Third party vendors putting your Magento store at risk, developers pulling their modules of Magento Connect and a healthy dose of Magento 2: here’s the news of the weeks 41 & 42.
- Sonassi has tweeted about a “flaw” in the Magmi import tool. Because the web interface is by default not protected from outside use, people with malicious intentions can abuse the tool to compromise Magento installations by making use of, for example, the plugin upload script. A vulnerability-check and patch-instructions can be found on the MageStack website.
- Do note that the semantics of this “flaw” can be subject of discussion. Is it a developer tool which shouldn’t be found in a live environment or is Magmi at fault by not having any authentication built in? Nevertheless, be sure to a double-check on your Magento installation(s) if you have used Magmi in the past.
- More security: Andreas von Studnitz wrote about the discovery of SQL injection vulnerabilities in “Magento Custom Forms Extension” by Magik.
- Elgentos released a part of their paid extensions assortment on Github.
- Arvind Bhardwaj detailed how to enrich the Magento admin grids with AJAX.
- Atwix has published a follow-up on adding tabs the product page. This time the new RWD of Magento CE 1.9 is taken into account.
- Atwix also wrote about the development of a simple cron-backed extension which flushes the Redis cache on a daily basis.
- Tim discovered a cache-miss-bug of the Full Page Cache (FPC) module in Magento EE. In follow-up tweets is detailed how to fix it.
- After a comprehensive Magento SE question regarding properly rewriting library files, Daniel Sloof took the job on its own and released LibraryRewrite.
- With LanguageRoutes, Matthias Kleine gives you the possibility to easily set up language specific URLs in your Magento store.
- Magento 0.1.0-alpha99 has about 40 miscellaneous bugfixes, releases the Performance Toolkit, fixes issues with the new setup system and started adding basic documentation (a readme-file) to individual modules. For all the details, refer to the changelog.
- 0.1.0-alpha100 does not go in the books as a milestone-commit; it only has a handful of new functional tests.
- With 0.1.0-alpha99, Marius released a new version of his Magento 2 sample data set.
- After evaluation of the Magento community its opinion on the Visitor_Logging module, Magento 2 does not ship with the Visitor_Logging module anymore.
- Adding grids in Magento 2 will become a lot easier.
- Ben Marks mentioned that Github usage of the Magento development team will change. Right now, it doesn’t feel like much more than a sync-spot for the internal VCS. Using Github properly can offer a whole lot more than the massive weekly code drops.
- The workforce of Magento 2 consists of 60 to 80 people. It doesn’t say much, but at least we know people are working on it!
- We had a quick look at the new Magento 2 Setup System.
- We also wrote about updating and adding Composer compatibility to the Magento 2 Backend Launcher.
- BelVG had a look at achieving multistore functionality in Magento 2.
- Alan Kent got futuristic and published his thoughts on how Magento 2 can be used for top of the line webshops. It boils down to the statement that with the new service layer (“service contracts”) developers have ultimate flexibility to supercharge the Magento 2 code base.
Magento Live UK took place. Presentations and photos can be found on the official website.
- Meet Magento Italy published its official dates: 5 & 6 March 2015.
- Magestackday, organized by Sander Mangel, is an initiative to bring halt or at least improve the ever diminishing answer rate of Magento SE.
- You can now add ShopTechBlog to the list of impressions of Meet Magento New York. In the previous news-roundup we gathered all MM14NY related news.
- Episode 6 (A Blogroll, a Webring, and a Paypal Link) and episode 7 (Real Live Intros in Your Area) of the MageTalk podcast have aired.
- Phillip Jackson published an opinion-piece on the eBay / PayPal split and its effect on Magento. The same Philip mentions that Mark Lavelle stated during Magento Live that nothing will change.
- Vinai caused some uproar by announcing removal of his extensions from Magento Connect. Other developers followed in his foot-steps and before you know it everybody has his say on Magento SE. In a follow-up article by Vinai, he explains his motives.
- The software platform underneath Magento: PHP 7 is coming and now there is an RFC for the timeline. First release candidate? Possibly between the 16th of March and the 15th of October 2015.
- In related news: Alan Kent published an opinion-piece on why PHP namespaces are not as flawed as claimed.
That’s the news for the weeks 41 and 42. Those who master German, don’t forget to check out Matthias Zeis’ Magento-Neuigkeiten which our round-ups are based on. If we missed a module release, made a mistake or you want to say hello, let us know on Twitter, in the comments below or send us an email. Until next time!