Magento - Long Term Support

This repository is the home of an unofficial community-driven project. It's goal is to be a dependable alternative to the Magento CE official releases which integrates improvements directly from the community while maintaining a high level of backwards compatibility to the official releases.

Pull requests with bug fixes and security patches from the community are encouraged and welcome!

Releases and Versioning
- Currently Maintained Versions
Requirements
Installation
Secure your installation
- Apache .htaccess
- Nginx
Magento 1 Compatibility
Changes
Development Environment with ddev
PhpStorm Factory Helper
Public Communication
Maintainers
License
Contributors

Releases and Versioning

This project more strictly adheres to Semantic Versioning compared to the original Magento version numbering system where the "1" was essentially a fixed number. See the Terminology section of RFC 0002 - Release Schedule for more information on how the terms MAJOR, MINOR and PATCH are defined and applied.

The OpenMage team and community maintains OpenMage LTS versions as follows:

The latest MAJOR.MINOR version always receives PATCH updates.
The latest MAJOR version always receives MINOR updates.
The latest MAJOR.MINOR branch for each MAJOR version receives PATCH updates for at least 2 years from the time of inception of the initial MAJOR version release.

In a nutshell:

If you want to stay on the cutting edge with the latest improvements use the latest MAJOR version.
If you want maximum backwards compatibility and minimal upgrade hassle use the next-latest MAJOR version so that you can still receive important security/stability/regression fixes.

Currently Maintained Versions

20.x is the latest MAJOR version and will receive PATCH updates until 2 years after the date that 21.x is released.
19.4.x will receive PATCH updates until April 4, 2025.

Requirements

PHP 7.4+ (PHP 8.0 is supported, PHP 8.1 supported but some warnings may be shown/logged, PHP 8.2 is usable but still being tested)
MySQL 5.6+ (8.0+ recommended) or MariaDB
optional: Redis 5.x, 6.x and 7.0.x are supported
PHP extension intl since 1.9.4.19 & 20.0.17
Command patch 2.7+ (or gpatch on MacOS/HomeBrew) since 1.9.5.0 & 20.1.0

Installation

Manual Install

Download the latest release archive and extract it over your existing install. Important: you must download the ZIP file from a tagged version on the releases page, otherwise there will be missing dependencies.

Composer

Step 1: Create a new composer project:

composer init

Step 2: Configure composer. The below options are required. You can see all options here.

# Allow composer to apply patches to dependencies of magento-lts
composer config --json extra.enable-patching true

# Configure Magento core composer installer to use magento-lts as the Magento source package
composer config extra.magento-core-package-type magento-source

# Configure the root directory that magento-lts will be installed to, such as "pub", "htdocs", or "www"
composer config extra.magento-root-dir pub

Step 3: Require magento-core-composer-installer:

# PHP 7
composer require "aydin-hassan/magento-core-composer-installer":"~2.0.0"

# PHP 8
composer require "aydin-hassan/magento-core-composer-installer":"^2.1.0"

Note: be sure to select y if composer asks you to trust aydin-hassan/magento-core-composer-installer.

Step 4: Require the appropriate version of magento-lts:

# Latest tagged v20 series release
composer require "openmage/magento-lts":"^20.0.0"

# Legacy v19 tagged release (Magento 1.9.4.x drop-in replacement supported until April 4, 2025)
composer require "openmage/magento-lts":"^19.4.0"

# Latest on "main" development branch
composer require "openmage/magento-lts":"dev-main"

# Latest on "next" development branch
composer require "openmage/magento-lts":"dev-next"

Note: be sure to select y if composer asks you to trust magento-hackathon/magento-composer-installer or cweagans/composer-patches.

When deploying to a production environment, it's recommended to optimize Composer's autoloader to speed up classes lookup time:

composer dump-autoload --optimize

Git

If you want to contribute to the project:

git init
git remote add origin https://github.com/<YOUR GIT USERNAME>/magento-lts
git pull origin main
git remote add upstream https://github.com/OpenMage/magento-lts
git pull upstream main
git add -A && git commit

More Information

Secure your installation

Don't use common paths like /admin for OpenMage Backend URL. Don't use the path in robots.txt and keep it secret. You can change it from Backend (System / Configuration / Admin / Admin Base Url) or by editing app/etc/local.xml:

<config>
    <admin>
        <routers>
            <adminhtml>
                <args>
                    <frontName><![CDATA[admin]]></frontName>
                </args>
            </adminhtml>
        </routers>
    </admin>
</config>

Don't use common file names like api.php for OpenMage API URLs to prevent attacks. Don't use the new file name in robots.txt and keep it secret with your partners. After renaming the file you must update the webserver configuration as follows:

Apache .htaccess

RewriteRule ^api/rest api.php?type=rest [QSA,L]

Nginx

rewrite ^/api/(\w+).*$ /api.php?type=$1 last;`

Magento 1 Compatibility

OpenMage LTS 19.4.0 is the first tagged version using the OpenMage LTS version naming system and all 19.x versions are mostly backward-compatible with Magento 1.9.4.x.

OpenMage LTS 20.x and later have more changes that may not be 100% backward-compatible, but minimizing migration and upgrade hassle for users is always considered an important goal and factors heavily into the changes that are accepted even when accepting changes for "MAJOR" releases, described in Releases and Versioning above.

Changes

Most important changes will be listed here, all other changes since 19.4.0 can be found in release notes.

Between Magento 1.9.4.5 and OpenMage 19.x

bug fixes and PHP 7.x, 8.0, 8.1 and 8.2 compatibility
added config cache for system.xml (#1916)
added frontend_type color (#2945)
search for "NULL" in backend grids (#1203)
removed lib/flex containing unused ActionScript "file uploader" files (#2271)
Mage_Catalog_Model_Resource_Abstract::getAttributeRawValue() now returns '0' instead of false if the value stored in the database is 0 (#572)
PHP extension intl is required
Deprecation errors are not suppressed anymore
removed modules:
- Mage_Backup (#2811)
- Mage_Compiler
- Mage_GoogleBase
- Mage_PageCache (#2258)
- Mage_Poll (#3098)
- Mage_Xmlconnect
- Phoenix_Moneybookers

If you rely on those modules you can reinstall them with composer:

Mage_Backup: composer require openmage/module-mage-backup
Mage_PageCache: composer require openmage/module-mage-pagecache
Mage_Poll: composer require openmage/module-mage-poll
Legacy frontend themes: composer require openmage/legacy-frontend-themes

Between OpenMage 19.x and 20.x

Do not use 20.x.x if you need IE support.

removed IE conditional comments, IE styles, IE scripts and IE eot files (#1073)
removed frontend default themes (default, modern, iphone, german, french, blank, blue) (#1600)
fixed incorrect datetime in customer block ($useTimezone parameter) (#1525)
added redis as a valid option for global/session_save (#1513)
reduce needless saves by avoiding setting _hasDataChanges flag (#2066)
removed support for global/sales/old_fields_map defined in XML (#921)
enabled website level config cache (#2355)
made overrides of Mage_Core_Model_Resource_Db_Abstract::delete respect parent api (#1257)
rewrote Mage_Eav_Model_Config as cache for all eav entity and attribute reads (#2993)

For full list of changes, you can compare tags.

Since OpenMage 19.5.0 / 20.1.0

PHP 7.4 is now the minimum required version.

Most of the 3rd party libraries/modules that were bundled in our repository were removed and migrated to composer dependencies. This allows for better maintenance and upgradability.

Specifically:

phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis, Pelago_Emogrifier (#2411)
Zend Framework 1 (#2827)

If your project uses OpenMage through composer then all dependencies will be managed automatically.
If you just extracted the release zip/tarball in your project's main folder then be sure to:

remove the old copy of aforementioned libraries from your project, you can do that with this command:
```
rm -rf app/code/core/Zend lib/Cm lib/Credis lib/mcryptcompat lib/Pelago lib/phpseclib lib/Zend
```
download the new release zip file that is named openmage-VERSIONNUMBER.zip, this one is built to contain the vendor folder generated by composer, with all the dependencies in it
extract the zip file in your project's repository as you always did

We also decided to remove our Zend_DB patches (that were stored in app/code/core/Zend) because they were very old and not compatible with the new implementations made by ZF1-Future, which is much more advanced and feature rich. This may generate a problem with `Zend_Db_Select' statements that do not use 'Zend_Db_Expr' to quote expressions. If you see SQL errors after upgrading please remember to check for this specific issue in your code.

UPS shut down their old CGI APIs so we removed the support for it from the Mage_Usa module.

Between OpenMage 20.x and 21.x (unreleased, available on branch `next`)

PHP 8.1 as minimum required version
Removed scriptaculous/dragdrop.js (#3215)
RWD theme: updated jQuery to 3.7.0 (#3204)
Unified CSRF configuration (#3147) and added form key validation to Contacts form (#3146)
Removed double span element from HTML buttons (#3123)
Removed all deprecated Mysql4_ classes (#2730). If there are any old modules/extensions in your installation that use such classes, you must run shell/rename-mysql4-class-to-resource.php in the command line in order to convert them. Backup all files before running the script

New Config Options

admin/design/use_legacy_theme
admin/global_search/enable
admin/emails/admin_notification_email_template
catalog/product_image/progressive_threshold
catalog/search/search_separator
dev/log/max_level
newsletter/security/enable_form_key
sitemap/category/lastmod
sitemap/page/lastmod
sitemap/product/lastmod

New Events

adminhtml_block_widget_form_init_form_values_after
adminhtml_block_widget_tabs_html_before
adminhtml_sales_order_create_save_before
checkout_cart_product_add_before
core_app_run_after
sitemap_cms_pages_generating_before
sitemap_urlset_generating_before

Full list of events

Changes to SOAP/WSDL

Since 19.4.17/20.0.15 we changed the targetNamespace of all the WSDL files (used in the API modules), from Magento to OpenMage. If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento" strings, your APIs may stop working.

Please replace all occurrences of

targetNamespace="urn:Magento"

with

targetNamespace="urn:OpenMage"

or alternatively

targetNamespace="urn:{{var wsdl.name}}"

to avoid any problem.

To find which files need the modification you can run this command from the root directory of your project.

grep -rn 'urn:Magento' --include \*.xml

Development Environment with DDEV

Install ddev
Clone the repository as described in installation (Git)
Create a ddev config, defaults should be good for you
```
ddev config
```
Open .ddev/config.yaml and change the php version to your needs
Download and start the containers
```
ddev start
```
Open your site in browser
```
ddev launch
```

PhpStorm Factory Helper

This repo includes class maps for the core Magento files in .phpstorm.meta.php. To add class maps for installed extensions, you have to install N98-magerun and run command:

n98-magerun.phar dev:ide:phpstorm:meta

You can add additional meta files in this directory to cover your own project files. See PhpStorm advanced metadata for more information.

Public Communication

Discord (maintained by Flyingmana)

_sv3n	_{Lee Saferite}	_{Colin Mollenhour}	_{David Robinson}	_{Tymoteusz Motylewski}	_{Daniel Fahlke}	_{SNH_NL}
_{Marc Romano}	_{Fabian Blechschmidt}	_{Luboš Hubáček}	_{Erik Dannenberg}	_{Jeroen Boersma}	_{Leandro F. L.}	_{Kevin Krieger}
_{Ng Kiat Siong}	_bob2021	_{Bastien Lamamy}	_{Dmitry Furs}	_{Robert Coleman}	_{Milan Davídek}	_{Matt Davenport}
_elfling	_henrykb	_Tony	_{Mark Lewis}	_{Eric Sean Turner}	_{Eric Seastrand}	_{Tobias Schifftner}
_{Simon Sprankel}	_{Tom Lankhorst}	_{shirtsofholland}	_{sebastianwagner}	_{Maxime Huran}	_Pepijn	_manuperezgo
_luigifab	_{Loek van Gool}	_kpitn	_kalenjordan	_{IOWEB TECHNOLOGIES}	_Florent	_dvdsndr
_{Vincent MARMIESSE}	_{Lucas van Staden}	_zamoroka	_wpdevteam	_{Wouter Samaey}	_{Vova Yatsyuk}	_{Trevor Hartman}
_Somewhere	_{Fabian Schmengler />}	_{Roman Hutterer}	_{Sergei Filippov}	_{Sam Steele}	_{Ricardo Velhote}	_{Roy Duineveld}
_{Roberto Sarmiento Pérez}	_{Pierre Martin}	_{Rafał Dołgopoł}	_{Rafael Patro}	_{Andreas Pointner}	_{Paul Rodriguez}	_ollb
_{Nicholas Graham}	_{Makis Palasis}	_{Miguel Balparda}	_{Mark van der Sanden}	_{Micky Socaci}	_{Marvin Sengera}	_{Kostadin A.}
_{Julien Loizelet}	_{Jonas Hünig}	_{Stefan Jaroschek}	_{Jacques Bodin-Hullin}	_{Wilhelm Ellmann}	_Edwin.	_drago-aca
_{Daniel Niedergesäß}	_{J Davis}	_{Damien Biasotto}	_{Daniel Corn}	_{Paweł Cieślik}	_{André Herrn}	_{Pablo Benmaman}
_aterjung	_altdovydas	_{Alisson Júnior}	_{Alex Kirsch}	_Branden	_{Pof Magicfingers}	_{Michael Thessel}
_{Jonathan Laliberte}	_{Ivan Chepurnyi}	_Igor	_{Elias Kotlyar}	_Hejty1	_Gaelle	_{Frédéric MARTINEZ}
_{Tobias Faust}	_{AndresInSpace}	_{Francesco Boes}	_{Daniel Bachmann}	_{Damian Luszczymak}	_{Fabrizio Balliano}	_Jouriy
_{Digital Pianism}	_{Justin Beaty}	_ADDISON	_{Aria Stewart}	_{Dean Williams}	_{Henry Hirsch}	_kdckrs
_{Martin René Sørensen}	_{Frank Rochlitzer}	_AlterWeb	_Caprico	_{David Windell}	_{Dragan Atanasov}	_{Eugene Lamskoy}
_Ferdinand	_Himanshu	_{Jakub Idziak}	_{Joseph Maxwell}	_{Joshua Dickerson}	_{Kevin Bortnick}	_{Mehdi Chaouch}
_{Mohamed ELIDRISSI}	_{Justin van Elst}	_{Nicholas Graham}	_{Patrick Schnell}	_{Patrick Cronin}	_{Petr Švamberg}	_{Rafael Corrêa Gomes}
_{Ralf Siepker}	_{Sunel Tr}	_{Tom Klingenberg}	_Toon	_{WEXO team}	_{Wilfried Wolf}	_{akrzemianowski}
_andthink	_eetzen	_lemundo-team	_mdlonline	_{Benjamin MARROT}	_{Tino Mewes}	_{Carsten Brandt}
_{Enéias Ramos de Melo}	_{Scott Moore}	_{Roger Feese}	_{Alexander Gelzer}	_{David Hiendl}	_{Andrey Gorbunov}	_{Tomasz Gregorczyk}
_{Juho Hölsä}	_Kane