Shopware 6.6.5.1
8 August 2024
Shopware version 6.6.5.1 is now available (security release).
Upgrading to Shopware 6.6.5.1
Shopware 6.6.5.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Shopware updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Shopware install to test the 6.6.5.1 upgrade prior to applying it live. Get started managing your Shopware installations with Installatron
What's New in Shopware 6.6.5.1
6.6.5.1
Security
- Blind SQL-injection in DAL aggregations (GHSA-p6w9-r443-r752)
- Server Side Template Injection in Twig using Context functions (GHSA-35jp-8cgg-p4wj)
- Server Side Template Injection in Twig using deprecation silence tag (GHSA-27wp-jvhw-v4xp)
- Improper Access Control with ManyToMany associations in store-api (GHSA-hhcq-ph6w-494g)
Bug Fixes
- NEXT-37399 - Context object improvements
- NEXT-37397 - Improve aggregation name validation
- NEXT-37398 - Improve feature silent token validation
- NEXT-37545 - Fix filtering via decoration for payment and shipping method route
- NEXT-37555 - Change typehint in MediaUrlPlaceholderHandler (tinect)
6.6.5.0
What's New
- NEXT-37141 - Add toggle to choose generate variants or only add variants (Alexander Menk)
- NEXT-0000 - Remove category criteria for editor links (Max)
- NEXT-337778 - Order placed incorrectly
- NEXT-37361 - Show all property filters when filterable properties are not restricted (Max)
- NEXT-31047 - Improve payment handlers & general payment process
- NEXT-21273 - Add Media Option to CMS Link Selector (Alexander Menk)
- NEXT-35756 - Add error handling to HttpClient service
- NEXT-34674 - Elasticsearch with special chars
- NEXT-36854 - Add customer impersonation (Benjamin Wittwer)
- NEXT-37357 - Improve admin login session (Benjamin Wittwer)
- NEXT-35618 - Fixed the headline for SEO in product detail page
- NEXT-36499 - Fix cms data mapping for nested translations (Christoph Pötz)
- NEXT-36528 - Add intra-community delivery label to all tax relevant documents (Marina Egner)
- NEXT-36872 - Add path required to run profiler to storefront url whitelist (Benedikt Brunner)
- NEXT-373559 - Run unit-setup in admin:unit:watch command (Max)
- NEXT-36782 - Add storage name to entity attributes
- NEXT-34382 - Fix company addresses to be shown twice
- NEXT-34808 - Total in cancellation invoices should be negative
- NEXT-36424 - Fix no matching sales channel found when creating order
- NEXT-35776 - Added URI to environment information
- NEXT-36982 - Fix media url loader with unset thumbnails (Elias Lackner)
- NEXT-35343 - The selected order language is not saved for a manually created orders
- NEXT-36983 - Add mediaUpdatedAt to thumbnailPattern for disabled thumbnail generation (tinect)
- NEXT-37360 - Fix administration input of linked prices and comma values (Max)
- NEXT-36924 - Fix StoreApiSeoResolver priority and add context check before accessing it (Marcel Romeike)
- NEXT-36876 - Fixed typo in language-widget
- NEXT-16551 - Add order and customer number filters to admin lists
- NEXT-36774 - Fix $super call stack exception
- NEXT-34642 - Add default value for augmented-reality media
- NEXT-36534 - Bulk edit with more than 25 selections broken
- NEXT-37067 - Fix dead form serialize utility guard (Justus Maier)
- NEXT-26705 - Add skip to content link to improve a11y
- NEXT-00000 - Fix performance issues in EntityLoadedEventFactory (Cedric Engler)
- NEXT-36837 - Fix rule condition price listprice percentage ratio to actually use ratios
- NEXT-12399 - Improve product search term scoring on exact matches (Elias Lackner)
- NEXT-37145 - Add twig blocks to sw-order-create-general-info.html.twig (Jörg Lautenschlager)
- NEXT-36862 - Adjust AR icon label and 3D placeholder
- NEXT-36927 - Don't remove cache cookies for 404 pages
- NEXT-37104 - Improve wishlist user experience (Elias Lackner)
- NEXT-16807 - Search by product number
- NEXT-37123 - Update Github playwright test image (Max)
- NEXT-30132 - Add API routes list endpoint
- NEXT-33726 - Allow adding default values to custom entities
- NEXT-34309 - Enhance plugin:list command output with information about plugins required by composer
- NEXT-31209 - Increase app payment timeout to 20 s
- NEXT-37072 - Only cleanup successfully delivered or permanently failed webhook events
- NEXT-37121 - Search by product number should redirect to detail page
- NEXT-36809 - Deprecate sw-select-number-field component
- NEXT-37034 - Fix automatically applied promotions does not work after save the order
- NEXT-37140 - Limit search term length for mysql search
- NEXT-37143 - Merge search preferences
- NEXT-37327 - Open Shopping Experience section settings when clicking on "Setting" in the context menu (Max)
- NEXT-37095 - Avoid negative reviews offset
- NEXT-37170 - Fix GitHub Jest & Lint workflows (Benjamin Wittwer)
- NEXT-21275 - Removed customer default payment method
- NEXT-37175 - Set correct asset path for bundle assets
- NEXT-37298 - Cleanup ACL rules for default layouts (Max)
- NEXT-37237 - Fix admin customer sales channel & acl checks (Benjamin Wittwer)
- NEXT-34331 - custom field ui fix
- NEXT-33695 - The form element quantity selector is not labeled
- NEXT-36788 - Add parameters to checkout exception translations
- NEXT-37373 - defined-system-config-default-node-structure (Michał Daniel)
- NEXT-36326 - Deprecate sw-dashboard-statistics
- NEXT-37160 - Filetype in admin media search
- NEXT-37183 - Add Criteria title to search endpoint
- NEXT-37264 - refactor & convert flowBuilderService to typescript
- NEXT-37364 - Add component_payment_method_name block (Max)
- NEXT-37336 - Removed automatic state change for direct debit default payment
- NEXT-37428 - Added after order cart to cart service
- NEXT-37453 - Add block for admin login scripts