Releases: OpenMage/magento-lts
Releases · OpenMage/magento-lts
v20.18.0 🌈
Changes
🚨 Security
- Reflected XSS in Data Flow (profiles) (#5521)
- Open Redirect via Unvalidated
uencParameter (#5502) - Weak API Session ID (#5501)
🐛 Bug Fixes
- fix: iterate on null (#5570)
- [Catalog] normalize CRLF before text-option length check (#4448) (#5553)
- Canonical for home does not include store codes (#5545)
- fix: Argument #1 ($client) must be of type
?Mage_Usa_Model_Shipping_Carrier_Usps_Rest_Client(#5531) - fix: wrong rate limit check (#5516)
- add missing quotation mark in multiselect form element (#5522)
- fix: new newsletter queue (#5500)
- fix: invalid compare
strlen() < 0(#5484)
🚀 Features
- feature/avif: added support for AVIF (AV1 Image File Format) supported natively in PHP version 8.1 through the GD extension (#5556)
- feat: lighttouch replacement of Fedex's EOL SOAP backend for REST (#5492)
- [Core] add PsrLogger (#5144)
🦾 Enhancements
- [SalesRule] optimize getActiveAttributes slow query (#4979) (#5552)
- Replace
Zend_Captchawithlaminas\captcha(#5480) - [Core] adds ClockInterface (#5168)
🔨 Maintenance
- add contributors to releases notes (#5573)
- Update minor version from 17 to 18 (#5572)
- Updated PhpStorm meta-files (#5561)
- chore: dont commit composer files when updating phpstorm meta (#5560)
- chore: rename constants to follow OM versions (#5558)
- [Adminhtml][Tax] RuleController: cleanup and deprecate helper functions (#5525)
- Add .phpstan.dist.baselines to labeler configuration (#5557)
- chore: removed Magento constants (#5550)
- [Core] fix Resource_Setup Connection type (#5548)
- Update method.notFound.php (#5546)
- rector:
ArrayToFirstClassCallableRector(#5434) - phpstan: bump to level 8 (final) (#5542)
- [Wishlist] deprecate _getSingletonModel and _getHelperInstance (#5530)
- phpstan: bump to level 6 (#5540)
- chore: update composer dependencies (#5535)
- phpstan: enable strict rules (#5439)
- chore: fix docblocks (#5529)
- Add
@return void/@return $this|voidto all controller action methods in Mage core controllers (#5442) - composer: use
openmage/dev-translations(#5527) - docs: remove email for security reports (#5520)
- rector: replace adminhtml button ids with constants (#5518)
- chore: remove ref to
openmage/dev-copyright(#5519) - chore(docs): update copyright to current year (#5517)
- e2e: added
data-testhtml selectors (#5515) - chore: docblocks (#5507)
- chore: workflow (#5510)
- chore: workflow (#5508)
- chore: docblocks (#5506)
- chore: docblocks (#5465)
- docblock: replace @return ClassName with @return $this for fluent interface methods (#5505)
- rector:
AddOverrideAttributeToOverriddenMethodsRector(#5503) - chore: docblocks (#5491)
- Add
MAGE_IS_DEVELOPER_MODEto PHPUnit config (#5475)
↗️ Dependencies
- build(deps-dev): bump phpstan/phpstan-strict-rules from 2.0.10 to 2.0.11 (#5563)
- build(deps-dev): bump phpstan/phpstan from 2.1.51 to 2.1.54 (#5568)
- build(deps-dev): bump symplify/easy-coding-standard from 13.0.4 to 13.1.2 (#5567)
- build(deps): bump SonarSource/sonarqube-scan-action from 7 to 8 (#5564)
- build(deps): bump tinymce/tinymce from 8.4.0 to 8.5.0 (#5566)
- build(deps): bump phpseclib/phpseclib from 3.0.51 to 3.0.52 (#5565)
- build(deps): bump symfony/polyfill-php83 from 1.36.0 to 1.37.0 (#5539)
- build(deps): bump symfony/polyfill-php84 from 1.36.0 to 1.37.0 (#5536)
- build(deps): bump symfony/polyfill-php85 from 1.36.0 to 1.37.0 (#5537)
- build(deps): bump symfony/polyfill-php82 from 1.36.0 to 1.37.0 (#5538)
- build(deps-dev): bump rector/rector from 2.4.1 to 2.4.2 (#5497)
- build(deps-dev): bump phpstan/phpstan from 2.1.46 to 2.1.50 (#5495)
