

  • Client-side performance has been optimized by moving non-critical JavaScript code to the bottom of the page along with the corresponding deferred parsing and evaluation of this code. This means that users can see rendered pages faster. To enable this performance enhancement, you must navigate to Stores > Configuration > Developer > JavaScript Settings and enable the Move JS code to the bottom of the page option.
  • The transfer cart line items and transfer shipping options in the the Shipping step of checkout now work for PayPal. GitHub-19064
  • The multishipping checkout flow now supports the Braintree payment method.
  • Magento no longer disables the Place order button in the checkout workflow after the customer has supplied the requested email address for orders created with Braintree. Fix submitted by Roman Kis in pull request 21936GitHub-21907
  • We’ve optimized the logic of concurrent access to the block cache, which has improved the response of storefront pages under high load by approximately 20%.

Quote

  • QuoteManagement::submitQuote now logs all root exceptions. Previously, Magento logged only the second exception in exception.log. Fix submitted by David Führ in pull request 21697. GitHub-14926, GitHub-18752
  • The x_forwarded_for field of the Quote Management service now contains the value from $_SERVER['HTTP_X_FORWARDED_FOR']. Previously, this field was always empty. This change will permit administrators to see their customer’s actual IP addresses (as opposed to 127.0.0.1), which can help identify potentially fraudulent orders. Fix submitted by Christian Münch in pull request 21787. GitHub-

Reports

  • The date range in reports no longer displays the same start and end dates. Fix submitted by Milind Singh in pull request 20129. GitHub-20128
  • Magento now includes the amount of a credit memo’s refunded discount in its calculation of the value displayed in the total column under the Last Orders listing on the Admin dashboard. Fix submitted by Ravps in pull request 21283. GitHub-18754, GitHub-21281
  • The downloads report table (Admin > Reports > Downloads) now displays an accurate count of all downloadable products and the number of times they have been downloaded. Fix submitted by Shikha Mishra in pull request 22291. GitHub-22223

Reviews

  • The text for review-related headers under User Content on the Admin has been edited for clarity. Fix submitted by Vishal Gelani in pull request 21621. GitHub-21620

Sales

  • Corrected problems with the disabling and enabling order-related emails. Fix submitted by Serhiy Zhovnir in pull request 20953. GitHub-18698
  • Fixed display of the Luma theme My Account Order status tabs in mobile view. Fix submitted by Abrar Pathan in pull request 21071. GitHub-21070
  • You can now change customer groups when creating a new customer during order creation on the Admin. Fix submitted by gauravagarwal1001 in pull request 21145. GitHub-6162, GitHub-7974, GitHub-21144
  • You can now successfully re-order a virtual product. Fix submitted by Shikha Mishra in pull request 21335. GitHub-15059
  • When you place an Admin order for a product with a custom price, the sales_order_item table now behaves the same as it would for an order of a product with a regular price. Specifically, the price column contains the custom price excluding tax. Previously, the sales_order_item table’s price column displayed the custom price including tax.
  • Form validation now works as expected for fields in the Admin order address edit forms. Previously, when you entered invalid data, Magento did not display an error message and displayed the data. Fix submitted by Ievgenii Gryshkun in pull request 20840. GitHub-19360
  • If you retrieve an order, and then use the getShippingMethod as object function to retrieve the shipping method, Magento now returns null if no shipping method has been defined. Previously, this function returned an undefined index error if a shipping method was not available. Fix submitted by Mahesh Singh in pull request 20381. GitHub-20380

