Changes
🚨 Security
- Reflected XSS in Data Flow (profiles) (#5521)
- Open Redirect via Unvalidated
uencParameter (#5502) - Weak API Session ID (#5501)
🐛 Bug Fixes
- fix: iterate on null (#5570)
- [Catalog] normalize CRLF before text-option length check (#4448) (#5553)
- Canonical for home does not include store codes (#5545)
- fix: Argument #1 ($client) must be of type
?Mage_Usa_Model_Shipping_Carrier_Usps_Rest_Client(#5531) - fix: wrong rate limit check (#5516)
- add missing quotation mark in multiselect form element (#5522)
- fix: new newsletter queue (#5500)
- fix: invalid compare
strlen() < 0(#5484)
🚀 Features
- feature/avif: added support for AVIF (AV1 Image File Format) supported natively in PHP version 8.1 through the GD extension (#5556)
- feat: lighttouch replacement of Fedex's EOL SOAP backend for REST (#5492)
- [Core] add PsrLogger (#5144)
🦾 Enhancements
- [SalesRule] optimize getActiveAttributes slow query (#4979) (#5552)
- Replace
Zend_Captchawithlaminas\captcha(#5480) - [Core] adds ClockInterface (#5168)
🔨 Maintenance
- add contributors to releases notes (#5573)
- Update minor version from 17 to 18 (#5572)
- Updated PhpStorm meta-files (#5561)
- chore: dont commit composer files when updating phpstorm meta (#5560)
- chore: rename constants to follow OM versions (#5558)
- [Adminhtml][Tax] RuleController: cleanup and deprecate helper functions (#5525)
- Add .phpstan.dist.baselines to labeler configuration (#5557)
- chore: removed Magento constants (#5550)
- [Core] fix Resource_Setup Connection type (#5548)
- Update method.notFound.php (#5546)
- rector:
ArrayToFirstClassCallableRector(#5434) - phpstan: bump to level 8 (final) (#5542)
- [Wishlist] deprecate _getSingletonModel and _getHelperInstance (#5530)
- phpstan: bump to level 6 (#5540)
- chore: update composer dependencies (#5535)
- phpstan: enable strict rules (#5439)
- chore: fix docblocks (#5529)
- Add
@return void/@return $this|voidto all controller action methods in Mage core controllers (#5442) - composer: use
openmage/dev-translations(#5527) - docs: remove email for security reports (#5520)
- rector: replace adminhtml button ids with constants (#5518)
- chore: remove ref to
openmage/dev-copyright(#5519) - chore(docs): update copyright to current year (#5517)
- e2e: added
data-testhtml selectors (#5515) - chore: docblocks (#5507)
- chore: workflow (#5510)
- chore: workflow (#5508)
- chore: docblocks (#5506)
- chore: docblocks (#5465)
- docblock: replace @return ClassName with @return $this for fluent interface methods (#5505)
- rector:
AddOverrideAttributeToOverriddenMethodsRector(#5503) - chore: docblocks (#5491)
- Add
MAGE_IS_DEVELOPER_MODEto PHPUnit config (#5475)
↗️ Dependencies
- build(deps-dev): bump phpstan/phpstan-strict-rules from 2.0.10 to 2.0.11 (#5563)
- build(deps-dev): bump phpstan/phpstan from 2.1.51 to 2.1.54 (#5568)
- build(deps-dev): bump symplify/easy-coding-standard from 13.0.4 to 13.1.2 (#5567)
- build(deps): bump SonarSource/sonarqube-scan-action from 7 to 8 (#5564)
- build(deps): bump tinymce/tinymce from 8.4.0 to 8.5.0 (#5566)
- build(deps): bump phpseclib/phpseclib from 3.0.51 to 3.0.52 (#5565)
- build(deps): bump symfony/polyfill-php83 from 1.36.0 to 1.37.0 (#5539)
- build(deps): bump symfony/polyfill-php84 from 1.36.0 to 1.37.0 (#5536)
- build(deps): bump symfony/polyfill-php85 from 1.36.0 to 1.37.0 (#5537)
- build(deps): bump symfony/polyfill-php82 from 1.36.0 to 1.37.0 (#5538)
- build(deps-dev): bump rector/rector from 2.4.1 to 2.4.2 (#5497)
- build(deps-dev): bump phpstan/phpstan from 2.1.46 to 2.1.50 (#5495)
- build(deps): bump symfony/polyfill-php85 from 1.33.0 to 1.36.0 (#5496)
- build(deps): bump symfony/polyfill-php83 from 1.33.0 to 1.36.0 (#5493)
- build(deps): bump symfony/polyfill-php82 from 1.34.0 to 1.36.0 (#5494)
@B3Hana, @Copilot, @Hanmac, @ajbonner, @allcontributors[bot], @colinmollenhour, @dependabot[bot], @eneiasramos, @github-actions[bot], @ma4nn, @sreichel, allcontributors[bot], copilot-swe-agent[bot], dependabot[bot] and github-actions[bot]