- build(deps): bump symfony/polyfill-php85 from 1.33.0 to 1.36.0 (#5496)
- build(deps): bump symfony/polyfill-php83 from 1.33.0 to 1.36.0 (#5493)
- build(deps): bump symfony/polyfill-php82 from 1.34.0 to 1.36.0 (#5494)
@B3Hana, @Copilot, @Hanmac, @ajbonner, @allcontributors[bot], @colinmollenhour, @dependabot[bot], @eneiasramos, @github-actions[bot], @ma4nn, @sreichel, allcontributors[bot], copilot-swe-agent[bot], dependabot[bot] and github-actions[bot]
Contributors
colinmollenhour, ajbonner, and 8 other contributors
Assets 2
v20.17.0 🌈
Changes
🚨 Security
- Downgraded composer/composer (#5477)
- Phar Deserialization (#5461)
- Customer File Upload Extension Blocklist Bypass (#5460)
- Cross-user wishlist item import (#5446)
- Path Traversal Filter Bypass (#5445)
🐛 Bug Fixes
- Fix: save newsletter template (#5285)
- Fix: save customer account (#5286)
- Fix SQL syntax error when catalog rule has empty condition values (#5400)
- Fix DOB year decrement on save due to ISO-8601 week-numbering year format (#5360)
- Fix PHP 8.5 using null as an array offset is deprecated (#5348)
- [FIX] Extract CMS page identifier retrieval logic to helper function (#5320)
- Fix PHP 8.5 using null as an array offset is deprecated (#5331)
- Add PHP 8.5 compatibility for PDO::MYSQL_ATTR_USE_BUFFERED_QUERY (#5185)
- Fix button margin (#5282)
- Fix toggle between region address and non region address on paypal side (#5300)
- fix: set default sort to all grids and store sort in session (#5313)
- Fix: incorrect category product positions in anchor categories (#5295)
- Shipment: fix should return bool (#5260)
- Improve admin theme handling (#4756)
- Fix ENV-locked fields being re-enabled by dependency controller (#5242)
- [Captcha] Fix missing setWidth/setHeight with Captcha/Zend (#5217)
- Varien_Convert_Parser_Xml_Excel::unparse fix is_numeric bug (#5241)
- Remove unnecessary GROUP BY clause (#5216)
- Fix dashboard time (carbon) (#5223)
- [Captcha] add missing translation for adminhtml (#5220)
- Fix guest order shipping address overwritten by billing address during order edit (#5213)
- Fix relative patch path for magento-ecg/coding-standard (#5215)
- Fix install wizard (#5190)
- Fix PHP 8.4 TypeError in filterImageInGallery with null mapping (#5177)
- Fix swatch sort order and lowercase labels for swatches (#5133)
- Add profiler stop call in EAV config loading (#5163)
- Fixes DOB & customer account save validations (#5146)
- Fix wrong tier price displayed when some tier prices are higher than special price (#5117)
- Revert Composer Patches Local Paths Back to Urls (#5115)
- Fix HTML structure in shipment tracking email template (#5108)
- Bug: Call to function is_array() with string (#5096)
- Bug: Call to function is_array() with bool (#5098)
- Bug: Call to a member function in
Mage_Adminhtml_Model_Quote(#5094) - Bug: Call to undefined method in
Mage_Eav_Model_Resource_Entity_Attribute_Group(#5095) - PHP8.5: fix null array offset (#5028)
- PHP8: Allow null hash in validateHashByVersion method (#5048)
🚀 Features
- USPS Integration Upgrade to REST API (#5258)
- Mage_Cms: add mass delete and mass status action for page and block (#5347)
- [Adminhtml] add Events to Widget Grid (#5169)
- Media Gallery behavior when duplicating a product: Keep/Skip product images (#5083)
- Replace php date functios with
carbon(#5131) - Add support for
.envfile (#5130) - Replace
Zend_Logwithmonolog(#5126) - Replace
Zend_Validatewithsymfony/validator(#4612) - Replace
Zend_Measurewithphp-units-of-measure(#5102)
🦾 Enhancements
- Updated (monolog) logging (#5148)