SalesRule

  • The DataProvider and Save Controller files have been edited to improve persistence of form data in cart price rules. Fix submitted by Aditya Yadav in pull request 20895. GitHub-20888
  • Added a condition type _Subtotal (Excl. Tax) to the Cart Price Rule configuration so that you can configure a cart price discount rule discount based on minimum purchase amount that excludes tax. Previously, the subtotal was calculated only with tax included. Fix submitted by AleksLi in pull request 21288. GitHub-12396
  • Catalog search Minimal Query Length values are now enforced as expected.
  • Elasticsearch quick search now works as expected when the default attribute set contains a date attribute that has been set to Search = Yes. Previously, the search page threw an exception and crashed.
  • The performance of layered navigation queries has been improved. Fix submitted by Mads Nielsen in pull request 20971. GitHub-20969
  • The search REST API now returns the correct total_count of result items. Previously, the value of total_count equaled searchCriteria[pageSize], not the total count of the search result items. Fix submitted by Ronak Patel in pull request 21713. GitHub-17295
  • The search icon on Admin page headers now works as expected. Fix submitted by Nirav Patel in pull request 22154. GitHub-22152
  • Magento now checks concrete class while applying plugins. Previously, when the pluginized class was virtual-typed by a class with name ending with an autogenerated suffix and without the implementation of the base concrete class, the di:compile process failed. Fix submitted by Riccardo Tempesta in pull request 22046. GitHub-21916, GitHub-21976

Shipping

  • UPS (non-XML) endpoints are now HTTPS instead of HTTP. Fix submitted by Josh in pull request 21511.
  • Magento now provides quotes for DHL shipments when DHL Content Type is set to Non Documents. Fix submitted by gwharton in pull request 19487. GitHub-19485
  • The CGI URL gateway endpoint in the UPS module has been updated from HTTP to HTTPS in response to the disablement of the HTTP gateway by UPS in mid-2019. See Magento User Guide for a discussion of using the UPS shipment method. Shipping method configuration settings are described in the Shipping methods.
  • The tracking pop-up window now displays an accurate value for the delivery date for FedEx shipments in transit.

Sitemap

  • Images in the XML sitemap are no longer linked to the base store in a multistore deployment when scheduling start times and daily frequency. Fix submitted by Nazar Klovanyc in pull request 19598. GitHub-19596
  • Magento now validates sitemap file names to ensure that file names do not exceed length limits. Previously, Magento simply truncated excessively long file names. Fix submitted by Rajneesh Gupta in pull request 20044. GitHub-13937

Swatches

  • Corrected blackground to background in Magento_Swatches _module.less. Fix submitted by Amol Chaudhari in pull request 21368. GitHub-21365
  • You can now successfully preselect a configurable product swatch that contains an image. Previously, Magento tried to load the image into the product gallery before initialization completed and threw a JavaScript error. Fix submitted by Nirav Patel in pull request 19635. GitHub-18017

Tax

  • The tax that is applied to a simple child product is now based on the tax class of that product. Previously, Magento based the tax for a child product on the tax class of its parent product.
  • The shopping cart full tax summary now displays total tax as expected instead of individual tax values. Fix submitted by Nirav Patel in pull request 20682. GitHub-11358, GitHub-19701
  • The value of product_price_value in the shopping cart data section now includes taxes if the configuration settings are set accordingly (Stores > Configuration > Sales > Tax > Shopping Cart Display Settings > Display Prices > Including Tax). Fix submitted by Nick de Kleijn in pull request 20316. GitHub-20310
  • You can now successfully search for a tax rule based on both the Name and Tax Rate fields. Previously, Magento threw an MySQL error. Fix submitted by Tuyen Nguyen in pull request 21701. GitHub-21521

Testing

  • The Squiz.Operators.ValidLogicalOperators PHP-CS rule has been added to the static test rules. Fix submitted by Maksym Novik in pull request 21275. GitHub-21062
  • Added missing parameters to failing unit tests for FormatTests. Fix submitted by Kamil Degórski in pull request 21880. GitHub-21001

Theme

  • Logo files for transactional emails can now be successfully uploaded using Content > Configuration > Edit theme > Transactional Emails. Previously, Magento did not upload the logo, but displayed this error: A technical problem with the server created an error. Try again to continue what you were doing. If the problem persists, try again later. Fix submitted by chaplynsky in pull request 20092. GitHub-20091
  • The horizontal scroll widget on the storefront search results page now works as expected with very long search strings. Fix submitted by Prince Patel in pull request 21360. GitHub-21359
  • Checkboxes and radio buttons are now highlighted on focus while you navigate a form using the keyboard. This change is a reversion of an earlier fix (20861), which inadvertently violated accessibility standards for keyboard navigation. Fix submitted by Roman Kis in pull request 21820. GitHub-20825
  • Magento now successfully uploads files from the theme config edit form page when you click Select from Gallery button for the Logo Image field. Fix submitted by Vechirko Yurii in pull request 22132. GitHub-21032

