v20.9.0

Another small but important release, mostly oriented towards fixing a couple of bugs with the new UPS APIs.
Remember, the old UPS XML APIs will be shut down on 3rd June 2024.

What's Changed

• Fixed unable to select "free method" in UPS backend configuration by @fballiano in #4005
• Fixed erroneous call to getText() method in Mage_Usa_Model_Shipping_Carrier_Ups::getAllowedMethods() by @ragnese in #4013
• Fixed available currencies filtering in UPS _parseRestResponse() method by @fballiano in #4017
• Added "edit" action column to "Associated Products" grid of grouped products by @empiricompany in #4006
• Fixed customer can't login after registering through PayPal Express Checkout by @fballiano in #3979
• Added filemtime to merged JS/CSS hash calculation algorithm by @boesbo in #4004
• Added stopPropagation to "copy text" buttons in backend by @Caprico85 in #4019
• Updated PHPStan to 1.11.2 by @fballiano in #3988
• Bump squizlabs/php_codesniffer from 3.9.2 to 3.10.1 by @dependabot in #4011
• Bump friendsofphp/php-cs-fixer from 3.57.1 to 3.57.2 by @dependabot in #4012

v20.8.0

This is a small but important release, necessary to iron out a couple of fixes and improvements with the new UPS APIs and it's necessary to release it now in order for everybody to test and upgrade before 3rd June 2024, when the old UPS XML APIs will be retired.

What's Changed

• Fixed UPS Rest API bugs by @fballiano in #3976
• Fixed cannot sort by column in backend's grids by @fballiano in #3985
• Backend: show links to RSS only if they are enabled by @fballiano in #3997
• Fixed wrong line endings for LICENSE.txt and LICENSE_AFL.txt by @colinmollenhour in #3992
• Bump friendsofphp/php-cs-fixer to 3.57.1 by @dependabot in #4000

v20.7.0

This is such a great release I don't even know how to start, packed with new features like never before! 🤯
Carefully check the 📖 changelog and, if your store uses 🚚 UPS, double check the feature number 4, it is extremely important! 🚨

Incredible new features

1. ConfigurableSwatches now allows for auto-generation of the swatch image file based on color selection

Forget the times when you had to manually generate image files for your plain-color swatches, now everything will be done for you in the backend and it's backward compatible with any swatch image you previously uploaded in the media/wysiwyg/swatches folder.

2. Added copyText function to admin order view page for copying order details

Tired of selecting important data with your mouse just to copy them to the clipboard?
Well, now you can do it much more easily.

3. Override configurations with env variables

The title almost says it all, but now you can create environment variables with structure similar to these:

OPENMAGE_CONFIG__DEFAULT__GENERAL__STORE_INFORMATION__NAME = default
OPENMAGE_CONFIG__WEBSITES__BASE__GENERAL__STORE_INFORMATION__NAME = website
OPENMAGE_CONFIG__STORES__GERMAN__GENERAL__STORE_INFORMATION__NAME = store_german

And they will override every XML or DB based configuration.

4. Added support for UPS Rest APIs

This is extremely important if your store uses UPS for shipments, on 3rd of June 2024 UPS will shut down their SOAP APIs, so you have to migrate to the new Rest API which is provided by this new feature.

Go to "System -> Configuration -> Shipping Methods -> UPS", select the new "United Parcel Service REST" and follow the documentation in the page to create your new UPS credentials.

IMPORTANT NOTE: while you will have to update to v20.7.0 before 3rd of June or your UPS integration will stop working, this new feature has to be handle with caution because of the limited tests that we were able to do before publishing. We worked on this for a few months but you must test with care before upgrading, and you must do it now if you want your store to be safe after the end of May. In case you face any problem get in contact with one of the maintainers.

Important bugs fixed

1. Fixed faulty media gallery label/description management for mutistore projects

Since the beginning of the M1 platform, many many years ago, these data were always broken in the context of multistore/multilanguage project, well, now they're not anymore!

