• Cart requests that include a couponCode param are now rate-limited.
• Fixed a bug where redundant database queries could be executed when no subscription plans existed. (#4285)
• Fixed an error that occurred when executing a GraphQL query with relatedTo* arguments within hasProduct or hasVariant fields. (#4297)
• Fixed moderate-severity enumeration vulnerability. (GHSA-h5gm-x9wr-vhcm)
• Fixed low-severity business logic vulnerability. (GHSA-78vr-q6cf-c7p6)