
## v19.4.12 - unreleased


## v19.4.11 - 2021-02-14

#1248 mark trigger_recollect before collectTotals
#1418 Fix regression in configuration scope code. Refs #1417
#1281 remove-reference-to-magentocommerce
#1383 Remove latest occurrences of XmlConnect
#1429 Revert "Removed 2 unneeded function calls. Local var is already there."
Ignore media/captcha directory.
#1412 Update static-code-analyses.yml
#1441 Fixed menu cursor
#1160 Updated README.md, closes #985 #992
#1407 Reduced multiple dispatch events in login form for other themes.


## v19.4.10 - 2021-01-21


3 security updates

GHSA-jrgf-vfw2-hj26 CMS Editor code execution
GHSA-hj6w-xrv3-wjj9 Widget instances allows a hacker to inject an executable file on the server
GHSA-99m6-r53j-4hh2 Layout XML RCE Vulnerability

More Changes:
#1246 Adds support for "SameSite" cookie property
#1356 Fixed return type of Mage_Adminhtml_Block_System_Config_Form::_canShowField
#1275 Add start & stop commands to ddev setup in readme
#1273 Update static-code-analyses.yml
#1206 Reduced multiple dispatch events in login form.
#1140 Github Action Labeler Bot
#1337 Allow rewrite of Mage_Core_Model_File_Validator_Image
#1086 Allow debug in admin
#1378 Declare two variables
#1330 Allow min pass length to 5 during login
#1373 Removed 2 unneeded function calls. Local var is already there.
#1390 Fix class name and filename for case sensitive filesystems
#1336 Fix getId() on bool when primary billing address is null
#1370 Fixed adminhtml boxes.css fieldset-wide for note.
#1168 New event "adminhtml_sales_order_create_save_before" when editing an order.
#1393 Fixes PHP7.4 deprecated nested ternary operators
#1403 TypeError: round(): Argument #1 ($num) must be of type int|float

## v19.4.9 - 2020-12-29

increase composer.json php version range to include 8.0
#1349 Fixed Zend Lib Deprecated Notice PHP8
#1213 Fix strpos with non-string needle
add UnitTests to Github Actions
#1348 Fixed Zend Lib Tool Deprecated Notice
#1347 Fixed Zend Lib Amf Deprecated Notice
#1340 Fixed Zend Lib Barcode Deprecated
#1346 Fixed Zend Lib Validate Deprecated Notice
#1256 Fix libxml_disable_entity_loader for PHP 8
#1251 Disable class unserialization where it is not needed.
#1350 Trim values from XML so auto-formatting our XML does not break the autoloader.
#1345 Fixed Zend Lib Wildfire Deprecated Notice
#1344 Fixed Zend Lib View Deprecated Notice
#1343 Fixed Zend Lib JSON Deprecated Notice
#1342 Fixed Zend Lib Filter Deprecated Notice
#1341 fix "Cannot unset $this" error
#1261 getAttributeRawValue() move operations with store to if statement
#1274 Removed unused fetchAll in addRatingInfo()
#1278 Handled the case where the coupon no longer exists
#1328 Fix phpDoc for set/getStepData in Checkout
#1323 Improve PHPDoc
#1319 Fix for currency symbol not saved with fatal PHP error #1318
#1297 Update SECURITY.md
allow version 4 of hackathon composer installer
#1292 Support the logging of Throwables
#1285 Mage core model url - method call is provided 2 parameters, but the method signature uses 1 parameters
#1161 cleanup: Remove some files left in previous PRs
#1207 bugfix: don't cast min_sale_qty to int as it can be a decimal
#1279 Remove php short open tag


## v19.4.8 - 2020-10-20

CVE-2020-15244 RCE via PHP Object injection via SOAP Requests
#1250 removed use of travisCI
#1236 Adds missing meta tags to prevent SUPEE-11295 related warnings from Magereport
#991 Migrate to new frontend cookie name (session namespace) (#990)
#1266 Add ddev based development setup to Readme
#1247 Fix call_user_func_array arguments for PHP 8
#1242 update mcrypt related explanation in Readme
#1184 Add php-74 to static tests



## v19.4.7 - 2020-09-15

#952 Remove Magento Connect, Downloader and PEAR
#1181 Updated lib Net/IDNA2 to latest version
#1185 Removed unused class Varien_Filter_Money
#1182 Mage_Eav - Fix PHP 7.4 deprecation: array/string curly braces access
#1108 Ensure correctly sorted block children after unset some of them
#969 Fix checkout address for guest order
#1170 Throw exception when editing an order and the old order could not be cancelled
#1130 Change default db name
#510 Fix _addUrlRewrite() ignoring collection store scope
#1117 Prevent duplicate entry when updating salesrule_coupon_usage
#1146 Add doc comments to image related classes
#1008 add OpenMage admin theme and theme switcher
#1012 Add development environment setup files and README