Minor changes and fixes

• Removed jQuery dependencies from swatches in RWD theme by @empiricompany in #3824
• Added new useful columns in products tab in category view by @dbachmann in #2713
• New feature: added mage_run_installed_exception event when uncatched exception is thrown by @pquerner in #3613
• Removed invalid "sortcut icon" HTML element by @fballiano in #3941
• Backend: removed invalid "name" element, removed redundant nobr spans, added data-column-id to grids by @fballiano in #3927
• Type casting and minor fixes in preparation for declare strict_types=1 by @luigifab in #3648

Dependency update

• Bump phpunit/phpunit from 9.6.18 to 9.6.19 by @dependabot in #3931
• Bump friendsofphp/php-cs-fixer from 3.52.1 to 3.53.0 by @dependabot in #3942
• Bump phpstan/phpstan from 1.10.66 to 1.10.67 by @dependabot in #3951
• Bump friendsofphp/php-cs-fixer from 3.53.0 to 3.54.0 by @dependabot in #3950
• Bump squizlabs/php_codesniffer from 3.9.1 to 3.9.2 by @dependabot in #3965
• Bump friendsofphp/php-cs-fixer from 3.54.0 to 3.55.0 by @dependabot in #3974

v21.0.0-beta1

🚀 OpenMage 21 is the next step in the evolution of our beloved M1 platform. 🚀

📢🔔 While V21 introduces breaking changes that require careful consideration during the upgrade process, these long-overdue modifications will ultimately bring significant benefits to your stores. In the long run, you can expect enhancements in performance, security, SEO scores, and more, making the transition worthwhile. 📢🔔

Changes you must know and that you have to check one by one

• PHP8.2 is now the minimum required version for OM v21
• Added form key validation to Contacts form
  Check app/design/frontend/base/default/template/contacts/form.phtml in your theme and be sure that you've <?php echo $this->getBlockHtml('formkey') ?> under the <form opening tag, as shown here.
• Unified CSRF configuration
  If you enabled CSRF in System -> Configuration -> System (which you should!) then it will be enabled for all your forms and the checkout.
• Removed double span element from HTML buttons
  Be sure to check your CSS styles for the buttons in your frontend theme, you may need to adjust them slightly.
• Removed all deprecated _Mysql4_ classes
  This will break many extremely old modules but it was long overdue and allowed us to remove 500+ obsolete files from the core. We provide the shell/rename-mysql4-class-to-resource.php migration script to fix the old modules, you will have to run it but make sure you'll do it in a test environment and thoroughly test everything before publishing to production.
• Removed decorate*() js functions
  Check the phtml files of your custom themes for javascript code calling decorate*() (decorateList, decorateTable, decorateGeneric etc) and remove those calls since they will generate javascript errors on your browser's console.
• Removed "admin routing compatibility mode" for extensions
  The new admin routing mode was implemented in Magento 1.4 for security reasons, together with "compatibility mode" (in order to allow some time to developers to update their modules). After these many years we are removing the compatibility mode and all extensions will have to follow the new admin routing mode or they will not appear in the backend.
• Removed scriptaculous/dragdrop.js from frontend

Changes you want to know about

• RWD theme: updated jQuery to 3.7.1 by @fballiano in #3922

Changes that probably won't affect you

• RWD theme: removed enquire.js and converted to window.matchMedia by @fballiano in #3208
• RWD theme: converted default logos to SVG (and removed some Magento names) by @fballiano in #3148
• Removed onmouseover/onmouseout from adminhtml menu by @luigifab in #2737
• Removed auto_detect_line_endings in Varien_Io_File by @fballiano in #3283
• Fixed implementation of SessionHandlerInterface in Mage_Core_Model_Resource_Session by @fballiano in #3499
• Rewrote js/varien/weee.js without prototypejs by @fballiano in #3670
• Rewrote js/varien/accordion.js without prototypejs by @fballiano in #3669
• Rewrote js/mage/captcha.jsp without prototypejs by @fballiano in #3754
• Removed unused file js/mage/adminhtml/scrollbar.js by @fballiano in #3765
• Removed unused file js/mage/adminhtml/magento-all.js by @fballiano in #3764
• Removed unused file js/mage/adminhtml/image.js by @fballiano in #3758
• Removed deprecated and unused files from lib/Mage by @fballiano in #3872
• Rewrote js/mage/adminhtml/hash.js using native javascript by @fballiano in #3763
• Rewrote js/mage/adminhtml/variables.js without prototypejs by @fballiano in #3762
• Rewrote js/mage/translate.js without prototypejs by @fballiano in #3662

