We are pleased to present Magento Open Source (formerly Community Edition) 2.1.9. This release includes important enhancements to your Magento software.
Magento 2.1.9 contains almost 40 security fixes and enhancements. Look for the following highlights in this release:
- enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. See Magento 2.0.16 and 2.1.9 Security Patches for a comprehensive discussion of these issues.
- support for changes to the USPS API that USPS implemented on September 1, 2017
- fixed issue with logging information about exceptions caused by payment failures
- change to how Magento displays status updates during upgrade.
- We’ve added support for the change to the USPS API that USPS implemented on September 1, 2017. After installing or upgrading to this release, Magento will display the Domestic rate for USPS, First-Class Mail Parcel as expected. Previously, the USPS First-Class Mail Parcel option was not available after September 1, 2017 on installations running Magento 2.x unless you applied the workaround described here.
- Magento now logs all expected exception information in the
exception.logfile when a payment transaction fails. Previously, Magento did not log all exception information when a payment transaction failed, and this lack of full exception information, undermined debugging attempts. GitHub-6246
- We’ve changed how Magento displays status updates during a product upgrade. Previously, potentially vulnerable information such as full paths and module names were displayed in the product GUI, potentially exposing this information to a malicious user. Magento now restricts this potentially vulnerable information to logs that are available to administrators only.