github craftcms/commerce 4.12.0

latest release: 5.7.0
8 hours ago

Store Management

  • The “Share cart…” order element action now generates a secure tokenized URL.

Administration

  • Added the loadCartUrlExpiry setting, for controlling how long cart load links remain valid (seven days by default).

Extensibility

  • Added craft\commerce\controllers\CartController::actionCartChallenge().
  • Added craft\commerce\controllers\CartController::actionCartSent().
  • Added craft\commerce\controllers\CartController::actionEmailChallenge().
  • Added craft\commerce\controllers\OrdersController::actionGetLoadCartUrl().
  • Added craft\commerce\models\Settings::$loadCartUrlExpiry.
  • Added craft\commerce\services\Carts::getLoadCartUrl().
  • craft\commerce\elements\Order::getLoadCartUrl() now returns a secure tokenized URL.

System

  • Cart load URLs are now generated with time-limited security tokens, which are now required when loading carts from non-authenticated requests.
  • Fixed moderate-severity server-side template injection vulnerability. (#)
  • PDF download URLs now use the code query param instead of token (#4303).

Don't miss a new commerce release

NewReleases is sending notifications on new releases.