Translation and locales

  • Product attribute labels are no longer translated. Fix submitted by Karla Saaremäe in pull request 21751. GitHub-21750

UI

  • You can no longer upload images when the Use Default Value setting on the Admin Content tab is enabled. Previously, you could drag an image to this tab even when this setting was enabled. Fix submitted by Mahesh Singh in pull request 20381. GitHub-20380
  • The Date field associated with a page on the Admin Pages table now displays the correct date, not the current date. Fix submitted by Satya Prakash in pull request 20902. GitHub-17564
  • Postcodes/zip code fields on the checkout page are empty and unvalidated on page load as expected. Previously, Magento validated postcodes/zip codes on the checkout page when the page loaded. Fix submitted by Danny Verkade in pull request 18633. GitHub-18630
  • Buttons on the Admin System > Backups page no longer flicker when the page is reloaded. Fix submitted by Oleg Volkov in pull request 21791. GitHub-19835
  • Screen readers can now identify the label elements that are linked to input fields for street address fields on the checkout page. Previously, screen readers could not identify these fields because the elements were not populated. Fix submitted by Scott Buchanan in pull request 21484. GitHub-10893
  • Product gallery images no longer open unexpectedly when you move over a product image while moving to another page element. Fix submitted by Denis Kopylov in pull request 21790. GitHub-21789
  • Magento now cancels previous scrolling actions as expected when you click Add to cart on a product page. Previously, Magento scrolled back to the qty input box the same number of times as you clicked Add to cart. Fix submitted by Vechirko Yurii in pull request 22117. GitHub-21715
  • Magento no longer displays the customer name twice in the welcome message on the log in page after a customer logs in. Fix submitted by Priti  in pull request 20832. GitHub-20830
  • Magento now updates the created_at and updated_at columns in the ui_bookmark table as expected. Fix submitted by Shikha Mishra in pull request 22340. GitHub-18557
  • Scrolling now works as expected in popup windows on devices running iOS. Fix submitted by Priti in pull request 21150. GitHub-21147
  • Magento now displays warning messages when validation fails on a form field that has a validation rule associated with it. Previously, Magento displayed this error: Javascript Error: Uncaught TypeError: msg.replace is not a function, if validation failed on a form field. Fix submitted by Seth Daugherty in pull request 20079. GitHub-20078
  • Magento no longer uploads images to the Category page unless the Use Default Value attribute is enabled. Fix submitted by Serhiy Zhovnir in pull request 20461. GitHub-20376

URL rewrites

  • Added a feature to manage URL rewrites when the product visibility attribute changes. If the product is made invisible, Magento deletes the URL rewrite. If you change the visibility attribute to true, Magento creates a URL rewrite rule. Previously, changing the visibility attribute sometimes created duplicate product URLs. Fix submitted by Vitaliy in pull request 20774. GitHub-20434
  • URLS in Arabic now resolve as expected. Previously, when you created a URL rewrite in Arabic, the browser returned a 404.
  • Magento now retains filter terms after you’ve applied a filter to the Admin url_rewrites table, then click the Back button. Fix submitted by Vaibhav Bhalerao in pull request 21834. GitHub-21805

Web API framework

  • You can now use REST in scope all to save an existing category that does not have a name attribute. Previously, Magento threw this exception: Could not save category with message. The "Name" attribute value is empty. Set the attribute and try again. Fix submitted by Nirav Patel in pull request 22362. GitHub-22309
  • The REST API locale now matches the appropriate store view in multistore deployments. Previously, Magento used the default scope for each store view. Fix submitted by Julian Wundrak in pull request 19913. GitHub-19908
  • You can now use /rest/all/V1/products/ to update a product’s category_ids through custom_attribute when the product has no custom attributes. Previously, the update command reported success, but categories were not updated. Fix submitted by Yaroslav Gyryn in pull request 20842. GitHub-20481
  • PUT /V1/products/:sku/media/:entryId now updates product images as expected. Previously, this call updated label, types and disabled, but the actual file-content was not replaced with the values that were provided in base64_encoded_data. Fix submitted by Nazar Klovanych in pull request 22424. GitHub-22402

