Changelog History
Page 6
-
v1.4.8
August 27, 2019 -
v1.4.7 Changes
July 29, 2019- #10165 Product attribute fixtures improvements (@Zales0123, @pamil)
- #10401 Psalm (@loic425, @pamil)
- #10464 Do not crash when duplicated locales are passed to the fixture (@pamil)
- 🚚 #10468 Remove Symfony workarounds and add conflicts (@pamil)
- ⚡️ #10473 Update docs to follow Symfony 4 standards (@pamil)
- 🗄 #10488 Marked router dependency as deprecated in admin ImpersonateUserController (@SebLours)
- 👕 #10489 Make it possible to have no shipping methods for Order fixtures (@TiMESPLiNTER)
- 🛠 #10492 [Admin] Minor fixes customer group validation form (@Tomanhez)
- 💻 #10494 [UI] Fix button groups radius (@kulczy)
- #10498 Add search bar css rule for Firefox (@aloupfor)
- ⏪ #10508 Revert "Make it possible to have no shipping methods for Order fixtures" (@lchrusciel)
- #10509 [Admin] Add link to product in variant breadcrumb (@Tomanhez)
- #10517 [Grid] Allow not to pass "apply_transition" button class (@Zales0123)
- #10525 Bump lodash from 4.17.11 to 4.17.14 (@dependabot[@bot])
- #10535 [Shop] Fix passed channel context service to be composite (@GSadee)
- 🚑 #10548 [HotFix?] Move mysql service to fix the build (@Zales0123)
-
v1.4.6 Changes
June 24, 2019- #10191 [taxon_fixtures] Fix child taxon slug generation (@tannyl)
- 📄 #10371 [Docs] How to find out the resource config required when customizing models (@4c0n)
- #10384 "Getting Started with Sylius" guide (@Zales0123, @CoderMaggie)
- 0️⃣ #10389 [UI] Hide filters by default on index pages (@Zales0123, @pamil)
- #10404 Fix huge autocomplete queries issue (@bitbager, @pamil)
- 📄 #10412 [Docs] Added tip for using group sequence validations (@4c0n)
- 🛠 #10423 [Doc] End of bugfix support for 1.3 (@lchrusciel)
- 💻 #10426 Using client from browser kit component instead of http kernel component (@loevgaard)
- ⬆️ #10432 Add known errors section to UPGRADE file (@pamil)
- #10433 Bump fstream from 1.0.11 to 1.0.12 (@dependabot[@bot])
- #10440 Fix removing taxons with numeric codes from products (@vvasiloi)
- ✏️ #10445 Fix typos and grammar in the Getting Started guide (@pamil)
- 🚀 #10446 Update the 1.1 version status in the release process docs (@pamil)
- #10450 Fix interfaces mapping in Doctrine for admin user and shop user (@pamil)
- ⚡️ #10462 [Docs] Update Sylius versions in installation and contribution guides (@GSadee)
-
v1.4.5 Changes
May 30, 2019Details
- 💻 #10228 Improve taxon UI (@kulczy, @Zales0123)
- ⚡️ #10290 [Docs] Update "Customizing Repositories" (@AdamKasp)
- ⚡️ #10299 [Docs] Update "Customizing Models" (@Tomanhez)
- ⚡️ #10314 [Docs] Update "Customizing Forms" (@Tomanhez)
- ⚡️ #10315 [Docs] Update "Customizing Factories" (@Tomanhez)
- ⚡️ #10330 [Docs] Update "Customizing Controllers" (@Tomanhez)
- ⚡️ #10344 [Docs] Update "Customizing Templates" (@Tomanhez)
- ⚡️ #10348 [Docs] Update "customizing menus" (@AdamKasp)
- ⚡️ #10349 [Docs] Update "Customizing Validation" (@AdamKasp)
- ⚡️ #10351 [Docs] Update "Customizing translations" (@AdamKasp)
- ⚡️ #10353 [Docs] Update "Customization flashes " (@AdamKasp)
- ⚡️ #10359 [Docs] Update "Customizing Grids" (@Tomanhez)
- #10363 [Behat][Shop] Wait for province form loading (@Zales0123)
- #10364 As an Administrator, I want always to have proper option values selected while editing a product variant (@Tomanhez, @monro93)
- #10365 [Admin][Promotion] Fix removing taxon used in promotion rule (@GSadee)
- #10372 Image display in edit form (@AdamKasp)
- ⚡️ #10375 [Docs] Update "Customizing State Machine" (@AdamKasp)
- 📚 #10378 update documentation how to use api (@CSchulz)
- 🏗 #10386 [Build Fix][Behat] Change scenarios to @javascript due to taxon tree changes (@Zales0123)
- #10394 Fix error caused by the taxon tree (@kulczy)
- 🚀 #10407 Bump the Sylius release versions in docs (@teohhanhui)
- #10414 Use HTTPS links when possible (@javiereguiluz)
-
v1.3.16 Changes
January 27, 2020CVE-2020-5218: Ability to switch channels via GET parameter enabled in production environments
⚡️ Please refer to the original security advisory for the most updated information.
