Changelog History
Page 5
-
v1.5.5
October 09, 2019 -
v1.5.4
August 27, 2019 -
v1.5.3 Changes
July 29, 2019- #10069 [ShopBundle][PayumBundle] FIX payum authorize route (@JaisDK, @pamil, @lchrusciel)
- #10116 Allow nullable shop billing data (@Zales0123, @pamil)
- #10121 [GridBundle] Doc improvement (@Roshyo)
- ⚡️ #10149 Add index on order.cart + order.updated_at for faster expired cart removal selection (@stefandoorn)
- #10161 Orders index API endpoint (@JaisDK, @Zales0123)
- 🏗 #10163 [BuildFix] Fix AbstractMigration use statement (@Zales0123)
- #10166 ShopBillingData fixtures (@Zales0123)
- #10199 Allowing options to be given with resource[0].id syntax (@Roshyo)
- #10202 Expanding the customer fixtures (@mamazu)
- #10209 [Shop] Use first variant image on a cart page (@castler, @Zales0123)
- ⚡️ #10212 Update UPGRADE-1.3.md diff link (@oallain)
- #10233 Payment status at order history page (@AdamKasp)
- #10234 Orders shipment status (@Tomanhez)
- #10240 #9965 Feature/local in sylius install (@oallain)
- #10249 Browsing shipments (@AdamKasp)
- 👀 #10250 See Manage coupons from template edit promotion (@Tomanhez)
- #10258 Changing shipment state in shipment index (@AdamKasp)
- #10260 Show order directly from shipments page (@AdamKasp)
- #10271 select filter + filter shipment by state (@AdamKasp)
- 🛠 #10281 Improved: Product fixture (fixed #10272) (@igormukhingmailcom)
- #10310 [PromotionCoupon] Non reusable coupons after cancelling the orders (@GSadee)
- #10316 [Admin][Product] Access the variants management from product edit page (@GSadee)
- ⚡️ #10318 [Admin][Promotion] Update promotion menu builder name to be consistent with other (@GSadee)
- 🏗 #10346 Fix the master build by requiring 1.5 Grid & GridBundle (@pamil)
- #10380 [Behat] Fix duplicate step definition (@Zales0123)
- #10410 Fix typo (@dnna)
- ⬆️ #10496 [UPGRADE] Mention locale requirement change in UPGRADE-1.5 (@Zales0123)
-
v1.5.2 Changes
June 24, 2019- #10191 [taxon_fixtures] Fix child taxon slug generation (@tannyl)
- 📄 #10371 [Docs] How to find out the resource config required when customizing models (@4c0n)
- #10384 "Getting Started with Sylius" guide (@Zales0123, @CoderMaggie)
- 0️⃣ #10389 [UI] Hide filters by default on index pages (@Zales0123, @pamil)
- #10404 Fix huge autocomplete queries issue (@bitbager, @pamil)
- #10410 Fix typo (@dnna)
- 📄 #10412 [Docs] Added tip for using group sequence validations (@4c0n)
- 🛠 #10423 [Doc] End of bugfix support for 1.3 (@lchrusciel)
- 💻 #10426 Using client from browser kit component instead of http kernel component (@loevgaard)
- ⬆️ #10432 Add known errors section to UPGRADE file (@pamil)
- #10433 Bump fstream from 1.0.11 to 1.0.12 (@dependabot[@bot])
- #10440 Fix removing taxons with numeric codes from products (@vvasiloi)
- ✏️ #10445 Fix typos and grammar in the Getting Started guide (@pamil)
- 🚀 #10446 Update the 1.1 version status in the release process docs (@pamil)
- #10450 Fix interfaces mapping in Doctrine for admin user and shop user (@pamil)
- ⚡️ #10462 [Docs] Update Sylius versions in installation and contribution guides (@GSadee)
-
v1.5.1 Changes
May 30, 2019Details
- #10364 As an Administrator, I want always to have proper option values selected while editing a product variant (@Tomanhez, @monro93)
- #10372 Image display in edit form (@AdamKasp)
- ⚡️ #10375 [Docs] Update "Customizing State Machine" (@AdamKasp)
- 🏗 #10386 [Build Fix][Behat] Change scenarios to @javascript due to taxon tree changes (@Zales0123)
- #10394 Fix error caused by the taxon tree (@kulczy)
- 🚀 #10407 Bump the Sylius release versions in docs (@teohhanhui)
- #10414 Use HTTPS links when possible (@javiereguiluz)
