• Craft Commerce now requires Craft CMS 4.17.9 or later.
• Cart numbers are now generated using a cryptographically secure random number generator.
• Cart controller actions that accept an explicit cart number are now rate limited to mitigate enumeration attacks.
• Fixed a PHP error that could occur when using the manual gateway. (#4245)
• Fixed a high-severity SQL injection vulnerability. (GHSA-875v-7m49-8x88)
• Fixed a low-severity information disclosure vulnerability. (GHSA-3vxg-x5f8-f5qf)