Wishlist

  • Customer wishlists now include review summaries for included products. Fix submitted by Denis Kopylov in pull request 21420. GitHub-21419
  • The wishlist quantity field now has limits on both the type and number of characters that can be entered. Previously, you could enter both extremely large number and letters into this field, which resulted in undesirable, inaccurate changes in quantity.
  • Magento now alerts you to the expected minimum quantity of product when you try to add a lesser product quantity to your shopping cart from the wishlist. Fix submitted by Khodu in pull request 19653. GitHub-9155

WYSIWYG

  • You can now insert widgets that contain a WYSIWYG field into a form. Previously, widgets with a WYSIWYG parameter failed when inserting them into a WYSIWYG in a form. Fix submitted by James Dinsdale in pull request 20174. GitHub-19742

Known issues

  • Issue: The Async/Bulk Web APIs support only the default store view. A hot fix for this issue will be available in the near future. This issue has been resolved with the Scope parameter for Async/Bulk API patch, which is now available. See Patch for Magento Framework Message Queue and Store Scopes for a full discussion of this scope-related issue and patch contents.

  • Issue: The security enhancements that are part of Magento 2.3.2 require the installation of libsodium version 1.0.13 or higher. You will not be able to successfully install Magento Commerce 2.3.2 without first ensuring that your server runs version 1.0.13 or higher. See Libsodium releases for a description of the available releases and installation instructions.

  • Issue: After upgrade to Magento 2.3.2 Product Flat Data index takes significantly more time to reindex. See GitHub-23462 for a full discussion of this issue.

  • Issue: You cannot use the Magento Extension Manager to install extensions purchased from the Magento Marketplace. Workaround: Install extensions from the command line as described in General CLI installation. See Extension Manager shows no extensions in Magento Commerce 2.3.x.

Community contributions

We are grateful to the wider Magento community and would like to acknowledge their contributions to this release. Check out the following ways you can learn about the community contributions to our current releases:

  • If a community member has provided a fix for this release, we identify the fix in the Fixed Issue section of these notes with the phrase, “Fix provided by community member @member_name”.

  • The Magento Community Engineering team Magento Contributors maintains a list of top contributing individuals and partners by month, quarter, and year. From that Contributors page, you can follow links to their merged PRs on GitHub.

Partner contributions

The following table highlights contributions made by Partners. This table lists the Partner who contributed the pull request, the external pull request, and the GitHub issue number associated with it (if available).

Partner Pull Request Related GitHub Issue
Atwix 267, 488, 404, 682, 395, 441, 571, 564, 692, 684, 497, 21788, 558, 693, 562, 582, 584, 586, 2012, 21008, 21940, 617, 616, 22320, 2049, 687, 686, 681, 680, 694, 688, 695, 494, 560, 545, 541 229, 269, 468, 58, 295, 379, 382, 426, 425, 323, 387, 481, 21786, 479, 581, 512, 579, 580, 581, 1912, 19909, 606, 605, 2043, 275, 245, 244, 248, 638, 247, 382, 480, 559, 544, 540
Krish Technologies 20772, 21633, 21932, 22210, 19765, 19653, 19993, 22456, 22055, 22201, 22202, 22357, 22420, 78, 19806, 22470, 22056, 22239, 20917, 22381, 22421, 22154, 22362, 22233, 22405 16513, 16939, 106, 19761, 9155, 19825, 22434, 75, 6272, 22152, 22309, 21596
Interactiv4 22033  
ISM eCompany 20968, 21797, 473, 20295, 20842 8035, 469, 20481
TechDivsion 2171, 2184, 2199, 21856, 66, 2067 2169, 2170, 21842, 61, 2062
MageSpecialist 21869, 22046, 2056, 2090, 18: magento/partners-magento2ee, 2148, 2167, 2149, 2145, 2147, 2142, 2144 21868, 21916, 21976, 2027, 1983, 1990, 1828, 2140, 2166, 2132, 2133, 2134, 2135, 2128, 2053
Vaimo 22220, 460 423
Something Digital 614 604
Strix 21647, 22059, 2120, 2124 22047, 2105, 2118
Two Jay 20832, 21150, 21896 20830, 21147
Mediotype 22281, 21549, 22411 15090, 19845, 21251
Basecom 22276 19544
Imagination Media 21821  
creativestyle 2123 2108
MediaCT 22160, 22074  
H&O 21966, 20182 11892, 7623
Smile 610 607
Accenture 2121  
Netz98 21787 7227
Veriteworks 87 85
Crimson Agility 21756  

Individual contributor contributions

The following table identifies contributions from our community members. This table lists the external pull requests, the GitHub issue number associated with it (if available), and the community member who contributed the pull request.

