Shopware 6.1.6
15 May 2020
Shopware version 6.1.6 is now available (major release).
Upgrading to Shopware 6.1.6
Shopware 6.1.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Shopware updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Shopware install to test the 6.1.6 upgrade prior to applying it live. Get started managing your Shopware installations with Installatron
What's New in Shopware 6.1.6
6.1.6
Security
- NEXT-8282: Reported by Patryk Piluś.
- NEXT-8571: Session hijacking vulnerability of customer accounts in the storefront.
- NEXT-8282: Security update of third party symfony components.
Bug fixes
- NEXT-4890 - Fixed loading of media for subcategories in offcanvas menu (claudiobianco)
- NEXT-6422 - The IP address whitelist for the maintenance mode now works correctly with proxy servers
- NEXT-6927 - When transitioning from or to the "cancelled" state of an order, the available stock of its positions will now be recalculated
- NEXT-6951 - The categories no longer freeze if the language has been changed and no category was selected.
- NEXT-7027 - It is now possible to use the SCSS @extend feature on existing bootstrap classes when using the ./psh.phar storefront:hot or ./psh.phar storefront:hot-proxy command.
- NEXT-7115 - Fixed error in address change modal
- NEXT-7204 - Fixed Web Installer in production template. (binaermanufaktur)
- NEXT-7211 - Fix variable name in documentation (MemoICT)
- NEXT-7212 - Fix service tag name in documentation (soebbing)
- NEXT-7252 - Fixed sitemap gzip error
- NEXT-7319 - Disabled twig cache warmup
- NEXT-7385 - Inactive categories can no longer be accessed via SEO URL directly
- NEXT-7434 - Fixed an error in the maintenance page that lead to a redirect loop.
- NEXT-7499 - Added spellcheck for the shopping experience editor (tinect)
6.1.5
Bug fixes
- NEXT-5036 - It is now possible to define email attachments for each email template and language
- NEXT-7635 - Added Import/Export module with csv support.
- NEXT-7675 - Fixed a bug, where users would randomly be forced logged out in the administration
- NEXT-7791 - A database migration for updating the system default order confirmation mail template was updated to no longer override custom content in the template
6.1.4
Security
- NEXT-7538: The security issue was reported by Daniel Keckeis.
Bug fixes
- NEXT-4890 - Fixed loading of media for subcategories in offcanvas menu (claudiobianco)
- NEXT-6422 - The IP address whitelist for the maintenance mode now works correctly with proxy servers
- NEXT-6927 - When transitioning from or to the "cancelled" state of an order, the available stock of its positions will now be recalculated
- NEXT-6951 - The categories no longer freeze if the language has been changed and no category was selected.
- NEXT-7027 - It is now possible to use the SCSS @extend feature on existing bootstrap classes when using the ./psh.phar storefront:hot or ./psh.phar storefront:hot-proxy command.
- NEXT-7115 - Fixed error in address change modal
- NEXT-7204 - Fixed Web Installer in production template. (binaermanufaktur)
- NEXT-7211 - Fix variable name in documentation (MemoICT)
- NEXT-7212 - Fix service tag name in documentation (soebbing)
- NEXT-7252 - Fixed sitemap gzip error
- NEXT-7319 - Disabled twig cache warmup
- NEXT-7385 - Inactive categories can no longer be accessed via SEO URL directly
- NEXT-7434 - Fixed an error in the maintenance page that lead to a redirect loop.
- NEXT-7499 - Added spellcheck for the shopping experience editor (tinect)
6.1.3
Bug Fixes
- Migration fixed which caused the update to abort, if there is a German translation for the contact form
6.1.2
Changes
- Adds an option for themes that can be used to control whether only the SCSS from Bootstrap should be used
- Added whitelist for file upload in media manager
- Errors displayed by select boxes in administration are now removed when selection changes
- Improved error Handling in user settings
- The open api schema is now OAS3 conform
- Added automated tests
- Fix empty labels in product stream rule conditions
- Fixed variant issue in product group preview
- Fixed sitemap response content type
- The correct delivery state is now displayed in the delivery mail templates.
- Fixed sendmail mail transport
- The cart settings->Show delivery time in cart setting is now being applied to cart and checkout.
- Fixed template inheritance when cache will be warmed up
- Added migration for german contact-form template
- Plugin changelog files in unknown language are now ignored (runelaenen)
- Invalid migrations will be now ignored
6.1.1
Changes
- Implementation of currency-specific list prices.
