Releases: craftcms/commerce
Releases · craftcms/commerce
5.6.1.1
5.6.1.1
This tag was signed with the committer’s verified signature.
lukeholder
Luke Holder
c6f67e1
This commit was signed with the committer’s verified signature.
lukeholder
Luke Holder
4.11.0.1
4.11.0.1
This tag was signed with the committer’s verified signature.
lukeholder
Luke Holder
04797b8
This commit was signed with the committer’s verified signature.
lukeholder
Luke Holder
5.6.1
5.6.1
This tag was signed with the committer’s verified signature.
lukeholder
Luke Holder
6b9941b
This commit was signed with the committer’s verified signature.
lukeholder
Luke Holder
- Gateway edit screens now include billing and shipping address conditions. (#4259)
- Variant cards can now have “Default”, “Promotable”, and “Available for purchase” attributes.
- Fixed a bug where PDF URLs could have an incorrect domain. (#4248)
- Fixed a bug where user profile screens weren’t showing suspended and failed-to-start subscriptions. (#4219)
- Fixed a bug where carts weren’t respecting the
COMMERCE_PAYMENT_CURRENCYPHP constant. - Fixed a bug where variants’ tax and shipping category dropdowns weren’t respecting product type restrictions. (#4258)
5.6.0
5.6.0
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
83b7248
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
Administration
- Added the “UI Label Format” and “Variant UI Label Format” settings to product types. (#4178)
Extensibility
- Added
relatedToProductsandrelatedToVariantsGraphQL query arguments, enabling queries for elements related to specific products or variants. (#4202) - Added
craft\commerce\elements\db\ProductQuery::$savable. - Added
craft\commerce\elements\db\ProductQuery::savable(). - Added
craft\commerce\elements\db\VariantQuery::$savable. - Added
craft\commerce\elements\db\VariantQuery::editable(). - Added
craft\commerce\elements\db\VariantQuery::savable(). - Added
craft\commerce\helpers\ProductQuery::cleanseQueryCriteria(). - Added
craft\commerce\services\ShippingRuleCategories::getShippingRuleCategoriesByRuleIds(). - Added
craft\commerce\services\ShippingRuleCategories::getShippingRuleCategoriesByRuleIds(). craft\commerce\elements\db\ProductQuery::$editableis now nullable.craft\commerce\elements\db\VariantQuery::$editableis now nullable.
System
- Craft Commerce now requires Craft CMS 5.9.15 or later.
- Cart numbers are now generated using a cryptographically secure random number generator.
- Cart controller actions that accept an explicit cart number are now rate limited to mitigate enumeration attacks.
- Shipping rule categories are now eager loaded on shipping rules automatically. (#4220)
- Improved product index performance by not eager-loading variants for table attributes that are already fetched via SQL joins. (#4236)
- Fixed a bug where coupon codes were submitted too early while being entered on order edit screens.
- Fixed a bug where variants with empty SKUs didn’t show validation errors when saving a product after it was duplicated. (#4197)
- Fixed high-severity SQL injection vulnerabilities. (GHSA-875v-7m49-8x88, GHSA-r54v-qq87-px5r)
- Fixed a low-severity information disclosure vulnerability. (GHSA-3vxg-x5f8-f5qf)
4.11.0
4.11.0
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
7f24def
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Craft Commerce now requires Craft CMS 4.17.9 or later.
- Cart numbers are now generated using a cryptographically secure random number generator.
- Cart controller actions that accept an explicit cart number are now rate limited to mitigate enumeration attacks.
- Fixed a PHP error that could occur when using the manual gateway. (#4245)
- Fixed a high-severity SQL injection vulnerability. (GHSA-875v-7m49-8x88)
- Fixed a low-severity information disclosure vulnerability. (GHSA-3vxg-x5f8-f5qf)
5.5.4
5.5.4
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
027e334
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Fixed a bug where subscription plan edit screens weren’t showing their linked description entries, if the entries were disabled. (#4229)
- Fixed an error that could occur when editing inventory locations. (#4233)
- Fixed a SQL error that could occur when querying for unfulfilled orders on PostgreSQL. (#4228)
- Fixed an error that could occur when resaving variants. (#4226)
5.5.3
5.5.3
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
00debfb
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Added
craft\commerce\models\LineItemStatus::getDisplayName(). - Fixed a bug where Orders tables on user edit pages were showing an incorrect column heading.
- Fixed a bug where product selector modals didn’t have “Add a product” buttons. (#4205)
- Fixed a bug where order status and line item status names weren’t translatable. (#4213)
- Fixed a bug where it wasn’t possible to change a variant’s shipping category.
- Fixed an error that occurred when adjusting inventory levels with an adjustment of zero. (#4212)
- Fixed a SQL error that could occur when querying variants on PostgreSQL. (#4210)
- Fixed an error that could occur when merging canonical product changes into a draft. (#4199)
- Fixed a bug where variants weren’t being marked as modified when variants were added, deleted, or reordered. (#4222)
- Fixed high-severity SQL injection vulnerabilities in the control panel. (GHSA-j3x5-mghf-xvfw, GHSA-pmgj-gmm4-jh6j)
- Fixed a high-severity XSS vulnerability in the control panel. (GHSA-cfpv-rmpf-f624)
- Fixed low-severity XSS vulnerabilities in the control panel. (GHSA-mqxf-2998-c6cp, GHSA-wj89-2385-gpx3, GHSA-mj32-r678-7mvp)
4.10.2
4.10.2
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
1a8afef
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Fixed a bug where Orders tables on user edit pages were showing an incorrect column heading.
- Fixed a high-severity SQL injection vulnerability in the control panel. (GHSA-j3x5-mghf-xvfw)
- Fixed low-severity XSS vulnerabilities in the control panel. (GHSA-mqxf-2998-c6cp, GHSA-mj32-r678-7mvp)
5.5.2
5.5.2
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
fb12a9f
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Improved transaction refund amount validation.
- Fixed a bug where settings were being saved to the project config incorrectly. (#4006)
- Fixed a PHP error that could occur when saving a shipping rule. (#4134)
- Fixed a bug where the “New Customers” widget was counting all customers with orders in the date range, rather than only customers whose first order was in the date range.
- Fixed XSS vulnerabilities. (GHSA-w8gw-qm8p-j9j3, GHSA-h9r9-2pxg-cx9m, GHSA-g92v-wpv7-6w22, GHSA-p6w8-q63m-72c8, GHSA-wqc5-485v-3hqh, GHSA-v585-mf6r-rqrc, GHSA-frj9-9rwc-pw9j, GHSA-8478-rmjg-mjj5, GHSA-2h2m-v2mg-656c, GHSA-wq2m-r96q-crrf)
4.10.1
4.10.1
This tag was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
dc3642f
This commit was signed with the committer’s verified signature.
brandonkelly
Brandon Kelly
- Fixed a bug where settings were being saved to the project config incorrectly. (#4006)
- Fixed a PHP error that could occur when saving a shipping rule. (#4134)
- Fixed a bug where the “New Customers” widget was counting all customers with orders in the date range, rather than only customers whose first order was in the date range.
- Fixed XSS vulnerabilities. (GHSA-w8gw-qm8p-j9j3, GHSA-h9r9-2pxg-cx9m, GHSA-g92v-wpv7-6w22, GHSA-p6w8-q63m-72c8, GHSA-wqc5-485v-3hqh, GHSA-v585-mf6r-rqrc, GHSA-frj9-9rwc-pw9j, GHSA-8478-rmjg-mjj5, GHSA-2h2m-v2mg-656c, GHSA-wq2m-r96q-crrf)