Contributing community member Pull Requests Related GitHub Issues
Karlasa #18706  
udovicic #19546  
Nazar65 #19598 19596
milindsingh #20011 20010
chaplynsky #20092 20091
nainesh2jcommerce #20173 20172
maheshWebkul721 #20381 20380
serhiyzhovnir #20461 20376
amitcedcoss #20556 20555
nainesh2jcommerce #20992  
awviraj #21055  
ravi-chandra3197 #21120  
suryakant-krish #19631 19630
mjsachan-cedcoss #20012  
melaxon #20027  
GovindaSharma #20115 19891
sjaakvdbrom #20499  
hostep #20887  
sunilit42 #21007  
priti2jcommerce #21022 21021
pmclain #21090 21089
yogeshsuhagiya #21097  
df2k2 #21096  
eduard13 #21100  
sasangagamlath #21129  
cedarvinda #20165 20163
priti2jcommerce #20466 20299
niravkrish #20682 11358, 19701
elevinskii #20847  
Beagon #20881  
shikhamis11 #20896 17861
realadityayadav #20895 20888
satyaprakashpatel #20902 17564
serhiyzhovnir #20953 18698
parag2jcommerce #20963  
cedarvinda #21009 20919
nainesh2jcommerce #21038  
abrarpathan19 #21071 21070
eduard13 #21102 21101
gauravagarwal1001 #21145 6162, 7974, 21144
navarr #21165  
wiardvanrij #18852 18056
emiprotech #19608 19561
shikhamis11 #19996 18944
vasilii-b #20495 18347
suneet64 #20923  
speedy008 #21069 19328
df2k2 #21093  
eduard13 #21095  
ankitsrivastavacedcoss #21098  
schmengler #13302  
jaimin-ktpl #19359 19274
lpj822 #21260  
Nazar65 #19191 19166
gwharton #19487 19485
mageprince #19566  
larsroettig #19679  
suryakant-krish #20237  
abrarpathan19 #20839 20838
eduard13 #21197 21196
priti2jcommerce #21227  
vovsky #19505 5021
dominicfernando #21046  
yogeshsuhagiya #21121  
speedy008 #21178 21177
ravi-chandra3197 #21210  
k4emic #20971 20969
yogeshsuhagiya #21175  
speedy008 #21265  
mageho #21301  
SikailoISM #20308  
lisovyievhenii #20617 14882
mage2pratik #21272 21271
Valant13 #19395 17784, 19786
shikhamis11 #20071 18374
dipti2jcommerce #20856 20855
mage2pratik #21298 21296
ravi-chandra3197 #21310  
vivekkumarcedcoss #20371 8086, 18115
gwharton #20621  
lbajsarowicz #20596  
ajardin #21020 8479, 16116
ihor-sviziev #18503 14412
Nazar65 #19988 19983
AntonEvers #20043  
GovindaSharma #20307 20305
lisovyievhenii #20583 13982
Vinai #20950 20773
jaideepghosh #21045  
milindsingh #21328 21322
shikhamis11 #21335 15059
yogeshsuhagiya #21347  
mageprince #21360 21359
amol2jcommerce #21368 21365
irajneeshgupta #20044 13937
cedarvinda #20339 20337
woutersamaey #20578  
mageho #20858  
dominicfernando #21105  
wojtekn #21295 21294
mageho #21302  
DanielRuf #21330  
Jitheesh #21395 21383
mageprince #21401 21398
yogeshsuhagiya #21405  
Cyanoxide #21421  
ravi-chandra3197 #21429  
priti2jcommerce #21426  
DanielRuf #21431  
Stepa4man #21151  
romainruaud #21458  
NickdeK #20316 20310
c-walter #20482  
hostep #21094  
oshancp #21130  
novikor #21275 21062
progreg #21338 21154
eduard13 #21363 13338
Jitheesh #21356 21327
shikhamis11 #21443 21425
eduard13 #21474  
floorz #20079 20078
milindsingh #20129 20128
david-fuehr #20818 14857
prakash2jcommerce #21079 21077
Nazar65 #21303 21292
