Skip to content

2002.0.22
Compare
Choose a tag to compare
@shiftedreality shiftedreality released this 14 Nov 16:36
· 4 commits to 2002.0 since this release
2002.0.22
a475153
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog (4 related PRs)

The ece-tools 2002.0.22 release changes the structure of the ece-tools package to decouple the release of Magento Commerce Cloud patches from the ece-tools release. Starting with this release, patches and critical fixes will be delivered using the magento/magento-cloud-patches package, which is a new dependency for the ece-tools package. We made these changes to reduce complexity for scheduling release updates and working with community contributions.

Changes to the ece-tools package

  • Moved the Magento Commerce patches from the ece-tools package to a new magento/magento-cloud-patches composer package.
  • Updated the composer.json file for the ece-tools package to add a dependency for the magento/magento-cloud-patches v1.0.0 package.
  • Fixed an issue that caused the ece-tools patching process to break when applying patch sets on top of security-only releases, starting with Magento version 2.3.2-p2 and later. This issue was introduced by the new versioning scheme adopted for security-only patches.

Patches and critical fixes

  • Update your Cloud environments with ece-tools version 2002.0.22 to apply the following patches and critical fixes. These patches are included in the magento/magento-cloud-patches v1.0.0 package.
    • Page Builder security patches for 2.3.1.x and 2.3.2.x releases–Fixes an issue in Page Builder preview that allows unauthenticated users to access some templating methods that can be used to trigger arbitrary code execution over the network (RCE) resulting in global information leaks. This issue can occur when using unsupported versions of Page Builder with Magento Commerce versions 2.3.1 and 2.3.2.
    • MSI patches–Fixes issues that caused indexing errors and performance issues when using default inventory settings for managing stock.
    • Backward Compatibility of new Mail Interfaces-Fixes a backward incompatibility issue caused by the Magento\Framework\Mail\EmailMessageInterface PHP interface introduced in Magento Commerce v2.3.3. In the scope of this patch, the new EmailMessageInterface inherits from the old MessageInterface, and Magento Commerce core modules are reverted to depend on MessageInterface.
    • Catalog pagination does not work on Elasticsearch 6.x–Fixes a critical issue with search result pagination that affects customers using Elasticsearch 6.x as the catalog search engine.
Assets 2