New
v20.13.0 π
Changes
π¨ Security
- CVE-2025-27400 - Sanitize skin urls that could be used for Stored XSS @justlife4x4 @colinmollenhour (#4654)
- [Backport] Added form key validation to Contacts form @sreichel (#4610)
- TinyMCE: potential fix for code scanning alert: Inefficient regular expression @sreichel (#4491)
π Features
- TinyMCE: disable WYSIWYG if not installed @sreichel (#4495)
- Cache store in API2 for performance. @kiatng (#4631)
- Add SAMPLE_DATA option to
dev/openmage/install.sh@colinmollenhour (#4602) - Install flow.js (uploader) via composer @sreichel (#4469)
π Bug Fixes
- keep attribute_id as keys in getFilterableAttributes () @empiricompany (#4639)
- Fix error in column renderer when value is empty and not null @aamant (#4601)
- php8: TypeError: Unsupported operand types: string * int @sreichel (#4526)
- Api2: Fixes getProductUrl @Hanmac (#4511)
- php8.3: fix deprecated passing null to
str_replace()@sreichel (#4525) - Avoid errors when trying to lock config if database is not yet available @colinmollenhour (#4603)
- Fix issue with double port in error pages base URL @massa-man (#4518)
- Fixed null deprecation in UnserializeArray.php @kiatng (#4394)
- php 8.3: fix catch for empty sitemap filename @midlan (#4521)
- Added currency code to cache-info for new products block @sreichel (#4514)
- Fixed null deprecation in Mage_Eav_Model_Attribute_Data_Text @kiatng (#4500)
π Documentation
- DOCS: added ddev docs for windows @sreichel (#4611)
- DOCS: added releases @sreichel (#4607)
π¨ Maintenance
- Bump version to v20.13.0 @sreichel (#4645)
- Chore: Check for
DS/PSalready set @sreichel (#4484) - Remove obsolete phpstan baseline entry for invalid binary operation. @aamant (#4640)
- Drop ZIP-archive support @sreichel (#4485)
- Update release-drafter.yml @sreichel (#4638)
- PhpUnit: added test, ref #4518 @sreichel (#4524)
- Update release-drafter.yml template @sreichel (#4528)
- Workflow: updated PhpUnit versions @sreichel (#4619)
- CodeQL: updated config @sreichel (#4490)
- Cleanup: removed js/jscolor @sreichel (#4458)
- add justlife4x4 as a contributor for security @allcontributors[bot] (#4657)
- add mbattistini as a contributor for bug @allcontributors[bot] (#4608)
- add mark-netalico as a contributor for bug @allcontributors[bot] (#4586)
- PhpUnit: updated and added tests @sreichel (#4454)
- add real34 as a contributor for bug @allcontributors[bot] (#4572)
- add kanevbg as a contributor for bug @allcontributors[bot] (#4577)
- add vovayatsyuk as a contributor for bug @allcontributors[bot] (#4578)
βοΈ Dependencies
- Bump perftools/php-profiler from 1.1.2 to 1.2.0 @dependabot[bot] (#4649)
- Bump friendsofphp/php-cs-fixer from 3.69.0 to 3.70.0 @dependabot[bot] (#4648)
- Bump phpstan/phpstan from 2.1.5 to 2.1.6 @dependabot[bot] (#4647)
- Bump symplify/vendor-patches from 11.3.7 to 11.4.1 @dependabot[bot] (#4650)
- Bump tinymce/tinymce from 7.6.1 to 7.7.0 @dependabot[bot] (#4646)
- Bump rector/rector from 2.0.8 to 2.0.9 @dependabot[bot] (#4635)
- Bump friendsofphp/php-cs-fixer from 3.68.5 to 3.69.0 @dependabot[bot] (#4634)
- Bump phpstan/phpstan from 2.1.3 to 2.1.5 @dependabot[bot] (#4636)
- Bump friendsofphp/php-cs-fixer from 3.68.1 to 3.68.5 @dependabot[bot] (#4530)