v20.6.0

A solid bugfix release this 20.6.0, with some accessibility improvements to the RWD theme too, which will improve the lighthouse scores that everybody loves ;-)

Changelog

• Fixed zIndex to avoid conflicts between TinyMCE and OpenMage's overlays in the CMS section by @fballiano in #3851
• Fixed default width for input/textarea in OpenMage backend theme by @fballiano in #3850
• Improved fields dependence (show/hide) in backend's config section by @luigifab in #2150
• Varien_Directory_Collection::getLastDir(): "$this" can no longer be used in a plain function or method, since PHP 7.1 by @fballiano in #3823
• Fixed null error on hash_equal in Mage_Oauth_Model_Server by @kiatng in #3870
• Fixed row click issue in Category Products tab by @ADDISON74 in #3866
• Fixed null deprecation in lib/Varien/Filter/Template.php by @kiatng in #3879
• Fixed row click issue in product's upsell/crosssell/related grids by @ADDISON74 in #3865
• Added PHP8.3 to supported list by @fballiano in #3887
• Added VAT related attributes to salesOrderAddressEntity webservices entity by @empiricompany in #3885
• RWD: enhanced contrast on a few colors to fix accessibility issues by @fballiano in #3911
• Fixed no data shown for products with recurring profiles by @fballiano in #3910
• RWD: accessibility improvements: made the red color a bit darker and added titles to important links by @fballiano in #3912
• Rewrote getOpenMageVersion() to be faster by @fballiano in #3875
• Removed unused variables from Mage_Api_Model_Server_Handler_Abstract by @fballiano in #3862
• Removed @Deprecation on Mage::getBlockSingleton() by @kiatng in #3835
• Fixed null parameter warning in Mage_Catalog_Model_Layer_Filter_Attribute by @fballiano in #3926
• Bump phpseclib/phpseclib from 3.0.35 to 3.0.37 by @dependabot in #3869
• Bump phpseclib/mcrypt_compat from 2.0.5 to 2.0.6 by @dependabot in #3868
• Bump friendsofphp/php-cs-fixer from 3.50.0 to 3.51.0 by @dependabot in #3867
• Bump tj-actions/changed-files from 42 to 43 by @dependabot in #3882
• Bump friendsofphp/php-cs-fixer from 3.51.0 to 3.52.1 by @dependabot in #3895
• Bump phpunit/phpunit from 9.6.17 to 9.6.18 by @dependabot in #3896
• Bump squizlabs/php_codesniffer from 3.9.0 to 3.9.1 by @dependabot in #3919
• Bump tj-actions/changed-files from 43 to 44 by @dependabot in #3918
• Bump phpstan/phpstan from 1.10.59 to 1.10.66 by @dependabot in #3880

Full Changelog: v20.5.0...v20.6.0

v20.5.0

🎉🎉🎉 We are thrilled to announce OpenMage 20.5.0, the latest and greatest version of your favorite ecommerce platform! 🎉🎉🎉

This release surely packs a good amount of new features, so much so that we had to add a dedicated section to the changelog! But it also comes with a bunch of bugfix, components updates and most importantly a security fix!