- Translate "is confirmed" select options in customer/edit (account information). (#5473)
- Expand Purifier functionality. First step toward using HTMLPurifier in more places. (#5278)
- Replace
getData(string)withgetDataByKey()(#5453) - Shipping Carrier: fix
_resultvs_trackingResult(#5433) - backport v21: Rewrote
js/mage/adminhtml/input-counter.jswithout prototypejs (#5385) - Added Mage_Core_Observer_Interface (#5354)
- fix(security): Remove phantom checkbox behavior in ACL role editor (#5254)
- Improve performance for grids with permission checks (#5332)
- cypress: test grids (#5281)
- [Adminhtml] add getTab to Tabs (#5219)
- Refine text and labels for product image duplication config (Follow-up to PR #5083) (#5227)
- Refine duplicate product dialog title, message text, and layout (#5229)
- [Varien] Multiselect: make default size changable (#5221)
- phpStan: add strict rules - disallow
empty()(#5182) - Fix incorrect regex for files in errors/ and return 404 for index.php (#5149)
- Fix unnecessary cache clean (#5150)
- Maximum line length of 78 RFC 5322 (#5125)
- Remove call to
widgets.magentocommerce.com(#5103) - Improved
Mage_Catalog_Model_Product_Image::setSize()(#5080)
📖 Documentation
- tools: use
easy-coding-standardfor code-style checks (#5489) - [Adminhtml] add Events to Widget Grid (#5169)
- Add support for
.envfile (#5130)
🔨 Maintenance
- tools: use
easy-coding-standardfor code-style checks (#5489) - Make all PHPUnit data providers static (PHPUnit 10+ compatibility) (#5486)
- phpunit: skip test (#5487)
- chore: docblock correction and strlen in loop micro optimisation in Mage_Sales PDF (#5474)
- Update minor version from 16 to 17 for OpenMage 20 (#5449)
- rector: migrate
Zend_Aclmethod (#5464) - chore: docblocks (#5463)
- rector: migrate
Zend_Logconstants (#5462) - chore: ref #5456 (#5457)
- chore: ref #5278 (#5458)
- rector: ref #5258 (#5456)
- Update Template.php: remove extra TypeCheck (#5455)
- Update doc comments, fix spelling and grammar errors (#5450)
- rector:
CombineIfRector(#5448) - rector:
SimplifyIfElseToTernaryRector(update 2.4.1) ([#5447](https://github.com/OpenM...
v20.16.0 🌈
Changes
🚨 Security
- New feature: enhance security with custom admin URL. (#4264)
🐛 Bug Fixes
- Fix environment loader (#4617)
- PHP8: Handle null and empty string values in _prepareValue (#5027)
- Fixed explode(): Passing
nullinsales_order_afterPlaceobserver (#5022) - Fix invalid XML when UPS returns "Too Many Requests" error (#5011)
- Fixed substr(): Passing
nullinMage_Customer_Model_Group::getCode()(#4995) - Fix admin login for non-secure cookies (#4960)
- Fix cURL error description retrieval (#4965)
- Fix missing TinyMCE license files + tests (#4959)
- Update email type handling to cast type as integer (#4971)
- #4933 fix: check email validity before attempting to save email or check if password request is allowed (#4934)
- [PHP 8.4] fgetcsv() deprecated warning in three more files (#4942)
- Remove proxy response code from response body (#4892)
🚀 Features
- New feature: Upload logo from backend (#2580)
- [FEAT] allow price rounding between 0 and 4 digits (#4701)
- New feature: enhance security with custom admin URL. (#4264)
- Allow ACL settings for system config "groups" (#4326)
- PHP 8.5 support (#4891)
- SEO: Add a rel canonical in all CMS pages (#4923)
🦾 Enhancements
- Improved error message for CMS page delete (#4974)
- Cache attribute values for catalog rules (#5024)
- PhpStan: add install files to checks (#5029)
- Improved order for admin CMS config fields (#5023)
- Unified admin buttons (#4982)
- Adminhtml: improved info for order sent status (#4623)
- Added test for PR #4923 (#4990)
