From c5d901110f29236badd086fecc8d1388526661dc Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 4 Feb 2020 11:07:55 -0600 Subject: [PATCH 1/3] Added Magento Cloud Patch release note for the patch to fix cron deadlocks and improve cron locking (MAGECLOUD-4530) --- src/cloud/release-notes/mcp-release-notes.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/cloud/release-notes/mcp-release-notes.md b/src/cloud/release-notes/mcp-release-notes.md index eb861cc5cc2..4a5ab601e44 100644 --- a/src/cloud/release-notes/mcp-release-notes.md +++ b/src/cloud/release-notes/mcp-release-notes.md @@ -19,13 +19,16 @@ We have included all {{site.data.var.ce}} 2.x patches from the [Magento Technica This release includes the following updates: -- {:.fix}**Updated patches to include all available patches for {{site.data.var.ce}} 2.x**–Updated the {{site.data.var.mcp}} package to include all {{site.data.var.ce}} 2.x patches available on the [Magento Download page](https://magento.com/tech-resources/download). If you copied any {{site.data.var.ce}} patches into your {{site.data.var.ece}} project previously, remove them to avoid conflicts. +- {:.fix}**Updated patches to include all available patches for {{site.data.var.ce}} 2.x**–Updated the {{site.data.var.mcp}} package to include all {{site.data.var.ce}} 2.x patches available on the [Magento Download page](https://magento.com/tech-resources/download). If you copied any {{site.data.var.ce}} patches into your {{site.data.var.ece}} project previously, remove them to avoid conflicts. -- {:.fix}**Updated patch for Elasticsearch catalog pagingation fix** –Replaced the Elasticsearch catalog pagination patch delivered in {{site.data.var.mcp}} v1.0 with a more effective fix. +- {:.fix}**Updated patch for Elasticsearch catalog pagination fix** –Replaced the Elasticsearch catalog pagination patch delivered in {{site.data.var.mcp}} v1.0 with a more effective fix. -Catalog pagination does not work on Elasticsearch 6.x +- {:.fix}**Updated the Magento Page Builder patches**–Update previously released Page Builder security patches for Magento versions 2.3.1 and 2.3.2 to address an issue in Page Builder preview that allows unauthenticated users to use some templating methods, which can lead to remote code execution (RCE) and global information leak. These patches were initially released in {{site.data.var.mcp}} v1.0.0. -- {:.fix}**Updated the Magento Page Builder patches**–Update previously released Page Builder security patches for Magento versions 2.3.1 and 2.3.2 to address an issue in Page Builder preview that allows unauthenticated users to use some templating methods, which can lead to remote code execution (RCE) and global information leak. These patches were initially released in {{site.data.var.mcp}} v1.0.0. +- {:.fix}**Fix cron deadlocks and improve cron locking**– + + - {:.fix}Fixes an issue with some cron jobs not running due to an incorrect status value in the `cron_schedule` table. Now, we use the Magento lock framework to check and update cron job status instead of using the `cron_schedule` table. + - {:.new}Adds a retry operation to avoid deadlock during updates to the data in the `cron_schedule` table. Now, cron jobs that have ended with an error status are retried during the next `cron:run` instead of waiting 24 hours. ## v1.0.0 @@ -35,10 +38,10 @@ This is the first release of the [`magento/magento-cloud-patches`](https://githu This release includes the following patches and critical fixes: -- {:.fix}**Page Builder security patches for 2.3.1.x and 2.3.2.x releases**–Fixes an issue in Page Builder preview that allows unauthenticated users to access some templating methods that can be used to trigger arbitrary code execution over the network (RCE) resulting in global information leaks. This issue can occur when using unsupported versions of Page Builder with {{ site.data.var.ee }} versions 2.3.1 and 2.3.2. +- {:.fix}**Page Builder security patches for 2.3.1.x and 2.3.2.x releases**–Fixes an issue in Page Builder preview that allows unauthenticated users to access some templating methods that can be used to trigger arbitrary code execution over the network (RCE) resulting in global information