Complete changelog

Security fixes

• CVE-2024-20717 (XSS), all the details at GHSA-gp6m-fq6h-cjcx

New features

• Added production-grade nginx and Docker environment by @colinmollenhour in #1209
• Added DDEV cronjob file by @ADDISON74 in #3831
• Added UI to list and remove orphaned ACL resources in backend. by @kiatng in #3647
• Allowed admin to create guest orders and reorder as guest by @justinbeaty in #2233
• Added HtmlPurifier to improve MaliciousCode filtering by @Judx in #3606
• Added auto reply to contact form by @kyrena in #3615
• Added partial postcode match to table rate shipping by @AlterWeb in #1504
• Added support for type "label" to system.xml by @fballiano in #3849

Bugfix and more

• Fixed branch names in code-ql workflow by @ADDISON74 in #3832
• Updated the existing DDEV documentation by @ADDISON74 in #3830
• Fixed deprecation warning if downloadable sample is a url by @ma4nn in #3619
• Updated TinyMCE to 6.8.3 and updated all languages by @fballiano in #3837
• Fixed deprecated functionality for trim when creating DataFlow profile by @ma4nn in #3825
• Fixed case error in some module names by @fballiano in #3841
• Fixed call to a member function setOnclick() on false in Mage_Adminhtml_Block_Sales_Order_View_Giftmessage by @fballiano in #3821
• Fixed null parameter warning in Mage/Adminhtml/Block/Customer/Edit/Tab/Wishlist/Grid/Renderer/Description.php by @ADDISON74 in #3829
• Fixed phpstan in Mage/Customer/controllers/AccountController.php by @kiatng in #3750
• Changed "unload" to "beforeunload" in extjs to avoid deprecation warning in developer console by @andrewcbi in #3853
• Removed Mage_Backup and Mage_PageCache from PHPStan configuration by @fballiano in #3858
• Fixed column default sorting in customer's orders grid by @ADDISON74 in #3852
• Fixed null parameter warning in DataFlow Profiles by @ADDISON74 in #3827

Packages upgrades

• Bump squizlabs/php_codesniffer from 3.8.1 to 3.9.0 by @dependabot in #3843
• Bump phpstan/phpstan from 1.10.57 to 1.10.58 by @dependabot in #3844
• Bump phpunit/phpunit from 9.6.16 to 9.6.17 by @dependabot in #3854
• Bump phpseclib/mcrypt_compat from 2.0.4 to 2.0.5 by @dependabot in #3855
• Bump friendsofphp/php-cs-fixer from 3.49.0 to 3.50.0 by @dependabot in #3857
• Bump phpstan/phpstan from 1.10.58 to 1.10.59 by @dependabot in #3856

New Contributors

• @andrewcbi made their first contribution in #3853

Full Changelog: v20.4.0...v20.5.0

v19.5.3

Quick security release for OpenMage v19, fixing CVE-2024-20717 (XSS), all the details in GHSA-gp6m-fq6h-cjcx

v20.4.0

🚀✨ Hello OpenMage enthusiasts! It's time for our first release of 2024!
OpenMage 20.4.0 brings many fixes to PHP8.1+ warnings and a few nice addition, be sure to get it while it's hot! 🧙‍♂️🔥

Highlights of OpenMage 20.4.0

• Updated ZF1F to 1.24.0 by @fballiano in #3804
• Fixed autoincrement id fetching cache problem in import/export module by @leissbua in #3730
• Fixed reindex for configurable products without category assigned by @sreichel in #3785
• Fixed bug on incorrect callback URL when saving OAuth Token. by @kiatng in #3770
• Added whitelist to OAuth consumer callback URLs to allow custom URL scheme by @kiatng in #3774

