This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets | fixes https://github.com/Sylius/Sylius/issues/12554, https://github.com/Sylius/Sylius/issues/13123, related to https://github.com/Sylius/Sylius/pull/13126
| License | MIT
Commits
-------
2863527a9d [Core][Shipping][Behat] Add estimated shipping cost scenarios
caa04093d1 [Core][Shipping] Change order processing priorities
d6dbbcdd78 [Core][Shipping] Update UPGRADE-1.10.md
9d9f8d9b18 [Core][Shipping][Behat] Update estimated shipping cost scenarios
04ab77c3ad [Core][Configuration] Add possibilty to change priorities based on configuration
225557e9c7 [Core][Configuration] Rename flag that changes priorities in order processing
12ba23573f [Core][Configuration] Fix SyliusCoreConfigurationTest
3333d077ac [Core][Configuration] Refactor test cases
9fcae9e31f [Core][Configuration] Rename flag that changes priorities in order processing
aac69ca011 [Core][Shipping] Update UPGRADE-1.10.md
d790944fe3 [Core][Configuration] Rename flag that changes priorities in order processing
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
1bebc5c033 [Plus] Fix Sylius installation guide
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
eea6d60c3c [ADR] Clean up existing ADRs mostly by updating their statuses
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.7
| Bug fix? | no but useful for Behat tests
| New feature? | no
| BC breaks? | still no bc-promise on Behat?
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.7 or 1.8 branch (the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
All these methods are useful when you customize the order show page.
Commits
-------
c1d5193dec [Behat] Allow to use some useful methods on Order show page
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
ebe88049ca Testing with PHP 8.1
f6372a737c Fix Sales data provider
48472f4da6 Bump Ocramius proxy manager version from 2.2 to 2.14
7ba8663339 Trying with friendsofphp/proxy-manager-lts
c32cf3b201 Fix Managing orders context
a2c2e4da5f Use Sylius phpspec fork
b076bb940f Do not crash on deprecations with Phpspec
b6603382e5 Use official Phpspec
417008d2e4 Use release instead of dev-main
cd8eff92ba Fix changes during rebase
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Apply https://github.com/Sylius/Sylius/pull/13580 fix on 1.10 branch
Commits
-------
18eb73ea2e Bump Psalm version to 4.19 (php 8.1 support)
e1e6ac687e Fix Psalm errors
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets | mentioned in https://github.com/Sylius/Sylius/pull/13731#discussion_r821045993
| License | MIT
As far as "I want to..." statement is a kind of user action the step should be 'When'.
Commits
-------
984488d94b [Behat] Use "When" for user actions where possible
This PR was merged into the 1.10 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.10
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
214f6184eb listener added to finish response with X-Frame-Options sameorigin header
60b7c81f75 suggested review changes
bd1de40d04 passwordResetToken nulled after password is changed
* 1.9:
[Security] XSS - SVG file upload vulnerability fixed
[PHPUnit] Move subscribers tests to main directory
Replace str_contains with strpos method to support PHP 7
[Behat] Extract browser element and context
[Behat] Add scenarios for securing access to account and dashboard after logging out
Minor fixes for specs and unit tests of cache control subscribers
Remove type declarations for properties due to supporting PHP 7.3
[Maintenace] Test existence of new cache headers
[UI] Force no-store cache directives for admin and customer account section
suggested review changes
listener added to finish response with X-Frame-Options sameorigin header
This PR was merged into the 1.9 branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | 1.9
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Related tickets |
| License | MIT
This PR aims to solve 3 issues:
1. Possibility to inject SVGs with scripts (https://rietta.com/blog/svg-xss-injection-attacks/)
2. Possibility to check admin pages with back button after logging out due to wrong cache'ing configuration
3. Clickjacking while rendering Sylius in iframe (https://portswigger.net/web-security/clickjacking)
<!--
- Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
- Features and deprecations must be submitted against the master branch
- Make sure that the correct base branch is set
To be sure you are not breaking any Backward Compatibilities, check the documentation:
https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->
Commits
-------
0886078036 listener added to finish response with X-Frame-Options sameorigin header
c23643109c suggested review changes
67de9e8104 bug #14 [Security] Clickjacking vulnerability fixed (ernestWarwas)
4b6a77ae9e [UI] Force no-store cache directives for admin and customer account section
691b700a11 [Maintenace] Test existence of new cache headers
08d0f5a1f4 Remove type declarations for properties due to supporting PHP 7.3
94366fdfec Minor fixes for specs and unit tests of cache control subscribers
5dee3dc656 [Behat] Add scenarios for securing access to account and dashboard after logging out
d4bf36c884 [Behat] Extract browser element and context
afa04e3924 Replace str_contains with strpos method to support PHP 7
b00eb517b1 [PHPUnit] Move subscribers tests to main directory
253f66b9ab bug #11 [Security] Set cache control directives to fix security leak after logging out and using back button (lchrusciel, GSadee)
46ed54bb0b [Security] XSS - SVG file upload vulnerability fixed
6ccc2d63fb bug #12 [Security] XSS - SVG file upload vulnerability fixed (Rafikooo)