* 1.12:
[Behat] Minor scenarios improvements
Fixes after CR
Test adding similar products
Test adding new simple product
Test adding new taxon
[Behat] Minor scenarios improvements after code review
[Checkout] Add scenario for preventing from a potential XSS attack
[AddressBook] Add scenario for preventing from a potential XSS attack
Use function from UIBundle
Add sanitizer function to UIBundle
Add js sanitizeInput function
Fix product-auto-complete
Use function from UIBundle
Fix potential xss in admin panel
[Maintenance] Remove unnecessary line
[Maintenance] Update docker docs
* 1.10:
passwordResetToken nulled after password is changed
suggested review changes
listener added to finish response with X-Frame-Options sameorigin header
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
214f6184eb listener added to finish response with X-Frame-Options sameorigin header
60b7c81f75 suggested review changes
bd1de40d04 passwordResetToken nulled after password is changed
* 1.10:
[Security] XSS - SVG file upload vulnerability fixed
[PHPUnit] Move subscribers tests to main directory
Replace str_contains with strpos method to support PHP 7
[Behat] Extract browser element and context
[Behat] Add scenarios for securing access to account and dashboard after logging out
Minor fixes for specs and unit tests of cache control subscribers
Remove type declarations for properties due to supporting PHP 7.3
[Maintenace] Test existence of new cache headers
[UI] Force no-store cache directives for admin and customer account section
suggested review changes
listener added to finish response with X-Frame-Options sameorigin header
* 1.9:
[Security] XSS - SVG file upload vulnerability fixed
[PHPUnit] Move subscribers tests to main directory
Replace str_contains with strpos method to support PHP 7
[Behat] Extract browser element and context
[Behat] Add scenarios for securing access to account and dashboard after logging out
Minor fixes for specs and unit tests of cache control subscribers
Remove type declarations for properties due to supporting PHP 7.3
[Maintenace] Test existence of new cache headers
[UI] Force no-store cache directives for admin and customer account section
suggested review changes
listener added to finish response with X-Frame-Options sameorigin header
* 1.9:
Change application's version to v1.9.6-DEV
Fix the security advisory PR
Generate changelog for v1.9.5
Change application's version to v1.9.5
[API][Shop] Block access to order list by default
[API][Shop] Hide order list details for guest users
This PR was merged into the 1.10-dev branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| License | MIT
Commits
-------
dc202a69a4 [API] Subscribing to newsletter on account register
dfe536f1ea Add default value for newsletter variable