- DDEV: allow optional sample data (#4972)
- Updated cypress test (#4975)
- Standardize PHPUnit assertion style: replace static::assert* with self::assert* (#4939)
🔨 Maintenance
- Bump version for 20.16.0 release (#5020)
- rector:
CallUserFuncArrayToVariadicRector(#5044) - rector:
SymplifyQuoteEscapeRector(#5043) - PhpStan: removed classes with incompatible interface (#5042)
- rector:
RemoveNullTagValueNodeRector(#5041) - rector:
CatchExceptionNameMatchingTypeRector(#5015) - rector:
ReduceAlwaysFalseIfOrRector(#5039) - PhpStan: fix cUrl parameters (#5036)
- rector:
FunctionFirstClassCallableRector(#5037) - Fixes for Phpstan 2.1.31 and Rector 2.2.3 (#4991)
- Ignore files from
MM_Ignition(#5025) - Removed old install scripts (#4774)
- Remove the usage of the {@link ...} inline annotation in PHP files (#4955)
- rector:
RemoveConcatAutocastRector(#5007) - rector:
JoinStringConcatRector(#5006) - rector:
CombinedAssignRector(#5005) - rector:
RemoveUnusedNonEmptyArrayBeforeForeachRector(#5004) - rector:
RemoveUnusedPrivatePropertyRector(#5003) - rector:
RemoveUnusedPrivatePropertyRector(#5002) - rector:
RemoveUnusedForeachKeyRector(#5001) - rector:
RemoveUnusedForeachKeyRector(#5000) - rector:
RemoveNonExistingVarAnnotationRector(#4999) - rector:
CountArrayToEmptyArrayComparisonRector(#4998) - rector:
NewlineBeforeNewAssignSetRector(#4997) - rector:
NewlineAfterStatementRector(#4996) - rector:
RemoveUnusedVariableInCatchRector(#4834) - Test: Copilot instructions (#4962)
- Test: copilot instructions (#4961)
- rector:
RemoveReflectionSetAccessibleCallsRector(#4952) - Updated .gitattributes (#4938)
- Updated PhpStorm meta-files (#4917)
- Updated PhpStorm meta-files (#4899)
- PSR-12 short keywords (bool/int) (#4893)
↗️ Dependencies
- build(deps-dev): bump rector/rector from 2.2.3 to 2.2.5 (#5034)
- build(deps): bump tinymce/tinymce from 8.1.2 to 8.2.0 (#5032)
- build(deps-dev): bump friendsofphp/php-cs-fixer from 3.89.0 to 3.89.1 (#5033)
- build(deps): bump nnnick/chartjs from 4.5.0 to 4.5.1 (#5031)
- build(deps): bump actions/upload-artifact from 4 to 5 (#5035)
- build(deps): bump rojopolis/spellcheck-github-actions from 0.52.0 to 0.53.0 (#5030)
- build(deps-dev): bump friendsofphp/php-cs-fixer from 3.88.2 to 3.89.0 (#5014)
- build(deps): bump ezyang/htmlpurifier from 4.18.0 to 4.19.0 (#5013)
- build(deps): bump github/codeql-action from 3 to 4 (#4986)
- build(deps-dev): bump friendsofphp/php-cs-fixer from 3.88.0 to 3.88.2 (#4987)
- build(deps): bump mklkj/tinymce-i18n from 25.9.22 to 25.10.6 (#4989)
- build(deps): bump phpseclib/phpseclib from 3.0.46 to 3.0.47 (#4988)
- build(deps): bump openmage/composer-plugin from 3.0.0 to 3.1.0 (#4976)
- build(deps-dev): bump friendsofphp/php-cs-fixer from 3.86.0 to 3.88.2 (#4978)
- build(deps): bump mklkj/tinymce-i18n from 25.8.4 to 25.9.22 (#4948)
- build(deps): bump tinymce/tinymce from 8.0.2 to 8.1.2 (#4950)
- build(deps): bump pelago/emogrifier from 8.0.0 to 8.1.0 (#4946)
- build(deps-dev): bump rector/rector from 2.1.2 to 2.1.7 (#4949)
- build(deps-dev): bump phpstan/phpstan from 2.1.28 to 2.1.29 (#4947)
- build(deps-dev): bump phpstan/phpstan from 2.1.18 to 2.1.28 (#4936)
- build(deps): bump tj-actions/changed-files from 46 to 47 (#4929)
- build(deps-dev): bump phpstan/phpstan-phpunit from 2.0.6 to 2.0.7 (#4895)
- build(deps): bump rojopolis/spellcheck-github-actions from 0.51.0 to 0.52.0 (#4930)
- build(deps): bump symfony/polyfill-php82 from 1.32.0 to 1.33.0 (#4912)
- build(deps): bump symfony/polyfill-php83 from 1.32.0 to 1.33.0 (#4913)
- build(deps): bump symfony/polyfill-php84 from 1.32.0 to 1.33.0 ([#4914](https://github.com/OpenMage/mag...
