Enjoy Secure & Super Fast Managed Magento Hosting with FREE $25 Credit. Use Promo Code: MGT25
AVAIL NOW

Magento News for the weeks 41 & 42

Third party vendors putting your Magento store at risk, developers pulling their modules of Magento Connect and a healthy dose of Magento 2: here’s the news of the weeks 41 & 42.

Magento

  • Sonassi has tweeted about a “flaw” in the Magmi import tool. Because the web interface is by default not protected from outside use, people with malicious intentions can abuse the tool to compromise Magento installations by making use of, for example, the plugin upload script. A vulnerability-check and patch-instructions can be found on the MageStack website.
  • Do note that the semantics of this “flaw” can be subject of discussion. Is it a developer tool which shouldn’t be found in a live environment or is Magmi at fault by not having any authentication built in? Nevertheless, be sure to a double-check on your Magento installation(s) if you have used Magmi in the past.
  • More security: Andreas von Studnitz wrote about the discovery of SQL injection vulnerabilities in “Magento Custom Forms Extension” by Magik.
  • Elgentos released a part of their paid extensions assortment on Github.
  • Arvind Bhardwaj detailed how to enrich the Magento admin grids with AJAX.
  • Atwix has published a follow-up on adding tabs the product page. This time the new RWD of Magento CE 1.9 is taken into account.
  • Atwix also wrote about the development of a simple cron-backed extension which flushes the Redis cache on a daily basis.
  • Tim discovered a cache-miss-bug of the Full Page Cache (FPC) module in Magento EE. In follow-up tweets is detailed how to fix it.
  • After a comprehensive Magento SE question regarding properly rewriting library files, Daniel Sloof took the job on its own and released LibraryRewrite.
  • With LanguageRoutes, Matthias Kleine gives you the possibility to easily set up language specific URLs in your Magento store.

Magento 2

  • Magento 0.1.0-alpha99 has about 40 miscellaneous bugfixes, releases the Performance Toolkit, fixes issues with the new setup system and started adding basic documentation (a readme-file) to individual modules. For all the details, refer to the changelog.
  • 0.1.0-alpha100 does not go in the books as a milestone-commit; it only has a handful of new functional tests.
  • With 0.1.0-alpha99, Marius released a new version of his Magento 2 sample data set.
  • After evaluation of the Magento community its opinion on the Visitor_Logging module, Magento 2 does not ship with the Visitor_Logging module anymore.
  • Adding grids in Magento 2 will become a lot easier.
  • Ben Marks mentioned that Github usage of the Magento development team will change. Right now, it doesn’t feel like much more than a sync-spot for the internal VCS. Using Github properly can offer a whole lot more than the massive weekly code drops.
  • The workforce of Magento 2 consists of 60 to 80 people. It doesn’t say much, but at least we know people are working on it!
  • We had a quick look at the new Magento 2 Setup System.
  • We also wrote about updating and adding Composer compatibility to the Magento 2 Backend Launcher.
  • BelVG had a look at achieving multistore functionality in Magento 2.
  • Alan Kent got futuristic and published his thoughts on how Magento 2 can be used for top of the line webshops. It boils down to the statement that with the new service layer (“service contracts”) developers have ultimate flexibility to supercharge the Magento 2 code base.

Community

That’s the news for the weeks 41 and 42. Those who master German, don’t forget to check out Matthias Zeis’ Magento-Neuigkeiten which our round-ups are based on. If we missed a module release, made a mistake or you want to say hello, let us know on Twitter, in the comments below or send us an email. Until next time!

Faded header image background by Whiteghost.ink / CC BY-SA 3.0