## v19.4.6 - 2020-08-18

CVE-2020-15151 Observable Timing Discrepancy - Improve validation of secret keys (#1138)
#1136 Fix special price for bundle products
#1111 fix Coupon related cancel order bug
#1098 Cleanup: disable fixerio in config
#1097 Cleanup: disable currencyconverterapi in config
#1101 Fix Github Action: use cron schedule for labeler
#1113 Fix iframe removal in TinyMCE
#1078 Prevent Image resize to 0 width or height
#1091 Added dash(-) as an allowed character for store code
#1061 Fix bug related to filter in Admin UI for Role Users
#1081 Fixed Magento not detecting HTTPS behind a proxy (makes use of HTTP_X_FORWARDED_PROTO header)
#1079 Added GIT flow to README.md
#442 Support symlinks while not allowing malicious template paths


## v19.4.5 - 2020-07-07

#1044 Phoenix_Moneybookers - Removed Phoenix_Moneybookers
#1040 Mage_XmlConnect - Removed Mage_XmlConnect
#748 Mage_Shipping - DOC block update
#759 Mage_Persistant - DOC block update
#758 Mage_Poll - DOC block update
#757 Mage_ProductAlert - DOC block update
#755 Mage_Reports - DOC block update
#756 Mage_Rating - DOC block update
#1048 Fix broken file upload for downloadables caused by PATCH SUPEE-11314
#1050 add PullRequest Templates and config for automatic Issue Labeling (#1090)
#1014 Mage_Adminhtml - update admin footer
#1085 Installer rebranding
#1072 Mage_Admin - Fixed issue with admin login after forced password rehash
#1084 fix "Call to undefined function char()" error introduced in #966 (#1083)
#1069 :heart: for contributors - introduce all-contributors-bot to fill README (#1088)
#1082 Update composer.json to fix email address
#1067 Mage_Core - Remove unneeded docblock method definition
#764 Mage_Oauth - mini DOC block update
#760 Mage_Payment - DOC block update
#762 Mage_Page - DOC block update


## v19.4.4 - 2020-06-28

Include the Magento Patch SUPEE-11346

#750 Mage_SalesRule - DOC block update
#753 Mage_Rule - DOC block update
#747 Mage_Sitemap - DOC block update
#754 Mage_Review - DOC block update
#745 Mage_Tax - DOC block update
#744 Mage_Weee - DOC block update
#743 Mage_Widget - DOC block update
#742 Mage_Wishlist - DOC block update
#942 Cache all attribute options for display in layered navigation (#943 #934)
#1001 Removed php5 settings from .htaccess (#149)
#798 Mage_Core fix DOC block
#1031 Ensure coupon code times_used decrements on cancel
#1046 Rename Magento Admin to OpenMage Admin
#1060 Apply SUPEE-11346 patch
#1018 Add runtime cache in one more place in Zend_Data (#918)
#1034 Fixed store get attribute raw value
#1003 fix 404 dashboard on first admin login on multi store views
#1032 Allow access to current order via Registry
#1039 CatalogSearch - Fix array_intersect expected parameter 1 to be an array null given
#770 Mage_GiftMessage - DOC block update
#768 Mage_Index - DOC block update
#765 Mage_Newsletter - DOC block update
#1029 Correct name for Request class in Payment Module
#601 Prevent redundant simultaneous requests to remote storage in get.php
#1000 Update Github issue templates
#966 Check for null byte at the time of writing a file
#1021 E-Mail templates only: replace plaintext password with hint of choosen password (#307 #1019)
#1020 Add @throws vardoc to Varien_Io_File cd function
#771 Mage_Eav - DOC block update
#772 Mage_Downloadable - DOC block update
#929 fix apply discount amount to FPT percent discount
#1023 Use || operators instead of „or”
#1033 Fix wrong count of arguments in Mage_Core_Model_Resource_Db_Collection_Abstract
#703 Varien_ - DOC block update (1)
#702 Mage_Core - DOC block update
#775 Mage_Checkout - DOC block update
#894 fix for Fatal error: Nesting level too deep - recursive dependency? (#1025)
#1002 Removed Mage_GoogleBase
#972 Changed sizeof() to count()
#1011 Fix for installing on MySQL 8 (Fixes #935)
#984 Fixed .thumbnail load
#1013 Fix PHP Warning: "continue" targeting switch is equivalent to "break"
#890 Remove this->_debug in Mage_Paypal_Model_Api_Standard->getStandardCheckoutRequest
#936 Fix SQL query quoting/casting when type is passed to where function
#589 Fix HTTP/2 errors with cURL post
#776 Mage_CatalogSearch - DOC block update
#777 Mage_CatalogRule - DOC block update
#897 When category default_sort_by not available, use the system config
#1015 Fix typo in variable name in Media.php / Fixed atttribute typo
#780 Mage_CatalogInventory - DOC block update
#852 Stop calling getLastPageNumber() when not necessary
#980 Prevent errors when customer does not have a created at timestamp (#923)
#1017 add Badges to Readme
#1016 Fix typo in Area.php DOC block
#783 Mage_Catalog - DOC block update
#701 Mage_Customer - DOC block update
#999 Replaced Magento Logo with OpenMage Logos
#997 Fixed Notice in Mage_Catalog_Model_Resource_Url: Trying to access array offset
#751 Mage_Sales - DOC block update
#978 Do not call vsprintf when there are no arguments
#773 Mage_Directory - DOC block update
#749 Mage_Sendfriend - DOC block update
#769 Mage_ImportExport - DOC block update
#994 update adminnotification url to www.openmage.org
#989 Apply some Brand Changes, to have Magento appearing less
#730 Prevent fatal error in Mage_Catalog_Model_Resource_Category_Collection::setVisibility() / Set correct collection types in Mage_Catalog_Model_Product_Visibility
#919 Improve performance of the products sold report
#766 Mage_Media - mini DOC block update
#979 Store unserialized data in local cache of Zend_Data
#974 Update SECURITY.md
Followup to #918: Fix error saving local cache (#918)
#970 change all ands in conditional statements to && for better consistency (#958)
#965 Fixed calls to static methods
#963 Dropped useless semicolons
#964 Added missing public modifier
#699 Mage_Contacts - DOC block update
#698 Mage_Captcha - DOC block update
#697 Mage_Cron - DOC block update
#708 Mage_CurrencySymbol - DOC block update
#778 Mage_Admin - DOC block update
#779 Mage_Api2 - DOC block update
#781 Mage_CatalogIndex - DOC block update
#694 Mage_Cms - DOC block update
#695 Mage_AdminNotification - DOC block update
#968 Update README and removed php5.6 from static code analyses
#878 Create SECURITY.md
#961 Marked Mysql4-classes as deprecated (#957)
#956 Remove unsupported PHP 7.x settings from .htaccess
#951 Fix 'Invalid attribute name: main_table.store_id (#939)