Contributors
link
Assets 2
v20.15.0 🌈
Changes
🚀 Features
- Fix issue #4501 Exception noise from OAuth and REST (API2 ) (#4642)
- Allow empty qty-item field when creating a shipment (#4828)
🐛 Bug Fixes
📖 Documentation
- Doc min php8 (#4856)
🔨 Maintenance
- Bump version to 20.15.0 (#4858)
- rector:
SimplifyRegexPatternRector(#4882) - rector:
ThrowWithPreviousExceptionRector(#4874) - rector:
ForRepeatedCountToOwnVariableRector(#4860) - rector:
NumberCompareToMaxFuncCallRector(#4870) - rector:
ClassOnThisVariableObjectRector&ClassOnObjectRector(#4878) - rector:
SingularSwitchToIfRector(#4861) - rector:
EmptyOnNullableObjectToInstanceOfRector(#4876) - rector:
RemoveDeadIfForeachForRector(#4864) - rector:
ShortenElseIfRector(#4879) - rector:
InlineArrayReturnAssignRector(#4868) - rector:
RemoveUnusedPrivateMethodRector(#4872) - rector:
ChangeSwitchToMatchRector(#4835) - rector:
FuncCallToConstFetchRector(#4871) - rector:
UnwrapSprintfOneArgumentRector(#4873) - rector:
FlipTypeControlToUseExclusiveTypeRector(#4869) - rector:
SimplifyEmptyArrayCheckRector(#4875) - rector:
RemoveUselessIsObjectCheckRector(#4865) - rector:
RenameFunctionRector(#4863) - rector:
RemoveUnreachableStatementRector(#4867) - rector:
RemoveDoubleAssignRector(#4862) - rector:
FinalizeTestCaseClassRector(#4866) - rector: disabled rules one by one in config (#4859)
↗️ Dependencies
- build(deps-dev): bump friendsofphp/php-cs-fixer from 3.75.0 to 3.80.0 (#4877)
- Bump dealerdirect/phpcodesniffer-composer-installer from 1.0.0 to 1.1.1 (#4852)
- Bump phpseclib/phpseclib from 3.0.45 to 3.0.46 (#4850)
- Bump rojopolis/spellcheck-github-actions from 0.49.0 to 0.51.0 (#4842)
- Bump phpseclib/phpseclib from 3.0.44 to 3.0.45 (#4839)
- Bump squizlabs/php_codesniffer from 3.13.1 to 3.13.2 (#4840)
- Bump nnnick/chartjs from 4.4.9 to 4.5.0 (#4841)
v20.14.0 🌈
Changes
- Update CODE_OF_CONDUCT.md (#4733)
🚀 Features
- Content Security Policy (CSP) Implementation a new approach (#4776)
- Inserted sample nginx config for API in api_nginx-frontend.conf (#4382)
- Support Apache 2.3+ Require all denied (#4813)
- add config_path to adminhtml/system_config_form (#4801)
- Added
empiricompany/openmage_ignitionas dependeny (#4800) - feat: dashboard charts - bar/line option (#4775)
- feat: add "Last 3 Months" and "Last 6 Months" to dashboard charts (#4739)
- Added Cypress E2E tests (#4759)
- RWD theme: use jQuery via composer (#4429)
- FEAT: disable advanced search on storeview scope (#4668)
- Make
php-8.1minimum requirement (#4124) - Add html-ids to admin nav-items (#4676)
- Replaced google dashboard charts with Chart.js (via composer) (#4435)
🐛 Bug Fixes
- Use sameSite setting in the session cookie (#4827)
- warning - fix undefined array key labels (#4777)
- Fix issue with incorrect product option pricing in admin console (#4779)
- Replace
trigger_error, which is deprecated in PHP 8.4. (#4755) - PHP8: fix newsletter preview (#4769)
- Fix: re-add
composer/composer(#4762) - Fix website-specific attribute values not loading correctly (#4745)
- Fix products duplicate across pagination when they have the same posi… (#4750)
- Fix MySQL connection for DDEV setup (#4720)
- Re-add DDEV files to composer installs (#4709)
- Fixes
Mage_Eav_Model_Attribute_Data_DateandMage_Core_Controller_Varien_Actiondate validations and empty value handling (#4605) - Fixes coupon-code usage with today start/end date (#4456)
- Remove duplicated class name in customer attribute validation (#4662) (#4663)
- remove unused required parameters (#4626)
- Process only required attributes in
api/rest/products/(#4517)
📖 Documentation
- Add docs for JSONRPC API. (#4810)
- Add spellcheck to documentation (#4628)
- fix: Fix typo/spelling error on https://docs.openmage.org/users/install/ (#4724)
- docs: link to DDEV installation guide (#4710)
- Add a blog "Brief Guide on Grid Column" (#4678)
