Magento realest a new programme the Magento Community Edition 1.9.3 delivers more than 120 quality improvements, as well as support for PHP 5.6 in addition to PHP 5.4 and 5.5.
Magento also improved his Security enhancements.
- Resolved a potential SQL injection (Zend Framework issue)
- Resolved a cache poisoning issue
- We now provide better protection against path exploits.
- Resolved a potential cross-site scripting (XSS) vulnerability when adding a category.
- Resolved a potential XSS vulnerability that affected the Magento server's request URI.
And a lot more
and Password enhancements
· user can reset a password only after receiving an e-mail. In addition, we introduced the following configuration settings:
- Limit the number of forgotten password requests from one IP address to five times per hour.
- Limit the number of forgotten password requests from one e-mail address to five times per 24 hours.
- Limit the number of forgotten password requests to no more than once every 10 minutes per e-mail address
And also here a lot more
Their also fixes
- Tax Calculation Fixes
- Shopping cart and checkout fixes
- Catalog fixes
- Price rule fixes
- Configurable swatches fixes
- Import/export fixes
- Indexer fixes
· Customers can no longer apply a coupon from an inactive shopping cart price rule to a purchase.
· Customers using a smartphone or other small viewport can expand subcategories in the web store that uses the new responsive theme.
These patches deliver important improvements, such as enabling several concurrent administrators to work with the product catalog, and to make it easier to install community-created translation packages.
Details about the patches follow. To install patches, see How to Get Patches For Magento EE.
- General Magento Connect Patches
- Magento Install Page Displays After SOAP v2 Index Page Refresh
- How to Get Patches For Magento EE
This section lists the key new features in Magento CE 1.9. For more information about these new features, see the Magento User Guide.
- The default theme in Magento CE 1.9 uses Responsive Web Design principles to provide a better experience for users of mobile devices in particular. Benefits include:
· Cross-border trade:
- supports PHP 5.4. For more information, see the PHP changelog.
- The Zend Framework has been upgraded to version 1.12.3
- Checkout improvements:
- Addressed a potential cross-site scripting (XSS) vulnerability while creating configurable product variants.
- Addressed a potential security issue that could result in displaying information about a different order to a customer.
- Users can no longer change the currency if the payment method PayPal Website Payments Standard is used.
- Removed an .swf file from the Magento distribution because of security issues.
- Improved file system security.
- Enhanced the security of action URLs, such as billing agreements.
- Addressed a potential session fixation vulnerability during checkout.
- Improved the security of the Magento randomness function.
Fixes in this release can be divided into the following categories: