Maho 25.5.0 is out today!

This release focuses on fortifying Maho's core with essential security upgrades, performance optimizations, and developer tools that modernize the platform while eliminating legacy dependencies.

🚀 New features and major improvements

Migrated encryption library from mcrypt to libsodium

This critical security upgrade replaces the deprecated mcrypt extension (removed in PHP 7.2 and provided through a polyfill until now) with the modern, high-security libsodium cryptographic library. The migration delivers state-of-the-art encryption algorithms, constant-time implementations to prevent timing attacks, and significantly improved performance. Beyond meeting modern security standards, this change future-proofs Maho's cryptographic foundation while maintaining backward compatibility with existing encrypted data.

This change also adds the ./maho sys:encryptionkey:regenerate CLI command, which allows you to generate a new encryption key and re-encrypt all the encrypted data in your database automatically (for core database tables) or manually (hooking into the new encryption_key_regenerated event, check this sample implementation in the Mage_Payment module). sys:encryptionkey:regenerate also adds health check for key migrations mcrypt -> libsodium and more.

Now it's possible to implement real encryption key rolling routines, like any modern ecommerce project should.

Replaced internal image generation with intervention/image

Up until now, the M1 platform had custom code to handle image generation, resize and conversion, which had limitations and bugs and was falling short in a modern world with new image compression formats. This is why we completely removed the legacy code and replaced it with the most used image handling package in the PHP world, with 150M+ downloads: intervention/image.

In case you have the high performance VIPS library installed, the new Maho::getImageManager() automatically loads and use it for you, providing, among other things, HEIC format support.

Frontend: an autocomplete that actually makes sense

The search autocomplete experience has been completely rewritten from the ground up and now, without the need for any 3rd party module, it's fully functional like never before.

The new Autocomplete previews products matching the search criteria, showing product name, prices and the thumbnail picture, in a mobile optimized layout.

Added Meta Pixel (Facebook Pixel) support to the GoogleAnalytics module

Any modern ecommerce platform should provide complete support for Google Analytics 4 and Meta Pixel, with enhanced ecommerce data, and Maho 25.5 fills the gap for this last point.

Rewrote the whole cache subsystem based on symfony/cache, removing the old Zend_Cache

Symfony cache component provides us with performant, well maintained and secure cache layer for Maho, and it also provides us with built-in Redis support (no 3rd party modules required anymore!)

Added possibility to set local.xml content via environment variable MAHO_LOCAL_XML

Deployment and environment management just became significantly more flexible with the addition of environment variable configuration for local.xml. This DevOps-friendly improvement allows you to inject your entire configuration through the MAHO_LOCAL_XML environment variable, eliminating the need for file-based configuration management in containerized environments.

Official docker images based on FrankenPHP

25.5.0 marks the start of our official Docker images repository, available on Docker Hub and automatically built via Docker Cloud Build through our Docker images source repository.

We are supporting a comprehensive list of tags, covering all possible usages: - nightly which will replicate all changes on our main development branch - latest which will point to our latest stable release (25.5.0 in this moment) with latest FrankenPHP and available PHP version - and a tag for every Maho release since 25.5.0

Replaced Zend_Locale_Data with IntlDateFormatter in Mage_Adminhtml_Block_Report_Sales_Grid_Column_Renderer_Date

As we moved away from prototypejs for the whole frontend (backend in work in progress), we will need to move away from Zend Framework 1 sooner than later, and 25.5.0 marks the first major step in this direction. Modern PHP provides highly performant and feature rich set of locale related functions that we start to leverage with this release. There's no visible change here, but it's very important nevertheless.

Added "redirect to product page if search generates one result" feature

A minor technical change, but a good quality of life improvement. Simply browse to System -> Configuration -> Catalog -> Catalog Search and enable it, as simple as that!

And much more, be sure to check the full release announcement.