🎉🎉🎉 We are thrilled to announce OpenMage 20.5.0, the latest and greatest version of your favorite ecommerce platform! 🎉🎉🎉
This release surely packs a good amount of new features, so much so that we had to add a dedicated section to the changelog! But it also comes with a bunch of bugfix, components updates and most importantly a security fix!
Complete changelog
Security fixes
- CVE-2024-20717 (XSS), all the details at GHSA-gp6m-fq6h-cjcx
New features
- Added production-grade nginx and Docker environment by @colinmollenhour in #1209
- Added DDEV cronjob file by @ADDISON74 in #3831
- Added UI to list and remove orphaned ACL resources in backend. by @kiatng in #3647
- Allowed admin to create guest orders and reorder as guest by @justinbeaty in #2233
- Added HtmlPurifier to improve MaliciousCode filtering by @Judx in #3606
- Added auto reply to contact form by @kyrena in #3615
- Added partial postcode match to table rate shipping by @AlterWeb in #1504
- Added support for type "label" to system.xml by @fballiano in #3849
Bugfix and more
- Fixed branch names in code-ql workflow by @ADDISON74 in #3832
- Updated the existing DDEV documentation by @ADDISON74 in #3830
- Fixed deprecation warning if downloadable sample is a url by @ma4nn in #3619
- Updated TinyMCE to 6.8.3 and updated all languages by @fballiano in #3837
- Fixed deprecated functionality for trim when creating DataFlow profile by @ma4nn in #3825
- Fixed case error in some module names by @fballiano in #3841
- Fixed call to a member function setOnclick() on false in Mage_Adminhtml_Block_Sales_Order_View_Giftmessage by @fballiano in #3821
- Fixed null parameter warning in Mage/Adminhtml/Block/Customer/Edit/Tab/Wishlist/Grid/Renderer/Description.php by @ADDISON74 in #3829
- Fixed phpstan in Mage/Customer/controllers/AccountController.php by @kiatng in #3750
- Changed "unload" to "beforeunload" in extjs to avoid deprecation warning in developer console by @andrewcbi in #3853
- Removed Mage_Backup and Mage_PageCache from PHPStan configuration by @fballiano in #3858
- Fixed column default sorting in customer's orders grid by @ADDISON74 in #3852
- Fixed null parameter warning in DataFlow Profiles by @ADDISON74 in #3827
Packages upgrades
- Bump squizlabs/php_codesniffer from 3.8.1 to 3.9.0 by @dependabot in #3843
- Bump phpstan/phpstan from 1.10.57 to 1.10.58 by @dependabot in #3844
- Bump phpunit/phpunit from 9.6.16 to 9.6.17 by @dependabot in #3854
- Bump phpseclib/mcrypt_compat from 2.0.4 to 2.0.5 by @dependabot in #3855
- Bump friendsofphp/php-cs-fixer from 3.49.0 to 3.50.0 by @dependabot in #3857
- Bump phpstan/phpstan from 1.10.58 to 1.10.59 by @dependabot in #3856
New Contributors
- @andrewcbi made their first contribution in #3853
Full Changelog: v20.4.0...v20.5.0