Complete changelog

• Custom option null deprecation by @kiatng in #3731
• Fixed stripTags() null deprecation. by @kiatng in #3729
• Fixed null deprecation in Zend_Pdf by @kiatng in #3744
• Fixed oauth phtml docblock. by @kiatng in #3746
• Fixed autoincrement id fetching cache problem in import/export module by @leissbua in #3730
• Removed unused file js/mage/adminhtml/backup.js by @fballiano in #3757
• Added $product param to catalog_controller_product_init_before event by @kiatng in #3656
• Fixed Varien_Data_Form_Filter_Date::inputFilter() and Varien_Data_Form_Filter_Datetime::inputFilter() dealing with empty values by @massa-man in #3752
• Deprecated createEntityTables() in Mage_Eav_Model_Entity_Setup. by @kiatng in #3628
• Added helper methods to cast Mage::getStoreConfig() to int or float, fixes #3727 by @sreichel in #3736
• Fixed bug on incorrect callback URL when saving OAuth Token. by @kiatng in #3770
• DDEV-install: fixes table prefix when using -d and -s flag by @sreichel in #3749
• Updated allcontributors badge to new format by @fballiano in #3782
• Removed outdated changelog files from the .github folder by @sreichel in #3791
• Removed LICENSE.html in favor of LICENSE.txt by @sreichel in #3786
• Removed openmage's dev-dependencies in PHPUnit workflow by @Flyingmana in #3794
• Fixed reindex for configurable products without category assigned by @sreichel in #3785
• Fix Deprecated Functionality Error Caused by Passing NULL to nl2br() in Sharing Template by @ahudock in #3779
• Fixed strlen(): Passing null to parameter in SalesRule/Model/Resource/Rule/Collection.php by @kiatng in #3675
• Fixed some PHP8.1 warnings about null parameters by @fballiano in #3800
• Fixed some PHPStan errors in lib/Varien by @fballiano in #3801
• Whitespace reformat of licence files by @fballiano in #3798
• Fixed warning Undefined array key 0 when installing OM via command line (dev mode on) (#3672) by @akunzai in #3677
• Fixed bug on incorrect date format for 1970-01-01 date. by @kiatng in #3802
• Updated ZF1F to 1.24.0 by @fballiano in #3804
• Run code-ql workflow only when certain files change by @Flyingmana in #3789
• Renamed some github workflows for better readability by @fballiano in #3806
• Added getReviewSummary() to Mage_Catalog_Model_Product by @luigifab in #2702
• Added whitelist to OAuth consumer callback URLs to allow custom URL scheme by @kiatng in #3774
• PHPStan (and PHP syntax) workflows now only run on PHP 7.4 and 8.3 by @fballiano in #3805
• Fixed strip_tags(): Passing null to parameter #1 in Catalog/Model/Product/Option/Type/File.php by @kiatng in #3775
• Fixed null deprecation in function is_empty_date(). by @kiatng in #3808
• Fixed bug on OAuth not redirecting to the authorize page after customer login by @kiatng in #3761
• DDEV - Removing the sample archive from the root directory by @ADDISON74 in #3799
• Fixed array_merge TypeError on missing disabled module dependency by @Tomasz-Silpion in #3715
• Fixed missing layout parameter when choosing widget page group by @ma4nn in #3563
• Updated composer dependencies by @fballiano in #3817
• Fixed null parameter warning in Mage_Sales_Block_Recurring_Profile_View by @fballiano in #3819
• Fixed parameter null parameter warning in Mage_Adminhtml_Block_Newsletter_Template_Edit::getJsTemplateName() by @fballiano in #3820
• Fixed null parameter warning on Mage_Core_Model_Input_Filter_MaliciousCode::filter() by @fballiano in #3822

And the dependency related ones:

• Bump actions/cache from 3 to 4 by @dependabot in #3742
• Bump friendsofphp/php-cs-fixer from 3.42.0 to 3.48.0 by @dependabot in #3743
• Bump squizlabs/php_codesniffer from 3.8.0 to 3.8.1 by @dependabot in #3734
• Bump tj-actions/changed-files from 41 to 42 by @dependabot in #3741
• Bump phpseclib/phpseclib from 3.0.34 to 3.0.35 by @dependabot in #3718
• Bump symplify/vendor-patches from 11.2.3 to 11.3.6 by @dependabot in #3724
• Bump symplify/vendor-patches from 11.3.6 to 11.3.7 by @dependabot in #3768
• Bump phpunit/phpunit from 9.6.15 to 9.6.16 by @dependabot in #3769
• Bump friendsofphp/php-cs-fixer from 3.48.0 to 3.49.0 by @dependabot in #3797
• Bump phpstan/phpstan from 1.10.44 to 1.10.50 by @dependabot in #3698
• PHPStan (and PHP syntax) workflows now only run on PHP 7.4 and 8.3 by @fballiano in #3805

