See the UPGRADE.md for all important technical changes.
Fixed security issues:
- Blind SQL-injection in DAL aggregations
- Broken ACL on Document retrieval to access other customers documents
- Denial Of Service via password length (@bsmietana)
- Check for registered accounts through the store-api (@niklaswolf)
Other changes:
- #4654 - Fix HTML quirks mode in the Storefront
- #5900 - Only add gtag consent mode if Google Analytics is enabled (Max)
- #7108 - Add title attribute to filter remove button
- #7624 - Improve cookie settings accessibility
- #7843 - Update storefront Inter font and remove non-variable fonts (Max)
- #7867 - Add login scripts to window
- #7877 - Improve search widget accessibility
- #7888 - Cleanup storefront stylelint integration (Max)
- #7965 - Raise version in composer.stub (Marcus Müller)
- #8009 - Correctly reset promotion duplication fields (Benjamin Wittwer)
- #8021 - Pin promotions for admin orders
- #8235 - Fix loading of to one associations with partial data loading (Pascal Paul)
- #8280 - Fix the issue where a criteria limit of 500 prevents loading admin modules
- 7093 - a11y insufficient accessibility of the search form field for screen readers (Le Nguyen)