Current File : //var/softaculous/bagisto/changelog.txt

2.3.10

✏️ Changes

    Fixed a security issue in the installer endpoints.

    Fixed a security issue in the customer order reorder functionality.

    Fixed a Server-Side Template Injection (SSTI) vulnerability in the first and last name fields that could be exploited by low-privileged users.

    Refined the Blade tracer to track only view files, ensuring accurate view-level tracing.

    Fixed SSTI vulnerability in type parameter handling — user input is now properly sanitized/validated to prevent server-side template injection.

    Sanitized product review attachments to prevent stored XSS.

    Sanitized CMS html_content during create and update operations to prevent stored XSS vulnerabilities.

    Added validation for external URLs in downloadable product samples to block access to private and reserved IP ranges.

🐛 Bug Fixings

    #11058 - Fixed the speculation issue and resolved the revoke endpoint issue.

    #11053 - Fixed an issue where the custom field price was not converted according to the exchange rate on the product view page.

    #11051 - Fixed a redirection issue that occurred when a product had insufficient quantity.

    #11028 - Fixed an issue where horizontal scrolling caused misalignment of fixed-position elements (Cart/Profile buttons) on the search page.

    #10975 - Fixed validation to ensure the source and target currencies are different when creating exchange rates.
	
2.3.9

🐛 Bug Fixings

    Meta tag, comment and header added for Bagisto.

    #11035 - Fixed an issue where an exception occurred when saving a CMS page without selecting a channel.

    #11014 - Fixed the wishlist icon issue on the product view page caused by Full Page Cache (FPC).

    #11011 - Added missing translation for the Customer Group delete response message.

    #11010 - Fixed the CAPTCHA configuration issue that allowed saving settings without the site key or secret key.

    #10985 - Fixed an issue in CustomerGroupPrice where deleting any group discount incorrectly removed the last discount entry instead of the selected one.

    #10899 - Fixed a validation error that occurred while importing CSV files in Data Transfer.

    #10866 - Fixed the issue where filterable options on the theme page were not appearing.
	
v2.3.8

✨ Improvements

    Improved octane compatibility.

    Added the missing captcha on the checkout login page.

    Refined TinyMCE editor integration and applied related security fixes.

    Applied security fixes to product attributes, including short description, long description, and other TinyMCE-enabled fields.

    Fixed an issue where the description was not updating correctly during channel updates.

    Implemented security fixes for the DataGrid export feature.

🐛 Bug Fixings

    #10971 - Fixed an issue where updating a field without changing the image caused the image to break or not display correctly.

    #10898 - Added an asterisk (*) to indicate all required fields in configurable product variants.