This last year, the PS company has been facing a dilemma: how to dedicate 100% of the developers’ time to move forward faster on the 1.7 version of the open source project, something everybody agrees on. And, at the same time, provide more time for merchants still using the 1.6 version to get ready to upgrade, by keeping them safe in case of critical issue after the official support ends on the 30th of June 2019. We have come up with a solution, thanks to the initiative and support of a few volunteers from the PrestaShop developer community: allowing them to take over the responsibility of maintaining PrestaShop 1.6.1.x beyond the end of official support.
What does it mean?
Put it simply, from the 1st of July 2019, the maintenance of PrestaShop 1.6.1.x is now being performed exclusively by volunteers. If a critical issue is discovered (we think mainly of security vulnerabilities), this team of volunteers will look for solutions from the community, work on it through a process of code review and extensive testing, in order to release a patch version to solve this critical issue.
Those patch versions will not be officially issued by PrestaShop nor available on prestashop.com, instead, they will be available on a dedicated GitHub repository: https://github.com/PrestaShop/PrestaShop-1.6
On this repository, it will be possible to submit pull requests in order to fix critical issues to be shipped in a patch version for PrestaShop 1.6.1.x.
Scope of the maintenance
The volunteers and the PrestaShop company have agreed on the following objectives:
- Fix critical issues (like the recent spam attack on account creation form) or security issues
- Eventually, if this is considered possible, allow PrestaShop 1.6 to be run with PHP 7.2
Consequently, non critical issues and pull requests for the 1.6 version which are not related to one of those objectives will not be merged and will be archived. This will help the new maintainers stay focused on critical patch versions.
If you find a security vulnerability in the software, the process stays the same:
- Don’t speak about it publicly immediately
- Instead, please send an email to firstname.lastname@example.org with details about the issue, how to reproduce it, and any other interesting details
- You can of course submit a patch proposal in the email
- When the patch is approved and the release available, you can speak about it
If you want to participate in making the 1.6.1.x work with PHP 7.2:
- Please open a pull request on the dedicated repository
- It will be reviewed by the maintainers, of course they might ask you more information and modifications in order to approve
- The aim is to write good code and use best practices, and avoid “sticking-plaster”
Similarly to the main open source project repository, each pull request will have to be approved by two maintainers before being merged, in order to be sure that it is well written and that it is not introducing new problems.
When a patch version has been tested and approved by the maintainers, a build will be released on GitHub with the help of developers from the PrestaShop company.
A short presentation of the volunteers:
- Olivier Le Corre, who started the discussion about this idea at the PS-Connect Lyon this Spring, a freelancer and long time active member of the ecosystem
- Maxime Varinard, from the software editor Vaisonet, a specialist on synchronization of PrestaShop with other information systems
- Krystian Podemski, Polish ambassador and freelancer, also a long-time and well-known member of the community
- Danoosh Miralayi, from iPresta team, the Iranian agency at the origin of the RTLimplementation for arab and persian languages in PrestaShop
How to upgrade
As eventual upcoming versions will not be official versions by the PrestaShop company, they will not be listed in the auto-upgrade module.
However, it is possible to provide a zip of the installer to the auto-upgrade module and launch the upgrade anyway. And of course, other ways are available, like Migration Pro and manual updates.
A usual, it is recommended to be careful before starting to update your website to the latest patch version:
- Backup your database and your files
- Test the update on a testing or pre production server
- If everything is fine, then update on the production environment
If you don’t have the technical skills, do not hesitate to find an expert. Many freelancers and agencies know how to do that well.
When will this maintenance stop
When no volunteers will be available to maintain the 1.6 anymore, it will become obvious that this will be the real end.
It will of course depend on many things:
- How fast merchants, freelancers and agencies migrate and adopt the 1.7
- How many merchants choose to keep their shop on 1.6, for whatever reason. The most probable one is that some shops have been heavily modified to adapt the software to the business workflow and specificity, and are difficult to migrate in that state.
- How fast web hosting companies will force the use of new versions of PHP.
- How difficult it will be to eventually patch the legacy code to support new versions of PHP.