leaks. This issue can occur when using unsupported versions of Page Builder with {{ site.data.var.ee }} versions 2.3.1 and 2.3.2. -- {:.fix}**MSI patches**–Fixes issues that caused indexing errors and performance issues when using default inventory settings for managing stock. +- {:.fix}**MSI patches**–Fixes issues that caused indexing errors and performance issues when using default inventory settings for managing stock. -- {:.fix}**Backward Compatibility of new Mail Interfaces**-Fixes a backward incompatibility issue caused by the `Magento\Framework\Mail\EmailMessageInterface` PHP interface introduced in {{ site.data.var.ee }} v2.3.3. In the scope of this patch, the new `EmailMessageInterface` inherits from the old `MessageInterface`, and {{ site.data.var.ee }} core modules are reverted to depend on `MessageInterface`. +- {:.fix}**Backward Compatibility of new Mail Interfaces**-Fixes a backward incompatibility issue caused by the `Magento\Framework\Mail\EmailMessageInterface` PHP interface introduced in {{ site.data.var.ee }} v2.3.3. In the scope of this patch, the new `EmailMessageInterface` inherits from the old `MessageInterface`, and {{ site.data.var.ee }} core modules are reverted to depend on `MessageInterface`. -- {:.fix}**Catalog pagination does not work on Elasticsearch 6.x**–Fixes a critical issue with search result pagination that affects customers using Elasticsearch 6.x as the catalog search engine. +- {:.fix}**Catalog pagination does not work on Elasticsearch 6.x**–Fixes a critical issue with search result pagination that affects customers using Elasticsearch 6.x as the catalog search engine. From e208b0ac1f0b76d9efb18add73d5d0c62ffc9c4e Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 4 Feb 2020 12:06:44 -0600 Subject: [PATCH 2/3] Update src/cloud/release-notes/mcp-release-notes.md --- src/cloud/release-notes/mcp-release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/release-notes/mcp-release-notes.md b/src/cloud/release-notes/mcp-release-notes.md index 4a5ab601e44..b3773381e3a 100644 --- a/src/cloud/release-notes/mcp-release-notes.md +++ b/src/cloud/release-notes/mcp-release-notes.md @@ -28,7 +28,7 @@ This release includes the following updates: - {:.fix}**Fix cron deadlocks and improve cron locking**– - {:.fix}Fixes an issue with some cron jobs not running due to an incorrect status value in the `cron_schedule` table. Now, we use the Magento lock framework to check and update cron job status instead of using the `cron_schedule` table. - - {:.new}Adds a retry operation to avoid deadlock during updates to the data in the `cron_schedule` table. Now, cron jobs that have ended with an error status are retried during the next `cron:run` instead of waiting 24 hours. + - {:.new}Adds a retry operation to avoid deadlock during updates to the data in the `cron_schedule` table. ## v1.0.0 From bde51873a8203241a399a59a3183332a7249ba52 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 4 Feb 2020 12:14:26 -0600 Subject: [PATCH 3/3] Update src/cloud/release-notes/mcp-release-notes.md --- src/cloud/release-notes/mcp-release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/release-notes/mcp-release-notes.md b/src/cloud/release-notes/mcp-release-notes.md index b3773381e3a..2a31eb5f557 100644 --- a/src/cloud/release-notes/mcp-release-notes.md +++ b/src/cloud/release-notes/mcp-release-notes.md @@ -27,7 +27,7 @@ This release includes the following updates: - {:.fix}**Fix cron deadlocks and improve cron locking**– - - {:.fix}Fixes an issue with some cron jobs not running due to an incorrect status value in the `cron_schedule` table. Now, we use the Magento lock framework to check and update cron job status instead of using the `cron_schedule` table. + - {:.fix}Fixes an issue with some cron jobs not running due to an incorrect status value in the `cron_schedule` table. Now, we use the Magento lock framework to check and update cron job status instead of using the `cron_schedule` table. Cron jobs that have ended with an error status are retried during the next `cron:run` instead of waiting 24 hours. - {:.new}Adds a retry operation to avoid deadlock during updates to the data in the `cron_schedule` table. ## v1.0.0