Releases: Sylius/Sylius
Releases · Sylius/Sylius
v2.2.6
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- IDOR on Shop Payment Request endpoints in API
- Channel-based payment method restriction bypass on shop account orders API endpoint
- Cart FormComponent allows modification or deletion of an already-completed order
Details
- #18989 Fix modals appearing behind backdrop on sticky page-header (@bartek-sek)
- #18990 Fix attribute card style for product show (@shochdoerfer)
- #18988 BUGFIX: Expose ShippingMethod *DeliveryTimeDays in admin API (@daniellienert)
- #19009 [ApiBundle][Tests] Add regression test for anonymous cart pickup wit… (@Wojdylak)
- #19012 [ApiBundle] Fix "Undefined array key 0" in PathPrefixProvider when path equals API route (@michalkaczmarek-bitbag)
- #19001 Bugfix/csrf token (@michalkaczmarek-bitbag)
- #19017 Add appendError method to ResponseCheckerInterface (@Prometee)
- #19018 [ApiBundle] Fix 404 on GET /shop/products/{code} when all associated products are disabled (@michalkaczmarek-bitbag)
- #19024 [2.2] [AttributeBundle] make Add and Delete button translatable in product attribute select type (@crydotsnake)
- #19025 [API] Add regression tests for cross-customer cart item access (@GSadee)
- #19026 [API] Slim down Swagger UI override and drop broken auto-auth JS (@GSadee)
- #19038 [2.1] Prevent stale cart LiveComponents from mutating completed orders (@TheMilek)
- #19039 [2.1][API] Enforce channel eligibility check when changing payment method via account endpoint (@TheMilek)
- #19040 [2.1] Check payment request ownership (@TheMilek)
Full Changelog: v2.2.5...v2.2.6
v2.1.15
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- IDOR on Shop Payment Request endpoints in API
- Channel-based payment method restriction bypass on shop account orders API endpoint
- Cart FormComponent allows modification or deletion of an already-completed order
Details
- #19038 [2.1] Prevent stale cart LiveComponents from mutating completed orders (@TheMilek)
- #19039 [2.1][API] Enforce channel eligibility check when changing payment method via account endpoint (@TheMilek)
- #19040 [2.1] Check payment request ownership (@TheMilek)
Full Changelog: v2.1.14...v2.1.15
v2.0.18
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- IDOR on Shop Payment Request endpoints in API
- Channel-based payment method restriction bypass on shop account orders API endpoint
- Cart FormComponent allows modification or deletion of an already-completed order
Details
- #19035 [2.0] Check payment request ownership (@TheMilek)
- #19036 [2.0] Prevent stale cart LiveComponents from mutating completed orders (@TheMilek)
- #19037 [2.0][API] Enforce channel eligibility check when changing payment method via account endpoint (@TheMilek)
Full Changelog: v2.0.17...v2.0.18
v2.2.5
What's Changed
- Fix problem with empty taxon product index by @tomkalon in #18579
- TASK: improve german translations for CH, DE, and AT by @crydotsnake in #18932
- fix: add default filter to breadcrumbs configuration title to prevent ScalarDataBag exception by @camilleislasse in #18933
- Fix build after APIPlatform 4.3.2 release by @TheMilek in #18943
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18925
- Add payment enabled in channel validation by @marekrzytki in #18941
- [BUGFIX] Allow updating provinceName when provinceCode is null in API by @rust-le in #18926
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18949
- [BUGFIX] Make mailer services public to allow usage in state machine callbacks by @rust-le in #18953
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18954
- Resolve flash alert correctly without breaking translation by @TheMilek in #18961
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18964
- Restore missing page titles for admin resource show pages by @marekrzytki in #18940
- Unified name translations handling in admin grid index by @pbalcerzak in #18922
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18968
- Allow choosing different payment method with skip payment step when it gets disabled by @TheMilek in #18965
- Add missing status code mapping for OrderItemNotFoundException by @marekrzytki in #18969
- Add email validation constraints to cart update by @marekrzytki in #18970
- Fix admin templates by @loic425 in #18972
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18973
- [API] Make API Platform resource command classes overridable via container parameters by @Prometee in #18958
- Unify Tests directory with tests by @TheMilek in #18974
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18975
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18976
New Contributors
- @camilleislasse made their first contribution in #18933
Full Changelog: v2.2.4...v2.2.5
Contributors
Prometee, SyliusBot, and 8 other contributors
Assets 2
v2.1.14
What's Changed
- Fix problem with empty taxon product index by @tomkalon in #18579
- fix: add default filter to breadcrumbs configuration title to prevent ScalarDataBag exception by @camilleislasse in #18933
- Fix build after APIPlatform 4.3.2 release by @TheMilek in #18943
- Add payment enabled in channel validation by @marekrzytki in #18941
- [BUGFIX] Allow updating provinceName when provinceCode is null in API by @rust-le in #18926
- [BUGFIX] Make mailer services public to allow usage in state machine callbacks by @rust-le in #18953
- Resolve flash alert correctly without breaking translation by @TheMilek in #18961
- Restore missing page titles for admin resource show pages by @marekrzytki in #18940
- Unified name translations handling in admin grid index by @pbalcerzak in #18922
- Allow choosing different payment method with skip payment step when it gets disabled by @TheMilek in #18965
- Add missing status code mapping for OrderItemNotFoundException by @marekrzytki in #18969
- Add email validation constraints to cart update by @marekrzytki in #18970
- Fix admin templates by @loic425 in #18972
- Unify Tests directory with tests by @TheMilek in #18974
New Contributors
- @camilleislasse made their first contribution in #18933
Full Changelog: v2.1.13...v2.1.14
Contributors
loic425, tomkalon, and 5 other contributors
Assets 2
v2.2.4
What's Changed
- [BUGFIX] remove redundant
objectfrom PHPDoc union types by @rust-le in #18904 - [CS][DX] Refactor by @github-actions[bot] in #18899
- [CS][DX] Refactor by @github-actions[bot] in #18898
- [Admin] Fix product taxon grid
enabledfield always showingtrueby @serhiilabs in #18895 - [BUGFIX] fix build errors by @rust-le in #18911
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18902
- Telemetry improvements 2.1 by @TheMilek in #18920
- [UPMERGE] 2.1 -> 2.2 by @SyliusBot in #18923
New Contributors
- @serhiilabs made their first contribution in #18895
Full Changelog: v2.2.3...v2.2.4
Contributors
SyliusBot, serhiilabs, and 2 other contributors
Assets 2
v2.1.13
What's Changed
- [BUGFIX] remove redundant
objectfrom PHPDoc union types by @rust-le in #18904 - [CS][DX] Refactor by @github-actions[bot] in #18899
- [Admin] Fix product taxon grid
enabledfield always showingtrueby @serhiilabs in #18895 - [BUGFIX] fix build errors by @rust-le in #18911
- Telemetry improvements 2.1 by @TheMilek in #18920
New Contributors
- @serhiilabs made their first contribution in #18895
Full Changelog: v2.1.12...v2.1.13
Contributors
serhiilabs, TheMilek, and rust-le
Assets 2
v2.0.17
Contributors
TheMilek
Assets 2
v1.14.19
What's Changed
Full Changelog: v1.14.18...v1.14.19
Contributors
TheMilek
Assets 2
v1.13.16
What's Changed
Full Changelog: v1.13.15...v1.13.16
Contributors
TheMilek