🔨 Maintenance
- Fixed README.md (#4836)
- workflow: update check-files.yml (#4811)
- Remove FlyingMana from mentions of maintainership (#4803)
- Shorter copyright header (#4767)
- PHPUnit: added/updated tests (#4758)
- PhpStan: some fixes (#4705)
- Cypress update (#4782)
- Add spellcheck to documentation (#4628)
- Updated Copyright (#4791)
- fix: sonar config (#4781)
- chore: update SonarCloud action (#4780)
- rector: added phtml-files (#4765)
- Fix: correct docblock type for
set_error_handler(#4772) - Updated Copyright (#4738)
- Updated workflows - use cache (#4761)
- rector: applied all rules up to
php-74(#4706) - Update
release-drafter.yml(#4716) - chore: updated all composer dependencies for PHP 8.1 (#4711)
- Update
release-drafter.yml(#4696) - rector: applied all
php-70rules (#4703) - rector:
PowToExpRector(#4693) - Updated PhpStorm meta-files (#4685)
- Update
release-drafter.yml(#4683) - rector: apply some
php-73/php-80rules (#4682) - rector:
ClassConstantToSelfClassRector(#4679) - Bump version to v20.14.0 (#4665)
- rector:
VarToPublicPropertyRector(#4677) - Suggest
n98/magerunincomposer.json(#4667) - Updated issue templates (#4600)
- Updated Copyright (#4658)
↗️ Dependencies
- Bump phpseclib/phpseclib from 3.0.43 to 3.0.44 (#4831)
- Bump squizlabs/php_codesniffer from 3.13.0 to 3.13.1 (#4832)
- Bump rector/rector from 2.0.15 to 2.0.16 (#4816)
- Bump phpstan/phpstan from 2.1.14 to 2.1.17 (#4821)
- Bump colinmollenhour/magento-redis-session from 3.2.1 to 3.3.0 (#4825)
- Bump mklkj/tinymce-i18n from 25.5.12 to 25.6.2 (#4829)
- Bump tinymce/tinymce from 7.9.0 to 7.9.1 (#4826)
- Bump rojopolis/spellcheck-github-actions from 0.48.0 to 0.49.0 (#4819)
- Bump symfony/translation-contracts from 3.5.1 to 3.6.0 (#4820)
- Bump mklkj/tinymce-i18n from 25.2.3 to 25.5.12 (#4814)
- Bump tinymce/tinymce from 7.8.0 to 7.9.0 (#4817)
- Bump rojopolis/spellcheck-github-actions from 0.47.0 to 0.48.0 (#4807)
- Bump squizlabs/php_codesniffer from 3.12.2 to 3.13.0 (#4805)
- Bump rector/rector from 2.0.14 to 2.0.15 (#4806)
- Bump tj-actions/changed-files from 45 to 46 (#4715)
- Bump symfony/polyfill-php83 from 1.31.0 to 1.32.0 (#4798)
- Bump symfony/polyfill-php84 from 1.31.0 to 1.32.0 (#4796)
- Bump phpstan/phpstan from 2.1.13 to 2.1.14 (#4795)
- Bump symfony/polyfill-php82 from 1.31.0 to 1.32.0 (#4797)
- Bump actions/checkout from 1 to 4 (#4787)
- Bump rector/rector from 2.0.11 to 2.0.14 (#4785)
- Bump phpstan/phpstan from 2.1.12 to 2.1.13 (#4784)
- Bump nnnick/chartjs from 4.4.8 to 4.4.9 (#4786)
- Bump colinmollenhour/magento-redis-session from 3.2.0 to 3.2.1 (#4783)
- Bump phpstan/phpstan from 2.1.8 to 2.1.10 (#4727)
- Bump tinymce/tinymce from 7.7.2 to 7.8.0 (#4766)
- Bump components/jquery from 1.12.4 to 3.7.1 (#4744)
- Bump shardj/zf1-future from 1.24.2 to 1.24.3 (#4752)
- Bump squizlabs/php_codesniffer from 3.12.1 to 3.12.2 ([#4751](https://github.com/Ope...
v20.13.0 🌈
Changes
🚨 Security
- CVE-2025-27400 - Sanitize skin urls that could be used for Stored XSS @justlife4x4 @colinmollenhour (#4654)
- [Backport] Added form key validation to Contacts form @sreichel (#4610)
- TinyMCE: potential fix for code scanning alert: Inefficient regular expression @sreichel (#4491)
🚀 Features
- TinyMCE: disable WYSIWYG if not installed @sreichel (#4495)
- Cache store in API2 for performance. @kiatng (#4631)
- Add SAMPLE_DATA option to
dev/openmage/install.sh@colinmollenhour (#4602) - Install flow.js (uploader) via composer @sreichel (#4469)
🐛 Bug Fixes
- keep attribute_id as keys in getFilterableAttributes () @empiricompany (#4639)
- Fix error in column renderer when value is empty and not null @aamant (#4601)
- php8: TypeError: Unsupported operand types: string * int @sreichel (#4526)
- Api2: Fixes getProductUrl @Hanmac (#4511)
- php8.3: fix deprecated passing null to