## v19.4.3 - 2020-05-10

Include the Magento Release 1.9.4.5

Additionally:

#944 Upstream merge 1.9.4.5
#693 Mage_Api - DOC block update
#782 Mage_Bundle - DOC block update
#746 Mage_Tag - DOC block update
#761 Mage_PageCache - mini DOC block update
#774 Mage_ConfigurableSwatches - DOC block update
#848 Fix stuck checkout on Shipping Method (#847)
#813 Emulation did not load frontend translation



## v19.4.2 - 2020-05-10

#656 Fix removing coupon from cart
#625 Remove memory_limit in .htaccess
#895 Removed ES6 JS introduced in 1.9.4.4 for IE compability
#876 Update .htaccess (mod_expires headers for common file types)
#898 Insert whitespace in class name for styling to work. (fix follow up from #594 Remove whitespace in addBodyClass($className) )
#905 Typo in data type (doc block change)
#910 unused variable cleanup
#930 Send order and agreement variables to the view
#913 allow (json-)string for Mage_HTTP_Client_Curl::makeRequest $params Parameter
#912 Do not emit warning on null byte in $src in io_file
#916 Do not sum columns with undefined total function
#918 Add runtime cache to Zend_Locale_Data
#650 painful protection in Subtotal.php
#933 Fix warning "Warning: A non-numeric value encountered" in Model_Url
#712 #729 [Bug] Mage_Customer_Model_Convert_Parser_Customer::parse() / Fixes undefined variable
#937 update vies vat validation soap endpoint



## v19.4.1 - 2020-01-30

Include the Magento Release 1.9.4.4

Additionally:

#871 Default setting for validate_formkey_checkout => 1 (only affects new installs)
#870 Add .gitignore to /var/
#856 remove outdated Undo MagicQuotes function
#863 remove deprecated function calls in Mage_Adminhtml
#804 Add created_at and updated_at to all relevant REST API resources
#884 Add missing method to category collection class
#883 Add test method to cache models and fix layout update use of test method
#886 Adding 'display=swap' to default RWD Google Font
#888 fix php syntax error in app/design/frontend/rwd/default/template/email/catalog/product/list.phtml
#885 Replaced deprecated each in getAttributeRawValue()
#842 Add missing EU country (HR) to initial config
#857 correct argument order of implode calls
#859 Array and string offset access syntax with curly braces is deprecated


## before