Jitheesh #21455 21454
bartoszkubicki #17668  
pmclain #18705 17297
speedy008 #19637 19632
GovindaSharma #20239 20187
david-fuehr #20484 19117
nikolaevas #21170  
maheshWebkul721 #21279 21278
AnshuMishra17 #21462 21329
DenisSaltanahmedov #21476 21192
mfickers #21503  
sarfarazbheda #19376 19276
XxXgeoXxX #20391  
vasilii-b #20528 20527
Jitheesh #21498 21493
lfluvisotto #21509 21499
avstudnitz #21536  
ravi-chandra3197 #21534  
matthiasherold #13184  
niravkrish #19635 18017
nainesh2jcommerce #20429 20414
ananth-iyer #20938 20928
suryakant-krish #21074  
omiroshnichenko #21371 20989
Den4ik #21420 21419
Nazar65 #21542  
amol2jcommerce #21611 20809
amol2jcommerce #21638 20905
ansari-krish #21685  
tuyennn #21701 21521
eduard13 #21716  
aditisinghcedcoss #20001 13612
osrecio #21180  
DenisSaltanahmedov #21189 18761
mageprince #21468  
ananth-iyer #21444 21384
yogeshsuhagiya #21600  
amol2jcommerce #21582 21541
ravi-chandra3197 #21683  
VitaliyBoyko #21731 167
yogeshsuhagiya #21740  
woutersamaey #19859  
XxXgeoXxX #20512 20511
ihor-sviziev #20785  
XxXgeoXxX #20840 19360
ronak2ram #21713 17295
dverkade #18633 18630
Karlasa #21649 21648
mikeshatch #21782  
AleksLi #21288 12396
adarshkhatri #21469 21467
ccasciotti #21575 21510
Karlasa #21751 21750
lbajsarowicz #21774  
eduard13 #21785  
eduard13 #21795  
OlehWolf #21791 19835
lefte #21826  
niravkrish #21376 21374
Dharmeshvaja91 #21399 21396
Bartlomiejsz #21693 21692, 21752
silyadev #21815  
kisroman #21820 20825
nasanabri #21843  
eduard13 #21851 20859
ravi-chandra3197 #21884  
JeroenVanLeusden #19727  
schmengler #20212 20209
VitaliyBoyko #20774 20434
rav-redchamps #21283 18754, 21281
gelanivishal #21621 21620
samuel27m #21778  
TomashKhamlai #21825  
kdegorski #21880 21001
jahvi #21899  
erfanimani #19871  
david-fuehr #21697 14926, 18752
kisroman #21776 21734
JeroenVanLeusden #21822  
iGerchak #21919  
ravi-chandra3197 #21921  
hostep #18067 15972
ErikPel #19265 17658
eduard13 #20526 20766, 20943
cedmudit #20898 13319
cmacdonald-au #21053  
sprankhub #21065  
wojtekn #21135 21134
Vinai #21465  
scottsb #21484 10893
wsajosh #21511  
asim-vax #21749  
vbmagento #21834 21805
Thundar #18386 13951
jaimin-ktpl #19765 19761
alexander-aleman #21216  
Nazar65 #21767 21755
amol2jcommerce #21896  
hostep #21927  
eduard13 #21940  
samuel20miglia #22026  
ravi-chandra3197 #22055  
ansari-krish #22056  
likemusic #22075  
gwharton #18440  
leandrommedeiros #18933  
vovayatsyuk #19987  
eduard13 #21008 19909
tylerssn #21545  
lbajsarowicz #21647  
michaellehmkuhl #21754  
ihor-sviziev #21818  
likemusic #21928 21926
shrinet #21948 20140, 21244
JeroenVanLeusden #21966  
quasilyte #22054  
danielatdattrixdotcom #20951  
yogeshsuhagiya #21023  
Den4ik #21790 21789
kisroman #21999 21998
ochnygosch #22012 21993
Nazar65 #22081 20186
pedrosousa13 #21083 20366
kassner #21540  
krnshah #21932  
vishal-7037 #22002 22001
samuel27m #22135  
rafaelstz #21821  
phoenix128 #22046 21916, 21976
vovayatsyuk #22091  
yvechirko #22117 21715