str_replace()@sreichel (#4525) - Avoid errors when trying to lock config if database is not yet available @colinmollenhour (#4603)
- Fix issue with double port in error pages base URL @massa-man (#4518)
- Fixed null deprecation in UnserializeArray.php @kiatng (#4394)
- php 8.3: fix catch for empty sitemap filename @midlan (#4521)
- Added currency code to cache-info for new products block @sreichel (#4514)
- Fixed null deprecation in Mage_Eav_Model_Attribute_Data_Text @kiatng (#4500)
📖 Documentation
🔨 Maintenance
- Bump version to v20.13.0 @sreichel (#4645)
- Chore: Check for
DS/PSalready set @sreichel (#4484) - Remove obsolete phpstan baseline entry for invalid binary operation. @aamant (#4640)
- Drop ZIP-archive support @sreichel (#4485)
- Update release-drafter.yml @sreichel (#4638)
- PhpUnit: added test, ref #4518 @sreichel (#4524)
- Update release-drafter.yml template @sreichel (#4528)
- Workflow: updated PhpUnit versions @sreichel (#4619)
- CodeQL: updated config @sreichel (#4490)
- Cleanup: removed js/jscolor @sreichel (#4458)
- add justlife4x4 as a contributor for security @allcontributors[bot] (#4657)
- add mbattistini as a contributor for bug @allcontributors[bot] (#4608)
- add mark-netalico as a contributor for bug @allcontributors[bot] (#4586)
- PhpUnit: updated and added tests @sreichel (#4454)
- add real34 as a contributor for bug @allcontributors[bot] (#4572)
- add kanevbg as a contributor for bug @allcontributors[bot] (#4577)
- add vovayatsyuk as a contributor for bug @allcontributors[bot] (#4578)
- add roberto-ebizmarts as a contributor for bug @allcontributors[bot] (#4580)
- add tmotyl as a contributor for bug @allcontributors[bot] (#4573)
- add loekvangool as a contributor for bug @allcontributors[bot] (#4599)
- add midlan as a contributor for bug @allcontributors[bot] (#4595)
- add mehdichaouch as a contributor for doc @allcontributors[bot] (#4592)
- add jouriy as a contributor for bug @allcontributors[bot] (#4589)
- add justinbeaty as a contributor for bug @allcontributors[bot] (#4588)
- add ProxiBlue as a contributor for bug @allcontributors[bot] (#4587)
- add digitalpianism as a contributor for bug @allcontributors[bot] (#4583)
- add drwilliams as a contributor for bug @allcontributors[bot] (#4582)
- add boesbo as a contributor for bug @allcontributors[bot] (#4581)
- add leissbua as a contributor for bug @allcontributors[bot] (#4571)
- add fballiano as a contributor for bug @allcontributors[bot] (#4565)
- add schmengler as a contributor for bug @allcontributors[bot] (#4567)
- add elidrissidev as a contributor for bug @allcontributors[bot] (#4564)
- add Caprico85 as a contributor for bug @allcontributors[bot] (#4536)
- add gorbunovav as a contributor for bug @allcontributors[bot] (#4546)
- add joshua-bn as a contributor for bug @allcontributors[bot] (#4559)
- add seansan as a contributor for bug @allcontributors[bot] (#4562)
- add luigifab as a contributor for bug @allcontributors[bot] (#4560)
- add addison74 as a contributor for bug @allcontributors[bot] (#4539)
- add Tomasz-Silpion as a contributor for bug @allcontributors[bot] (#4547)
- add sreichel as a contributor for bug @allcontributors[bot] (#4543)
- add AlterWeb as a contributor for bug @allcontributors[bot] (#4551)
- add ioweb-gr as a contributor for bug @allcontributors[bot] (#4544)
- add seifer7 as a contributor for bug @allcontributors[bot] (#4549)
- add empiricompany as a contributor for bug @allcontributors[bot] (#4541)
- add kiatng as a contributor for bug @allcontributors[bot] (#4532)
- add theroch as a contributor for bug @allcontributors[bot] (#4535)
- Updated Copyright @github-actions[bot] (#4522)
↗️ Dependencies
- Bump perftools/php-profiler from 1.1.2 to 1.2.0 @dependabot[bot] (#4649)
- Bump friendsofphp/php-cs-fixer from 3.69.0 to 3.70.0 @dependabot[bot] (#4648)
- Bump phpstan/phpstan from 2.1.5 to 2.1.6 @dependabot[bot] (#4647)