New Contributors

• @massa-man made their first contribution in #3752
• @ahudock made their first contribution in #3779
• @akunzai made their first contribution in #3677
• @ma4nn made their first contribution in #3563

Full Changelog: v20.3.0...v20.4.0

v20.3.0

🎉🛒 Greetings, fellow Mage aficionados!
Brace yourselves for the magical unveiling of our latest release for this great 2023: OpenMage 20.3.0! 🚀🪩

This release isn't just another update; it's a recipe for the end of the year ecommerce party, with great ingredients like bugfixes, security enhancements, components and subsystems upgrades with a sprinkle of performance improvements.

Highlights of OpenMage 20.3.0

📝 TinyMCE is updated to v6.8.2 but most importantly script and style tags inside the WYSIWYG editor are supported again
📊 Our Google Analytics 4 module now correctly handles projects where the manufacturer attribute is missing
🚀 ConfigurableSwatches module loads its JS only if it's actually used
🛡️ Improved stampede prevention with empty config cache under high loads
🏋️ Many minor PHP8+ warnings have been fixed
👉 And so much more, check the full list of changes below

Complete changelog

• Updated Mage_Core_Model_File_Uploader instantiation to use Mage::getModel() by @kyrena in #3618
• Fixed bug in google analytics if the product attribute "manufacturer" is missing by @kiatng in #3632
• Better tab configuration error message in Mage_Adminhtml_Block_Widget_Tabs by @sreichel in #3637
• Fixed strtr(): Passing null to parameter #1 ($string) of type string is deprecated by @kiatng in #3639
• Updated TinyMCE to 6.7.2 by @fballiano in #3641
• Be more lenient in reading maintenance.ip addresses by @loekvangool in #3634
• Orphaned ACL resource exceptions are now logged only in developer mode by @empiricompany in #3642
• Fixed strip_tags(): Passing null to parameter #1 in Fulltext.php by @kiatng in #3655
• Fixed passing null for trim is deprecated in Mage_Core_Model_Resource_Db_Abstract by @kyrena in #3535
• Fixed docblock on page phtml templates. by @kiatng in #3661
• Fixed deprecated passing null to imagecolorallocate() by @sreichel in #3636
• Fixed bug which prevented uploading .ico favicon in backend by @empiricompany in #3690
• Fixing warning about providing null instead of an expected string by @alexh-swdev in #3663
• Added possibility to customize attributes used in associated products by @kiatng in #3674
• Call ConfigurableSwatches' js only if necessary, catalog/product/view/type/configurable/swatch-js.phtml by @empiricompany in #3685
• Improved stampede prevention with empty config cache under high loads by @colinmollenhour in #3530
• Updated TinyMCE to 6.8.2 by @fballiano in #3707
• Fixed issue #3692, fatal error on saving empty tier price. by @kiatng in #3693
• Enabled script/style tags support in TinyMCE 6 by @empiricompany in #3653
• Filtering of php tags in Mage_Core_Model_Input_Filter_MaliciousCode by @Judx in 66eaec5
• Bump colinmollenhour/cache-backend-redis from 1.16.0 to 1.17.0 by @dependabot in #3620
• Bump tj-actions/changed-files from 39 to 40 by @dependabot in #3622
• Bump phpstan/phpstan from 1.10.39 to 1.10.41 by @dependabot in #3630
• Fix for php-cs-fixer v3.37.1 by @sreichel in #3638
• Bump friendsofphp/php-cs-fixer from 3.35.1 to 3.37.1 by @dependabot in #3621
• Bump friendsofphp/php-cs-fixer from 3.37.1 to 3.38.0 by @dependabot in #3650
• Bump friendsofphp/php-cs-fixer from 3.38.0 to 3.38.2 by @dependabot in #3667
• Bump phpstan/phpstan from 1.10.41 to 1.10.43 by @dependabot in #3666
• Added funding links to composer.json and github config by @Flyingmana in #3649
• Bump friendsofphp/php-cs-fixer from 3.38.2 to 3.40.0 by @dependabot in #3681
• Bump phpstan/phpstan from 1.10.43 to 1.10.44 by @dependabot in #3680
• Bump phpseclib/phpseclib from 3.0.33 to 3.0.34 by @dependabot in #3682
• Bump phpunit/phpunit from 9.6.13 to 9.6.15 by @dependabot in #3689
• Bump friendsofphp/php-cs-fixer from 3.40.0 to 3.40.2 by @dependabot in #3687
• Bump pelago/emogrifier from 7.1.0 to 7.2.0 by @dependabot in #3697
• Bump friendsofphp/php-cs-fixer from 3.40.2 to 3.41.1 by @dependabot in #3699
• Bump squizlabs/php_codesniffer from 3.7.2 to 3.8.0 by @dependabot in #3700
• Bump phpmd/phpmd from 2.14.1 to 2.15.0 by @dependabot in #3703
• Bump github/codeql-action from 2 to 3 by @dependabot in #3702
• Bump tj-actions/changed-files from 40 to 41 by @dependabot in #3711
• Bump colinmollenhour/cache-backend-redis from 1.17.0 to 1.17.1 by @dependabot in #3710
• Bump friendsofphp/php-cs-fixer from 3.41.1 to 3.42.0 by @dependabot in #3709
• Update Autolabeler Config to Version 5.0.0 by @Sdfendor in #3695