- Tooltips will change their position automatically if they do not fit to the display.
- The payment and delivery method information on the order finish page is now taken from the order and no longer from the saleschannel context
- Guest orders doesn't receive a welcome register mail anymore
- As a theme developer, it is now possible to overwrite the Bootstrap SCSS default variables.
- Quickview of products in the order process was fixed
- Product images that are very long won't be cut off anymore.
- Migration-System extended to support more plugin options
- Unused settings removed - Bank account & Address in Basic Information
- Standard template for AGB etc. added
- The context menu now automatically opens upwards if there is not enough space below to display all entries.
- Put in Cart works now even if the domain or basedir contains uppercase letters
- The configuration of the maximum purchase on the product, as well as the global configuration, are now validated in the shopping cart. If a product item with more than the defined max quantity is placed in the shopping cart, the quantity is reduced and the customer receives a corresponding error message.
- The language change in the administration was fixed. In addition, the language of the user is now loaded after logging in.
- Added a twig function, which allows to resolve the media id of a custom field of type media.
- No more negative quantities are displayed on the product detail page.
- In the overview of product ratings, the product name is now displayed correctly if the user is not in the default language of the system, or if the rating was made for a variant.
- The bug was fixed, by which no new rules could be created via the shipping methods module.
- Fixed a problem with the inheritance of prices
- The block "sw_cms_element_product_listing_config_layout_select_options" was added to "sw-cms-el-config-product-listing" (yopiwko)
- An error was intercepted that a wrong languageId in the LocaleStorage can cause that the administration can not send requests successfully anymore.
- The contact- and newsletter form is now available in new languages
- Hide account navigation on mobile devices
- The product ratings in the frontend were optimized. Now, ratings of all languages and all variants are displayed first. The customer has the possibility to filter on the current shop language. The filtering and sorting has been corrected, so that the customer can also filter several points. Furthermore, the calculation of the average rating of products has been optimized.
- Mail copy is now sent via BCC
- We have fixed the price sorting for variant products. These are now correctly sorted in the product lists.
- Options in variant generator are sorted now
- The e2e testsuite is a separate package now
- The select field now opens intelligently. This fixes the problem that sometimes certain values could not be selected.
- The inheritance switches are no longer displayed on the product detail page when switching from a variant to the main product.
- Update the node sass compiler version to 4.13.0.
- Shopping experience layouts are now duplicatable. Locked layouts are clearly recognizable.
- In the composer.json of plugins, entries in "authors" with the role "Manufacturer" are now preferred (JoshuaBehrens)
- The database connection of the installer now supports sockets (reneznexum)
- You can change an address while in checkout now
- Fixed a bug that prevented promotions that not have a translation for the current language from being added to the shopping cart.
- External links are working as expected in the offcanvas menu now
- The IP address whitelist for the maintenance mode was improved
- Fixed that notifications do not disappear immediately after login
6.1.0
Changes
- The OpenAPI api documentation is now supported in every api version.
- Added error handling to the Plugin Manager
- Integrated plugins can be updated without login
- Fix: Variant surcahrge modal works for every content language.
- When updating domains in a sales channel you can only select one of the available languages for the sales channel
- Loading behavior bugfix for the product and promotion lists
- Extended the popover directive to able the usage in the data grid
- Extension of existing module routes now also contain the meta information
- Fixed a bug where entities got removed by deleting default version. Deleting default version via `/api/v{version}/_action/version/{versionId}/{entity}/{entityId}` is now forbidden.
- Fixed a recursion bug when discarding changes in category edit form
- Now there is a link on a variant product back to the main product
- Seo url generation has been improved, so that seo urls are now also generated for the footer categories and service menu categories. Furthermore, small bugs have been fixed, so that when changing category names the urls were not regenerated.
- Removed unessecary select field in the rule builder when creating a new rule. Additionally, the empty state got revised.
- Fixed a bug where Javascript execution stopped if a storefront plugin's initialization fails
- The Plugin Manager now displays a pagination if more than 25 plugins are installed
- You can now define how many levels should be loaded for the main navigation of a sales channel.
- Added error message if LineItem was added without label
- The Url for product exports is now always displayed.
- Fix: Database credentials can't be leaked through error messages.
- Categories that have an external link, now also refer to this link when they are included in the service menu.
- Validation added to purchase steps and minimum purchase
- Bugfix at the domain selection in the First Run Wizard. Fixed a permanent loading state.
- Price rule with date range corrected
- Rules and MailTemplates can be duplicated via the admin again.