- Bump symplify/vendor-patches from 11.3.7 to 11.4.1 @dependabot[bot] (#4650)
- Bump tinymce/tinymce from 7.6.1 to 7.7.0 @dependabot[bot] (#4646)
- Bump rector/rector from 2.0.8 to 2.0.9 @dependabot[bot] (#4635)
- Bump friendsofphp/php-cs-fixer from 3.68.5 to 3.69.0 @dependabot[bot] (#4634)
- Bump phpstan/phpstan from 2.1.3 to 2.1.5 @dependabot[bot] (#4636)
- Bump friendsofphp/php-cs-fixer from 3.68.1 to 3.68.5 @dependabot[bot] (#4530)
- Bump rector/rector from 2.0.7 to 2.0.8 @dependabot[bot] (#4621)
- Bump phpstan/phpstan from 2.1.2 to 2.1.3 @dependabot[bot] (#4622)
- Bump mklkj/tinymce-i18n from 24.12.30 to 25.2.3 @dependabot[bot] (#4609)
- Bump composer/composer from 2.8.4 to 2.8.5 @dependabot[bot] (#4506)
- Bump tinymce/tinymce from 7.6.0 to 7.6.1 @dependabot[bot] (#4507)
- Bump phpstan/phpstan from 2.1.1 to 2.1.2 @dependabot[bot] (#4508)
- Bump squizlabs/php_codesniffer from 3.11.2 to 3.11.3 @dependabot[bot] (#4509)
- Bump rector/rector from 2.0.6 to 2.0.7 @dependabot[bot] (#4499)
- Bump friendsofphp/php-cs-fixer from 3.67.1 to 3.68.1 @dependabot[bot] (#4498)
Contributors
colinmollenhour, Hanmac, and 7 other contributors
Assets 2
v20.12.3
🚨 Security
- CVE-2025-27400 - Sanitize skin urls that could be used for Stored XSS @justlife4x4 @colinmollenhour (#4654)
Full Changelog: v20.12.2...v20.12.3
Contributors
colinmollenhour and justlife4x4
Assets 2
v20.12.2 🌈
Changes
🐛 Bug Fixes
- No Layout on Redirect in CatalogSearch AdvancedController @Hanmac (#4494)
- Fix: InvalidParamTypeProvidedNULL: fixed login() method @eneiasramos (#4399)
- Fix: error in admin edit cart rule @Caprico85 (#4493)
🔨 Maintenance
Contributors
Hanmac, Caprico85, and 2 other contributors
Assets 2
v20.12.1 🌈
Contributors
sreichel
Assets 2
v20.12.0
Changes
🚀 Features
- Updated composer-plugin @sreichel (#4455)
- Deprecate Date_Short and removed strftime @Hanmac (#4462)
- Update Mage_SalesRule_Model_Quote_Discount @Hanmac (#4293)
🐛 Bug Fixes
- Fixes grid column type
concat@sreichel (#4476) - Fix regression bug for duplicate block rendering with getSortedChildren() @bucha (#4480)
- Hotfix: Incorrect attribute localization @sreichel (#4441)
- Catch exception when invalid country_id is submitted in estimate ship… @colinmollenhour (#4427)
🔨 Maintenance
- add bucha as a contributor for code @allcontributors (#4482)
- Workflow: release-drafter.yml update @sreichel (#4457)
- README: updated contributors list @allcontributors (#4479)
- Cleanup: removed phpversion check @sreichel (#4459)
- PHP-CS-Fixer: added all directories to checks @sreichel (#4406)
- Cleanup: update
addHandle()docblock @sreichel (#4460) - Workflow: update PhpStorm meta files @sreichel (#4445)
- PHPStan: added DOCblocks to most templates 🚀 @sreichel (#4468)
- Workflow: fixed invalid JSON @sreichel (#4470)
- PhpUnit: fixes Update LayoutTest.php @sreichel (#4453)
- PHPUnit: fixed test using wrong date format @sreichel (#4444)
- Updated phpstan to v2.1 @sreichel (#4430)
- All contributors bot @sreichel (#4446)
- Bumped version to 20.12.0 @sreichel (#4442)
- PHPUnit: added test for
Mage_Core_Model_Layout::getBlockSingleton()@sreichel (#4431) - Workflow: added release drafter @sreichel (#4443)
- Updated Copyright @github-actions (#4440)
- Updated README.md @sreichel (#4408)
- Mini DOCBlock update @sreichel (#4415)
↗️ Dependencies
- Bump openmage/composer-plugin from 2.0.0 to 3.0.0 @dependabot (#4472)
- Bump friendsofphp/php-cs-fixer from 3.66.1 to 3.67.1 @dependabot (#4473)
- Bump rector/rector from 2.0.5 to 2.0.6 @dependabot (#4474)
- Bump mklkj/tinymce-i18n from 24.12.9 to 24.12.30 @dependabot (#4450)
- Bump friendsofphp/php-cs-fixer from 3.66.0 to 3.66.1 @dependabot (#4449)
- Bump phpstan/phpstan from 2.1.0 to 2.1.1 @dependabot (#4451)
- Bump friendsofphp/php-cs-fixer from 3.65.0 to 3.66.0 @dependabot (#4434)
Contributors
colinmollenhour, Hanmac, and 4 other contributors