Full Changelog: v20.2.0...v20.3.0

v20.2.0

OpenMage continues its remarkable journey with an important new release!
Among the numerous pull requests, one truly stands out. After months of development, we are thrilled to announce a significant upgrade to a core component of the OpenMage backend: the tinyMCE rich text editor skyrockets from its "more than 10-years-old" version 3 to the new and shining version 6.7!

Highlights of OpenMage 20.2.0

📝 TinyMCE is updated from v3 to v6.7.1
🔌 composer.json now allows PHP 8.3
🧹 Added a cron job to clean expired API sessions
📊 Added "googleanalytics_ga4_send_data_before" to customize GA4 data
🚀 Improved rate limit functions
🛠️ Fixed "Credit Memo not created when refund issued by merchant"
📄 Switched DOCTYPE for base/adminhtml themes to HTML5

Disclaimer

Since this is another substantial update please be sure to backup and test before deploying to production!

Changelog

• Added a cron job to clean expired API sessions by @kiatng in #3479
• Fixed incompatible interface deprecations in DB Session Adapter by @elidrissidev in #3497
• Fixed PHPCS github workflow for unexisting ruleset by @sreichel in #3500
• Fixed some PHPCS errors by @fballiano in #3501
• Added "googleanalytics_ga4_send_data_before" to customize GA4 data by @fballiano in #3448
• Bump friendsofphp/php-cs-fixer from 3.25.1 to 3.26.1 by @dependabot in #3506
• Bump phpstan/phpstan from 1.10.32 to 1.10.33 by @dependabot in #3505
• Bump tj-actions/changed-files from 38 to 39 by @dependabot in #3504
• Bump actions/checkout from 3 to 4 by @dependabot in #3503
• Improved rate limit functions by @Judx in #3507
• Replaced Magento placeholder images with OpenMage ones by @empiricompany in #3513
• Fixed check if ConfigurableSwatches is enabled by @luigifab in #2727
• Fixed docblock in phtml in catalog/product/view/options/type by @kiatng in #3517
• Fixed deprecated functionality str_contains() in Design/Package.php by @fballiano in #3516
• Bump friendsofphp/php-cs-fixer from 3.26.1 to 3.27.0 by @dependabot in #3521
• Bump phpstan/phpstan from 1.10.33 to 1.10.34 by @dependabot in #3524
• Bump phpunit/phpunit from 9.6.11 to 9.6.12 by @dependabot in #3522
• Bump phpseclib/phpseclib from 3.0.21 to 3.0.22 by @dependabot in #3523
• Link to NotifyStock feed is shown only if enabled by @fballiano in #3520
• Deprecated decorate*() js functions by @fballiano in #3526
• Updated composer.json to allow PHP 8.3 by @kyrena in #3536
• Fixed passing null for explode is deprecated in Mage_Adminhtml_Block_System_Currency_Rate_Matrix by @kyrena in #3539
• Bump phpunit/phpunit from 9.6.12 to 9.6.13 by @dependabot in #3547
• Bump phpstan/phpstan from 1.10.34 to 1.10.35 by @dependabot in #3549
• Bump friendsofphp/php-cs-fixer from 3.27.0 to 3.28.0 by @dependabot in #3550
