Changes
🚨 Security
- CVE-2025-27400 - Sanitize skin urls that could be used for Stored XSS @justlife4x4 @colinmollenhour (#4654)
- [Backport] Added form key validation to Contacts form @sreichel (#4610)
- TinyMCE: potential fix for code scanning alert: Inefficient regular expression @sreichel (#4491)
🚀 Features
- TinyMCE: disable WYSIWYG if not installed @sreichel (#4495)
- Cache store in API2 for performance. @kiatng (#4631)
- Add SAMPLE_DATA option to
dev/openmage/install.sh@colinmollenhour (#4602) - Install flow.js (uploader) via composer @sreichel (#4469)
🐛 Bug Fixes
- keep attribute_id as keys in getFilterableAttributes () @empiricompany (#4639)
- Fix error in column renderer when value is empty and not null @aamant (#4601)
- php8: TypeError: Unsupported operand types: string * int @sreichel (#4526)
- Api2: Fixes getProductUrl @Hanmac (#4511)
- php8.3: fix deprecated passing null to
str_replace()@sreichel (#4525) - Avoid errors when trying to lock config if database is not yet available @colinmollenhour (#4603)
- Fix issue with double port in error pages base URL @massa-man (#4518)
- Fixed null deprecation in UnserializeArray.php @kiatng (#4394)
- php 8.3: fix catch for empty sitemap filename @midlan (#4521)
- Added currency code to cache-info for new products block @sreichel (#4514)
- Fixed null deprecation in Mage_Eav_Model_Attribute_Data_Text @kiatng (#4500)
📖 Documentation
🔨 Maintenance
- Bump version to v20.13.0 @sreichel (#4645)
- Chore: Check for
DS/PSalready set @sreichel (#4484) - Remove obsolete phpstan baseline entry for invalid binary operation. @aamant (#4640)
- Drop ZIP-archive support @sreichel (#4485)
- Update release-drafter.yml @sreichel (#4638)
- PhpUnit: added test, ref #4518 @sreichel (#4524)
- Update release-drafter.yml template @sreichel (#4528)
- Workflow: updated PhpUnit versions @sreichel (#4619)
- CodeQL: updated config @sreichel (#4490)
- Cleanup: removed js/jscolor @sreichel (#4458)
- add justlife4x4 as a contributor for security @allcontributors[bot] (#4657)
- add mbattistini as a contributor for bug @allcontributors[bot] (#4608)
- add mark-netalico as a contributor for bug @allcontributors[bot] (#4586)
- PhpUnit: updated and added tests @sreichel (#4454)
- add real34 as a contributor for bug @allcontributors[bot] (#4572)
- add kanevbg as a contributor for bug @allcontributors[bot] (#4577)
- add vovayatsyuk as a contributor for bug @allcontributors[bot] (#4578)
- add roberto-ebizmarts as a contributor for bug @allcontributors[bot] (#4580)
- add tmotyl as a contributor for bug @allcontributors[bot] (#4573)
- add loekvangool as a contributor for bug @allcontributors[bot] (#4599)
- add midlan as a contributor for bug @allcontributors[bot] (#4595)
- add mehdichaouch as a contributor for doc @allcontributors[bot] (#4592)
- add jouriy as a contributor for bug @allcontributors[bot] (#4589)
- add justinbeaty as a contributor for bug @allcontributors[bot] (#4588)
- add ProxiBlue as a contributor for bug @allcontributors[bot] (#4587)
- add digitalpianism as a contributor for bug @allcontributors[bot] (#4583)
- add drwilliams as a contributor for bug @allcontributors[bot] (#4582)
- add boesbo as a contributor for bug @allcontributors[bot] (#4581)
- add leissbua as a contributor for bug @allcontributors[bot] (#4571)
- add fballiano as a contributor for bug @allcontributors[bot] (#4565)
- add schmengler as a contributor for bug @allcontributors[bot] (#4567)
- add elidrissidev as a contributor for bug @allcontributors[bot] (#4564)
- add Caprico85 as a contributor for bug @allcontributors[bot] (#4536)
- add gorbunovav as a contributor for bug @allcontributors[bot] (#4546)
- add joshua-bn as a contributor for bug @allcontributors[bot] (#4559)
- add seansan as a contributor for bug @allcontributors[bot] (#4562)
- add luigifab as a contributor for bug @allcontributors[bot] (#4560)
- add addison74 as a contributor for bug @allcontributors[bot] (#4539)
- add Tomasz-Silpion as a contributor for bug @allcontributors[bot] (#4547)
- add sreichel as a contributor for bug @allcontributors[bot] (#4543)
- add AlterWeb as a contributor for bug @allcontributors[bot] (#4551)
- add ioweb-gr as a contributor for bug @allcontributors[bot] (#4544)
- add seifer7 as a contributor for bug @allcontributors[bot] (#4549)
- add empiricompany as a contributor for bug @allcontributors[bot] (#4541)
- add kiatng as a contributor for bug @allcontributors[bot] (#4532)
- add theroch as a contributor for bug @allcontributors[bot] (#4535)
- Updated Copyright @github-actions[bot] (#4522)
↗️ Dependencies
- Bump perftools/php-profiler from 1.1.2 to 1.2.0 @dependabot[bot] (#4649)
- Bump friendsofphp/php-cs-fixer from 3.69.0 to 3.70.0 @dependabot[bot] (#4648)
- Bump phpstan/phpstan from 2.1.5 to 2.1.6 @dependabot[bot] (#4647)
- Bump symplify/vendor-patches from 11.3.7 to 11.4.1 @dependabot[bot] (#4650)
- Bump tinymce/tinymce from 7.6.1 to 7.7.0 @dependabot[bot] (#4646)
- Bump rector/rector from 2.0.8 to 2.0.9 @dependabot[bot] (#4635)
- Bump friendsofphp/php-cs-fixer from 3.68.5 to 3.69.0 @dependabot[bot] (#4634)
- Bump phpstan/phpstan from 2.1.3 to 2.1.5 @dependabot[bot] (#4636)
- Bump friendsofphp/php-cs-fixer from 3.68.1 to 3.68.5 @dependabot[bot] (#4530)
- Bump rector/rector from 2.0.7 to 2.0.8 @dependabot[bot] (#4621)
- Bump phpstan/phpstan from 2.1.2 to 2.1.3 @dependabot[bot] (#4622)
- Bump mklkj/tinymce-i18n from 24.12.30 to 25.2.3 @dependabot[bot] (#4609)
- Bump composer/composer from 2.8.4 to 2.8.5 @dependabot[bot] (#4506)
- Bump tinymce/tinymce from 7.6.0 to 7.6.1 @dependabot[bot] (#4507)
- Bump phpstan/phpstan from 2.1.1 to 2.1.2 @dependabot[bot] (#4508)
- Bump squizlabs/php_codesniffer from 3.11.2 to 3.11.3 @dependabot[bot] (#4509)
- Bump rector/rector from 2.0.6 to 2.0.7 @dependabot[bot] (#4499)
- Bump friendsofphp/php-cs-fixer from 3.67.1 to 3.68.1 @dependabot[bot] (#4498)