All Versions
97
Latest Version
Avg Release Cycle
30 days
Latest Release
5 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v2.1.12 Changes
March 09, 2026TL;DR
๐ ๐ This is a security release!
๐ Fixes the following vulnerabilities:
- ๐ Open Redirect via Referer Header
- ๐ DQL Injection via API Order Filters
- ๐ Promotion Usage Limit Bypass via Race Condition
- ๐ IDOR in Cart and Checkout LiveComponents
- ๐ Missing Authorization in API v2 Add Item Endpoint
- ๐ XSS Vulnerability in Checkout Login Form
- ๐ Authenticated Stored XSS
Details
- ๐ #18747 Fix panther build (@TheMilek)
- ๐ #18758 Remove duplicated serialization group field (@TheMilek)
- ๐ #18785 Try to fix build after ResourceBundle release (@TheMilek)
- #18742 [Admin] Fix order history address fields not displaying empty values (@Wojdylak)
- ๐ #18806 Fix after new release of PayumBundle (@TheMilek)
- โฌ๏ธ #18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@TheMilek)
- #18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@GSadee)
- ๐ #18841 Fix Dutch translation for payment method (@JordiDekker)
- #18871 Add conflict to api-platform/serializer 4.2.17 (@TheMilek)
- ๐ #18888 Remove redundant check with apip4.1.7 in matrix (@TheMilek)
- ๐ #18887 [BUGFIX] Make GitHub actions green again 2.1 (@rust-le)
- โฌ๏ธ #18844 Fix formatting in UPGRADE-2.0.md (@LucaGallinari)
Full Changelog : v2.1.11...v2.1.12
-
v2.1.11 Changes
January 20, 2026Details
- ๐จ #18691 [CS][DX] Refactor
- ๐จ #18689 [CS][DX] Refactor
- #18703 [Deps] Allow psr/http-message 2.0 (@Rafikooo)
- ๐ #18716 Try to fix build with PHP 8.5 and 8.4 (@TheMilek)
- โก๏ธ #18707 [DX] Update branch aliases to 1.14-dev (@Rafikooo)
- โ #18721 Fix tests application error templates (@loic425)
- #16892 [FIXTURES] Fix menu taxon code (@TheMilek)
- ๐ #18366 Fix ro PayumBundle Translation (@revoltek-daniel)
- ๐ #18725 Bugfix/merged overrides missing operations (@TheMilek)
- ๐ #18702 [Composer] Remove outdated twig/twig conflicts from bundles (@Rafikooo)
- 0๏ธโฃ #18722 [API] Payment Request fix default action when IRI is given (@Prometee)
- #18732 Make PostgreSQL telemetry migration extend dedicated abstract (@TheMilek)
- #18369 Add form help rendering to forms (@tomkalon)
- ๐จ #18735 [CS][DX] Refactor
- #18565 Add ternary operator to fix related with empty key (@michalkaczmarek-bitbag)
- ๐ #18572 Bugfix/fix autocomplete in admin to be case insensitive (@michalkaczmarek-bitbag)
Full Changelog : v2.1.10...v2.1.11
-
v2.1.10 Changes
December 18, 2025Details
- ๐จ #18654 [CS][DX] Refactor
- โฌ๏ธ #18655 Add missing upgrade note to the 2.1 (@GSadee)
- ๐จ #18652 [CS][DX] Refactor
- #18661 Add config/reference.php to .gitignore (@GSadee)
- #18669 Fix migrations skip commands 1.14 (@TheMilek)
- #18672 Fix migrations skip commands 2.1 (@TheMilek)
- ๐ #18680 [Telemetry] Fixes and improvements 1.14 (@TheMilek)
Full Changelog : v2.1.9...v2.1.10
-
v2.0.18 Changes
June 02, 2026TL;DR
๐ ๐ This is a security release!
๐ Fixes the following vulnerabilities:
- ๐ IDOR on Shop Payment Request endpoints in API
- ๐ Channel-based payment method restriction bypass on shop account orders API endpoint
- ๐ Cart FormComponent allows modification or deletion of an already-completed order
Details
- #19035 [2.0] Check payment request ownership (@TheMilek)
- #19036 [2.0] Prevent stale cart LiveComponents from mutating completed orders (@TheMilek)
- #19037 [2.0][API] Enforce channel eligibility check when changing payment method via account endpoint (@TheMilek)
Full Changelog : v2.0.17...v2.0.18
-
v2.0.17 Changes
March 18, 2026 -
v2.0.16 Changes
March 09, 2026TL;DR
๐ ๐ This is a security release!
๐ Fixes the following vulnerabilities:
- ๐ Open Redirect via Referer Header
- ๐ DQL Injection via API Order Filters
- ๐ Promotion Usage Limit Bypass via Race Condition
- ๐ IDOR in Cart and Checkout LiveComponents
- ๐ Missing Authorization in API v2 Add Item Endpoint
- ๐ XSS Vulnerability in Checkout Login Form
- ๐ Authenticated Stored XSS
Full Changelog : v2.0.15...v2.0.16
-
v2.0.15 Changes
December 18, 2025Details
- #18671 Fix migrations skip commands 2.0 (@TheMilek)
- ๐ #18683 [Telemetry] Fixes and improvements 2.0 (@TheMilek)
Full Changelog : v2.0.14...v2.0.15
-
v1.14.19 Changes
March 18, 2026What's Changed
Full Changelog : v1.14.18...v1.14.19
-
v1.14.18 Changes
March 09, 2026TL;DR
๐ ๐ This is a security release!
๐ Fixes the following vulnerabilities:
- ๐ Open Redirect via Referer Header
- ๐ DQL Injection via API Order Filters
- ๐ Promotion Usage Limit Bypass via Race Condition
Full Changelog : v1.14.17...v1.14.18
-
v1.14.17 Changes
February 26, 2026TL;DR
๐ Fixed Sylius HTTP client injection in Payum gateway configuration
Full Changelog : v1.14.16...v1.14.17