- When Elasticsearch was active, not all properties were displayed as filters. This has been fixed.
- Added hint for min elasticsearch version
- Fixes parameter escaping in the suggestion search
- The text for mobile behaviour settings in the Shopping Experiences will now be displayed correctly.
- The option for set groups in "Promotions" has been hidden behind an experimental flag.
- Added a HowTo for extending the cookie consent manager to the documentation.
- The deactivated placeholder for the shopping experiences page for products has been removed for the final version
- Bugfix: Switch product variants not possible in Edge browser
- Removes the "add order" button in the order module
- Maintenance page is shown even if original request would result in an 404 error.
- Es wurde ein Problem behoben, bei dem die Produktmenge im Off-Canvas Einkaufswagen immer den Wert "100" in der Mengen Select Box anzeigt.
- Fix: Währungsspezifische Preise werden korrekt in der Storefront ausgegeben.
- Das Löschen über den Delete-Button im Category Tree funktioniert wieder
- Ein Problem beim Erstellen des internen $super-call Stacks in der production Version wurde behoben (joanna-gil)
- Es wurde ein Fehler bei der Migration `Migration1571724915MultipleTrackingCodesInOrderDelivery` mit einer nicht leeren `order_delivery` Tabelle behoben.
- Wir haben die Validierung beim Löschen von Kunden Adressen optimiert. Vielen dank an Krystian Kulesz [https://github.com/kryst3q]
- The pathname strategies have been refactored. By default, the 'physical_filename' strategy should now be used, which is compatible with the old 'md5'. If media files are not loaded, please configure `shopware.cdn.strategy` with the value `physical_filename`.
- Fix: Currency specific prices are correctly displayed in the storefront.
- Deleting via the Delete button in the Category Tree works again.
- Update external dependencies due to security concerns
- Fixed issue on pattern match $super while building the internal super-call stack in production (joanna-gil)
- We have optimized the validation when deleting customer addresses. Thanks to Krystian Kulesz [https://github.com/kryst3q]
- Fix: Fixed Auto-Updater for future releases.
- Fix: Fixed license list in the plugin manager.
- Fixed an error in storefront search that occurred when keywords such as \0\0 were entered.
- Fixed a bug for displaying translated snippets in modules
- Fixed an error in document generation that occurred when an item did not have a product number.
- Fixed a bug that prevented footer menus from being included.
- Fixed a bug in an existing migration that caused the update to fail
- Fix: Currency specific prices are correctly displayed in the storefront.
- Deleting via the Delete button in the Category Tree works again.
- Fixed issue on pattern match $super while building the internal super-call stack in production (joanna-gil)
- Fixed migration `Migration1571724915MultipleTrackingCodesInOrderDelivery` crash with a non-empty `order_delivery` table.
- We have optimized the validation when deleting customer addresses. Thanks to Krystian Kulesz [https://github.com/kryst3q]
- Added CSRF protection to the storefront.
- It is now possible to maintain a meta title, meta-description and keywords on product and category pages
- A new cms block for forms was added. One can configure the element as follows: - Choose a form type (contact or newsletter) - Add a title - Add a confirmation text when form was successfully send - only for contact forms: choose mail receiver
- Added `session` and `system` sections to `Shopware.State`
- Under Settings > Basic information you can now select a shop page which will be displayed in a "404 - not found" error. Shop pages in the basic informations now have to be of the type "shop page"
- The context is now a vuex state
- It is now possible to add default values in the plugin configuration (tyurderi)
- Now snippets are retrieved asynchronously to improve performance
- Added support for theme inheritance in the theme.json file.
- Changed the Context Resolving
- The administration now caches the JS and CSS files and uses cache busting via last modified and filesize to invalidate the cache.
- Visually update for product assignment in category module. Assigned product can be searched by name, manufacturer name and product number
- Fallback to technical names for non translated fields in dynamic product groups
- PathnameStrategyInterface now generates tha complete path and filename - ID is now the dafult source of randomness
- A new cms block for forms was added. One can configure the element as follows: - Choose a form type (contact or newsletter) - Add a title - Add a confirmation text when form was successfully send - only for contact forms: choose mail receiver
- A new cms block for forms was added. One can configure the element as follows: - Choose a form type (contact or newsletter) - Add a title - Add a confirmation text when form was successfully send - only for contact forms: choose mail receiver
- The seo admin module now display a comprehensive errormessage, if no seo url preview could be generated because of missing entities.