Impact:
This vulnerability gives the ability to switch channels via the
_channel_code
GET parameter in production environments. This was meant to be enabled only when%kernel.debug%
is set to true.🔧 However, if no
sylius_channel.debug
is set explicitly in the configuration, the default value which is%kernel.debug%
will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.Patches:
Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.
↪ Workarounds:
🔧 Unsupported versions could be patched by adding the following configuration to run in production:
sylius\_channel: debug: false
-
v1.3.15 Changes
December 05, 2019👻 CVE-2019-16768: Internal exception message exposure in login action.
Details:
👻 Exception messages from internal exceptions (like database exception) are wrapped by
🔒\Symfony\Component\Security\Core\Exception\AuthenticationServiceException
and propagated through the system to UI.
Therefore, some internal system information may leak and be visible to the customer.🌲 A validation message with the exception details will be presented to the user when one will try to log into the shop.
Solution:
🚀 This release patches the reported vulnerability. The
src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig
file from Sylius should be overridden and{{ messages.error(last_error.message) }}
changed to{{ messages.error(last_error.messageKey) }}
. -
v1.3.14
December 04, 2019 -
v1.3.13 Changes
May 30, 2019Details
- 💻 #10228 Improve taxon UI (@kulczy, @Zales0123)
- ⚡️ #10290 [Docs] Update "Customizing Repositories" (@AdamKasp)
- ⚡️ #10299 [Docs] Update "Customizing Models" (@Tomanhez)
- ⚡️ #10314 [Docs] Update "Customizing Forms" (@Tomanhez)
- ⚡️ #10315 [Docs] Update "Customizing Factories" (@Tomanhez)
- ⚡️ #10330 [Docs] Update "Customizing Controllers" (@Tomanhez)
- ⚡️ #10344 [Docs] Update "Customizing Templates" (@Tomanhez)
- ⚡️ #10348 [Docs] Update "customizing menus" (@AdamKasp)
- ⚡️ #10349 [Docs] Update "Customizing Validation" (@AdamKasp)
- ⚡️ #10351 [Docs] Update "Customizing translations" (@AdamKasp)
- ⚡️ #10353 [Docs] Update "Customization flashes " (@AdamKasp)
- ⚡️ #10359 [Docs] Update "Customizing Grids" (@Tomanhez)
- #10363 [Behat][Shop] Wait for province form loading (@Zales0123)
- #10364 As an Administrator, I want always to have proper option values selected while editing a product variant (@Tomanhez, @monro93)
- #10365 [Admin][Promotion] Fix removing taxon used in promotion rule (@GSadee)
- #10372 Image display in edit form (@AdamKasp)
- ⚡️ #10375 [Docs] Update "Customizing State Machine" (@AdamKasp)
- 🏗 #10386 [Build Fix][Behat] Change scenarios to @javascript due to taxon tree changes (@Zales0123)
- #10394 Fix error caused by the taxon tree (@kulczy)
- 🚀 #10407 Bump the Sylius release versions in docs (@teohhanhui)
- #10414 Use HTTPS links when possible (@javiereguiluz)