Skip to content

Commit 58759bf

Browse files
brandonkellybrandonkelly
authored
Merge pull request #4250 from craftcms/4.11
4.11
2 parents 48a5d94 + b8bdbb9 commit 58759bf

File tree

10 files changed

+583
-309
lines changed

10 files changed

+583
-309
lines changed

.github/workflows/ci.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ on:
44
push:
55
branches:
66
- '4.x'
7+
- '4.11'
78
pull_request:
89
permissions:
910
contents: read

CHANGELOG.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,12 @@
22

33
## Unreleased
44

5-
- Fixed a [high-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) SQL injection vulnerability in the control panel. (GHSA-875v-7m49-8x88)
6-
- Fixed a [low-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) Information disclosure vulnerability in payment controller action. (GHSA-3vxg-x5f8-f5qf)
5+
- Craft Commerce now requires Craft CMS 4.17.9 or later.
6+
- Cart numbers are now generated using a cryptographically secure random number generator.
7+
- Cart controller actions that accept an explicit cart number are now rate limited to mitigate enumeration attacks.
8+
- Fixed a PHP error that could occur when using the manual gateway. ([#4245](https://github.com/craftcms/commerce/pull/4245))
9+
- Fixed a [high-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) SQL injection vulnerability. (GHSA-875v-7m49-8x88)
10+
- Fixed a [low-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) information disclosure vulnerability. (GHSA-3vxg-x5f8-f5qf)
711

812
## 4.10.2 - 2026-02-09
913

composer.json

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,19 +22,19 @@
2222
"prefer-stable": true,
2323
"require": {
2424
"php": "^8.0.2",
25-
"craftcms/cms": "^4.9.4",
25+
"craftcms/cms": "^4.17.9",
2626
"dompdf/dompdf": "^2.0.2",
2727
"ibericode/vat": "^1.2.2",
2828
"iio/libmergepdf": "^4.0",
2929
"moneyphp/money": "^4.2.0"
3030
},
3131
"require-dev": {
32-
"codeception/codeception": "^4.0.0",
33-
"codeception/module-asserts": "^1.0.0",
34-
"codeception/module-datafactory": "^1.0.0",
35-
"codeception/module-phpbrowser": "^1.0.0",
36-
"codeception/module-rest": "^1.0.0",
37-
"codeception/module-yii2": "^1.0.0",
32+
"codeception/codeception": "^4.1.29",
33+
"codeception/module-asserts": "^1.3.1",
34+
"codeception/module-datafactory": "^1.1.0",
35+
"codeception/module-phpbrowser": "^1.0.2",
36+
"codeception/module-rest": "^1.4.2",
37+
"codeception/module-yii2": "^1.1.5",
3838
"craftcms/ckeditor": "^3.0",
3939
"craftcms/ecs": "dev-main",
4040
"craftcms/phpstan": "dev-main",

0 commit comments

Comments
 (0)