• Bump phpseclib/phpseclib from 3.0.22 to 3.0.23 by @dependabot in #3548
• Removed some weirdly formatted comments by @fballiano in #3552
• Fixed empty exception when customer does not exist for products alerts by @kyrena in #3537
• Use a core/flag to store tax notification ignored flag rather than co… by @colinmollenhour in #3532
• Fixed PHPStan workflows not running on the correct PHP version by @fballiano in #3542
• Recovered some lost deprecated notice in #3552 by @fballiano in #3558
• Bump friendsofphp/php-cs-fixer from 3.28.0 to 3.34.0 by @dependabot in #3565
• Bump phpstan/phpstan from 1.10.35 to 1.10.36 by @dependabot in #3566
• Bump phpmd/phpmd from 2.13.0 to 2.14.1 by @dependabot in #3567
• Fixed docblock onepage.phtml, cart.phtml, and success.phtml in checkout. by @kiatng in #3568
• Excluded Varien_Data_Form_Element_Label from "edit attributes" mass action by @Hanmac in #3540
• Fixed updated_at doesn't update on mass actions by @Tomasz-Silpion in #3529
• Minor fixes for TinyMCE v6 by @fballiano in #3570
• Forced PHP version to 7.4 for PHPCS related workflows by @fballiano in #3571
• Reinit fresh config before flushing cache and immediately save config… by @colinmollenhour in #3533
• Fixed "Credit Memo not created when refund issued by merchant" by @luigifab in #2729
• Fixed PHP 8.2 warnings in Cm_RedisSession (updated to 3.2.0) by @colinmollenhour in #3576
• Switched DOCTYPE to HTML5 for base theme by @fballiano in #3574
• Switched DOCTYPE to HTML5 for adminhtml themes by @fballiano in #3579
• Removed text-shadow from disabled dropdown in Admin by @elidrissidev in #3583
• Bump phpstan/phpstan from 1.10.36 to 1.10.38 by @dependabot in #3586
• Bump friendsofphp/php-cs-fixer from 3.34.0 to 3.34.1 by @dependabot in #3587
• Add status column to customer orders grid in Admin by @elidrissidev in #3582
• Fix syntax in Mage_Adminhtml.csv by @elidrissidev in #3590
• Fixed some phtml docblock in folder adminhtml/default/default by @kiatng in #3588
• Bump friendsofphp/php-cs-fixer from 3.34.1 to 3.35.1 by @dependabot in #3597
• bugfix/LogVisitorSaveByRequest: added initServerData() to populate ServerData on saving visitor_log information by @eneiasramos in #3598
• Exception is now printed on Mage_Catalog_ProductController::viewAction() in developer mode by @kyrena in #3578
• Bump phpstan/phpstan from 1.10.38 to 1.10.39 by @dependabot in #3603
• Bump phpseclib/phpseclib from 3.0.23 to 3.0.33 by @dependabot in #3602
• Bump pelago/emogrifier from 7.0.0 to 7.1.0 by @dependabot in #3601
• Updated TinyMCE to 6.7.1 by @fballiano in #3605
• Fixed implicit conversion to int is deprecated in Mage_Shell_Indexer by @luigifab in #3612
• Fixed bug on incorrect join in addAttributeToSelect() when the second parameter is true by @kiatng in #3609

Full Changelog: v20.1.1...v20.2.0