Shopware 5.5.10
10 June 2019
Shopware version 5.5.10 is now available (security release).
Upgrading to Shopware 5.5.10
Shopware 5.5.10 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Shopware updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Shopware install to test the 5.5.10 upgrade prior to applying it live. Get started managing your Shopware installations with Installatron
What's New in Shopware 5.5.10
5.5.10
Changes
- SW-24134 - Added support for 'int' and 'array' parameters in '\Shopware\Bundle\StoreFrontBundle\Gateway\DBAL\CategoryGateway::get'
- SW-24135 - Adds support for environments that are limited using 'open_basedir'
5.5.9
Security
- SW-24068: Authenticated Remote Code Execution
Changes
- SW-22864 - Translated media attributes can now be used again in shopping worlds
- SW-22983 - Fixed the category teaser dropdown listing
- SW-23611 - Implemented translations for attributes with underscores via API (hlohaus)
- SW-23642 - Actions in empty offcanvas baskets are now disabled
- SW-23720 - Fixed translations for custompage attributes
- SW-23768 - Prices are no longer updated between the order confirmation page and the order completion page.
- SW-23771 - Added option to "I am" select field in basic configuration so that the default customers are B2B customers.
- SW-23778 - Changed image selection for the blog media manager to use all folders
- SW-23800 - You can search for variants from the general search in the backend
- SW-23809 - `Blog` and `Listing` controllers now only display content of their respective types
- SW-23811 - Download Filesize of product ressources are read from `s_media` now (tinect)
- SW-23812 - Property tab in article module is now sorted as defined in the property module (padarom)
- SW-23820 - Changed the configuration for redis cache to also show information of cacheDir (tinect)
- SW-23827 - Fixed worstRating for Googles struct data
- SW-23843 - Fixed a default value in the Elasticsearch Product struct (benboit)
- SW-23856 - Shipping cost calculation on basket page reopens when reloading
- SW-23858 - Improved frontend search (SieGeL2k16)
- SW-23882 - Fixes sorting on manufacturer listing pages (runelaenen)
- SW-23892 - Currency factor application refactored (jkrzefski)
- SW-23902 - Fixed wrong english translation in search settings
- SW-23911 - Changed the riskmanager to also show inactive payment methods and their active status (JoshuaBehrens)
- SW-23912 - Improved support for unicode characters in backend indexer (wrongspot)
- SW-23913 - Allowed zooming on mobile devices (snHolst)
- SW-23916 - Random Tiny-MCE error when opening article fixed
- SW-23925 - Implements compatibility with MySQL 8.0.16
- SW-23934 - Changed BatchProcess to fix an issue with `removeString` operator
- SW-23938 - Adds new SKU-regex to backend listing-view (hlohaus)
- SW-23942 - The 'No account' checkbox now isn't shown on anymore on signup
- SW-23948 - Extended event listeners, so that cached product detail pages are invalidated when the corresponding product is removed (buddhaCode)
- SW-23963 - Fixed rating button in mobile view
- SW-23968 - Improves GTIN `itemprop` for EANs (tinect)
- SW-23969 - Added multiple `get...QueryBuilder` methods to OrderRepository (buddhaCode)
- SW-23976 - Fixed an issue with the configuration of directory permissions (ingowalther)
- SW-23977 - Products in backend Product Stream lists now contain the SKU and a link to open each product (pascalheidman-bedarf)
- SW-23981 - Custom Attributes on Shop pages now can be translated
- SW-23993 - Fixed a typo (budda)
- SW-23994 - Make SnippetManager-constructor more backward compatible (felixbrucker)
- SW-23680 - Added pseudo-percent and adjusted price columns in backend (tinect)
5.5.8
Security
- SW-23603: Many thanks to Netsparker security researcher Umran Yildirimkaya for this report.
- SW-23626, SW-23766: Many thanks to mschop for this reports.
Changes
- SW-21336 - Added plugin compatibility check (shyim)
- SW-21650 - Old note entries from guest users are now cleared after a year (shyim)
- SW-21980 - {link} modifier now works also in cli
- SW-22586 - Fixes a wrong name being shown in the header after a login in a different account
- SW-22888 - Removed duplicate headers on esd download
- SW-23172 - Improved performance of method `sGetSimilarArticles` (Ancillius)
- SW-23310 - Added smarty block to themes/Frontend/Bare/documents/index.tp to simplify extensions
- SW-23392 - Hide basic price after content information on a detail page of a product with graduated prices
- SW-23400 - Added new configuration to set min. search keyword length. (pascalheidman-bedarf)
- SW-23425 - Fixed ajax variant change with url parameters without value
- SW-23467 - Added option for "Deactivate no customer account" in the basic settings so that the checkbox can be preselected.
- SW-23502 - Introduce service to allow modification of the query used to fetch products (oktupol)
- SW-23529 - 404 error while warming up the cache are now properly logged (foxlady)
- SW-23536 - Add two configs for display shipping costs pre calculation in shopping cart and off canvas shopping cart
- SW-23541 - Added warning for not tested compatibility with PHP version higher than 7.2.x in installer and system info
- SW-23572 - The width of the select box for the quantity of items in the shopping cart has been adjusted for tablet view
- SW-23576 - Fixes issues with variant stock availability filter in Elasticsearch
- SW-23581 - Standardized resource-ids and consistency of conversion from CamelCase to snake_case (fivetide)
- SW-23588 - In the mobile view, the same data is displayed in the order details as in the desktop version
- SW-23607 - Fixed isCached condition in Newsletter Controller
- SW-23612 - Fixes issues with the first request of a URL when HTTP-Cache debugging is active (arosenhagen)
- SW-23621 - Fixed backend log viewer
- SW-23628 - priceCurrency, priceValidUntil, url, image added to rich snippets
- SW-23634 - Fixes issues with the selection of roles on the edit rules screen
- SW-23641 - Fixed display issues of long filter names by adding a title (uehler)
- SW-23667 - Improved elasticsearch index time when variant search is active
- SW-23669 - The backend now uses the created-date as a cachebuster for media (tinect)
- SW-23671 - Changed font-display value to 'swag' for improved font rendering performance (hlohaus)
- SW-23687 - Added missing attribute accessor methods to `CustomerStream` model (JoshuaBehrens)
- SW-23726 - Added smarty function `http_build_query` to allowed_functions list (hlohaus)
- SW-23732 - Fixed category menu after logout with customergroup restrictions
- SW-23733 - The length of the meta description of the blog posts now depends on the global length of the meta description
- SW-23734 - Closes property filter dropdown if a value is selected and other values for this property can not be selected
- SW-23763 - Removed duplicate variables assignments (tinect)
- SW-23764 - Prevent google bots from indexing sites that are disallowed by robots.txt (codeenterprise)
- SW-23767 - Guest customers could order even though they had no selected shipping method and the configuration prohibits an order without a shipping method.
- SW-23753 - The list of allowed file extensions in the mediamanager can now be customized more easily