-
v1.5.0 Changes
May 17, 2019TL;DR
- 📦 Extracted packages from the core (#10325, #10326, #10327)
- ➕ Added order index API endpoint (#10161)
- ➕ Added ability to customise whether coupons should be reusable after canceling an order using them (#10310)
- ➕ Added shipments list view in the admin panel (#10249)
- ➕ Added ability to define locale used by Sylius during the installation (#10240)
Details
- #10069 [ShopBundle][PayumBundle] FIX payum authorize route (@JaisDK, @pamil, @lchrusciel)
- #10116 Allow nullable shop billing data (@Zales0123, @pamil)
- #10121 [GridBundle] Doc improvement (@Roshyo)
- ⚡️ #10149 Add index on order.cart + order.updated_at for faster expired cart removal selection (@stefandoorn)
- #10161 Orders index API endpoint (@JaisDK, @Zales0123)
- 🏗 #10163 [BuildFix] Fix AbstractMigration use statement (@Zales0123)
- #10166 ShopBillingData fixtures (@Zales0123)
- #10199 Allowing options to be given with resource[0].id syntax (@Roshyo)
- #10202 Expanding the customer fixtures (@mamazu)
- #10209 [Shop] Use first variant image on a cart page (@castler, @Zales0123)
- #10233 Payment status at order history page (@AdamKasp)
- #10234 Orders shipment status (@Tomanhez)
- #10240 #9965 Feature/local in sylius install (@oallain)
- #10249 Browsing shipments (@AdamKasp)
- 👀 #10250 See Manage coupons from template edit promotion (@Tomanhez)
- #10258 Changing shipment state in shipment index (@AdamKasp)
- #10260 Show order directly from shipments page (@AdamKasp)
- #10271 select filter + filter shipment by state (@AdamKasp)
- 🛠 #10281 Improved: Product fixture (fixed #10272) (@igormukhingmailcom)
- #10310 [PromotionCoupon] Non reusable coupons after cancelling the orders (@GSadee)
- #10316 [Admin][Product] Access the variants management from product edit page (@GSadee)
- ⚡️ #10318 [Admin][Promotion] Update promotion menu builder name to be consistent with other (@GSadee)
- 🏗 #10346 Fix the master build by requiring 1.5 Grid & GridBundle (@pamil)
-
v1.4.12 Changes
January 27, 2020CVE-2020-5218: Ability to switch channels via GET parameter enabled in production environments
⚡️ Please refer to the original security advisory for the most updated information.
Impact:
This vulnerability gives the ability to switch channels via the
_channel_code
GET parameter in production environments. This was meant to be enabled only when%kernel.debug%
is set to true.🔧 However, if no
sylius_channel.debug
is set explicitly in the configuration, the default value which is%kernel.debug%
will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.Patches:
Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.
↪ Workarounds:
🔧 Unsupported versions could be patched by adding the following configuration to run in production:
sylius\_channel: debug: false
-
v1.4.11 Changes
December 05, 2019👻 CVE-2019-16768: Internal exception message exposure in login action.
Details:
👻 Exception messages from internal exceptions (like database exception) are wrapped by
🔒\Symfony\Component\Security\Core\Exception\AuthenticationServiceException
and propagated through the system to UI.
Therefore, some internal system information may leak and be visible to the customer.🌲 A validation message with the exception details will be presented to the user when one will try to log into the shop.
Solution:
🚀 This release patches the reported vulnerability. The
src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig
file from Sylius should be overridden and{{ messages.error(last_error.message) }}
changed to{{ messages.error(last_error.messageKey) }}
. -
v1.4.10
December 04, 2019 -
v1.4.9
October 09, 2019