- Fixed $super in multiple inheritance
- You can now assign a main category to a product. This category must be one of the assigned categories and can be used for seo url generation.
- We have added the following currencies PLN, CHF, SEK, DKK and DKK
- The settings entry 'Logging' got moved from Shop -> Logging to System -> Logging.
- After unassigning a payment method from a sales channel, it is no longer possible to complete an order with that payment method.
- A sales channel can now be set into a maintenance mode. A layout to be selected under Settings > Basic information will then be displayed. If no layout is selected, an fallback is taken. The Layouts for Imprint and Privacy Policy will be linked in the maintenance page footer
- The colors and contrasts in the storefront have been optimized for better readability and an improved ranking in the Lighthouse Audit (Google Chrome Developer Tools). Missing attributes have been added for screen readers in the storefront. The flags in the language change drop-down in the storefront are displayed again. Removed different distances and heights in the search suggestions (dropdown).
- A new module to manage delivery times hat been added to the administration settings.
- Storefront: Add functionality to reset password for the shop customer
- Added affiliate tracking.
- Changed the design of the plugin recommendations.
- Fixed presentation of variants in storefront if many options are configured
- On status change for orders you can now send e-mails with documents attached.
- UI changes
- Add cross selling administration part
- Add cross selling storefront implementation
- The syntax in administration has been optimized for developers who want to access services and context.
- The context is refactored to seperate the API context and the APP context.
- A listing page can no longer be saved without product listing block. If this block is missing you can add it under the block category "Commerce".
- Product variant titles now contain the properties and the product number in addition to the name.
- The filter element in the storefront has now been moved in an offcanvas when the user is in an mobile viewport
- Canonical urls can now be overwritten for products and categories
- The generation of thumbnails works independently of the case of the file ending.
- Links in the text editor may now be displayed as buttons
- Added a Vimeo video cms element.
- Added SEO breadcrumb in several pages
- Categories hidden in the navigation are accessible over their url.
- The name of the blocks and elements in the Shopping Experiences will now be displayed beneath the blocks and elements.
- Redesigned form view in Shoppping Experiences.
- The consume call gets restartet after a failing request
- Fixed an issue where no navigation is visible in the off-canvas menu.
- You can now define snippets via the administration with HTML-tags.
- Fixed $super-call stack when $super is used in promise-chains
- Fix: Reviews can be saved again.
- The sections of the Shopping Experiences now have a sidebar with actions. Click on the section icon to activated the section and open the edit menu. The section settings now share the menu with the block settings.
- Add the opportunity to install the migration-plugin in the First Run Wizard
- UI changes and refacotring
- The basic price now is visible in the offcanvas cart and the ajax search. Additionally the basic price on the product detail page is not completely visible if the referencePrice is not null.
- Shipping costs are displayed in the OffCanvas cart.
- It is now possible to remove personal data which does not necessarily has to be saved, with a command. Running "bin/console database:clean-personal-data" will remove guests without orders and / or canceled shopping carts. For each of them an argument has to be added: "guests" or "carts" and for both the option "--all". Days can be set with "--days" and a value, how old the data to remove should be.
- IP addresses of customers can now be stored anonymously when logging in or placing an order. In the admin at Login / Registration this can also be changed, by default they are anonymized.
- In the admin settings at Login / Registration it is now possible to activate the double opt in for guests and registrations. Double opt in registration: If this setting is active, the customer will no longer be redirected to the account overview after registration, but will receive an e-mail with a confirmation link. Only after the confirmation the account will be activated and the customer forwarded to his account overview. Double opt in guest order: If this setting is active, customers who want to complete there order as a guest, will first receive an email to confirm there email address. This email contains a confirmation link that redirects the customer to the order completion.
- Added custom fields to the categories module (PheysX)
- You can assign an email template to a Sales Channel when changing the state of an order. You can do this only when there is no email template assigned to this specific order state.
- The mailers can now be configured in the settings as well as in the First Run Wizard.
- Bootstrap variables and mixins are accessible in every storefront mode
- The system default language can no longer inherit from another language.
- On status change for orders you can now send e-mails with documents attached.
- You can select if a state must be specified for each country. Selecting states in addresses is possible now Storefront: Customers can specify a state in their addresses
- Fixed issue Deleting multiple categories works * Bugfix: product assignment card shows correct assignments in results list
- Fix appearance bug in the off-canvas filter
- Improved error messages in first run wizard for plugin installation
- Registration works again without forcing a state