jayankaghosh #22128 21824
ryantfowler #22151  
adaudenthun #22171 21973
hostep #22184  
mautz-et-tong #22195 22166
ravi-chandra3197 #22201  
yogeshsuhagiya #22205  
yogeshsuhagiya #22207  
krnshah #22210  
ansari-krish #22239  
vovayatsyuk #22258  
suneet64 #19530  
JeroenVanLeusden #20182 7623, 11892
priti2jcommerce #20832 20830
Jitheesh #21501 21375
serhiyzhovnir #21788 21786
crankycyclops #22073 21753
evktalo #22220  
SikailoISM #20295  
nmalevanec #20378 12386
mage2pratik #20772 16513
dominicfernando #20968  
slackerzz #21869 21868
vishal-7037 #22031 22030
arnoudhgz #22160  
lfluvisotto #22197 22090, 22190
ravi-chandra3197 #22202  
shikhamis11 #22340 18557
ravi-chandra3197 #22357  
mattijv #21378 21299
kisroman #21936 21907
Nazar65 #21968 6715, 21960
NiklasBr #22133  
niravkrish #22154 22152
wexo-team #22200 22199
lfluvisotto #22226  
kassner #22265  
davidalger #22281 15090
ansari-krish #22298 20917
OlehWolf #22318 21747
VitaliyBoyko #22320  
p-bystritsky #22321 22317
hostep #22332 22330
sudhanshu-bajaj #22339  
niravkrish #22362 22309
ansari-krish #22381  
hiren0241 #19993 19825
molovo #20174 13409, 19742
sergeynezbritskiy #21670 21654
Jitheesh #21711 21702
Ian410 #21756  
kisroman #21816 21779
niravkrish #22233  
ryanpalmerweb #22263 22246
Nazar65 #22382 22355
ravi-chandra3197 #22420  
ansari-krish #22421  
enl #18336  
ravi-chandra3197 #19806 6272
stkec #21772 3283, 21771
swnsma #21797 8035
Den4ik #21979  
gomencal #22033  
iGerchak #22082  
iGerchak #22089  
shikhamis11 #22291 22223
kassner #22364  
cmuench #21787 7227
lbajsarowicz #22059 22047
arnoudhgz #22074  
yvechirko #22178 21737
tiagosampaio #22324  
keyuremipro #22475 22474
mhauri #22285  
barbanet #22411  
Nazar65 #22424 22402
hostep #22446 22124
hiren0241 #22456 22434
Bartlomiejsz #22469 20111
ravi-chandra3197 #22470  
thomas-kl1 #18541  
priti2jcommerce #21150 21147
vishal-7037 #21963 21962
torhoehn #22276 19544
tzyganu #22302 22299
danielpfarmer #22466 22270
khodu #19653 9155
ygyryn #20842 20481
dverkade #21486 21477
davidalger #21549  
mage2pratik #21633 16939
jwundrak #19913 19908
david-fuehr #21856 21842
shikhamis11 #22147 22052
yvechirko #22132 21032
Bartlomiejsz #22149 12802
melaxon #22230  
Hailong #22399  
niravkrish #22405 21596

System requirements

Our technology stack is built on PHP and MySQL. For more information, see System Requirements.

Installation and upgrade instructions

You can install Magento Commerce 2.3.2 using Composer.

Migration toolkits

The Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.x. This command-line interface includes verification, progress tracking, logging, and testing functions. For installation instructions, see Install the Data Migration Tool. Consider exploring or contributing to the Magento Data Migration repository.

The Code Migration Toolkit helps transfer existing Magento 1.x store extensions and customizations to Magento 2.0.x. The command-line interface includes scripts for converting Magento 1.x modules and layouts.