All Versions
30
Latest Version
Avg Release Cycle
60 days
Latest Release
13 days ago
Changelog History
Page 3
Changelog History
Page 3
-
v1.7.6.7 Changes
July 06, 2020Full Changelog
- Front Office:
- Bug fix:
- #20052: Fix product page event theme sided not getting fired (by @NeOMakinG)
- Front Office:
-
v1.7.6.6 Changes
July 02, 2020๐ Main fixes
๐ Below are listed the 6 regressions that were found and fixed in this version:
Front-office regression:
- A BC break was mistakenly introduced in 1.7.6.5 on some selectors in the front-office #18509
Back-office regressions:
- ๐ It was not possible to use Stocks page without the rights for Translation page #19713
- Bad button color in Modules pages modal window #9699
- No success message in Customer page after editing a voucher #18842
Other regressions:
- โก๏ธ It was not possible to update currencies using the Webservice #18865
- โฌ๏ธ There was an error at the end of the upgrade if it was run manually #18723
๐ Security fixes
๐ 7 security fixes have been included in this patch version:
- ๐ External control of configuration setting in the dashboard (security advisory)
- ๐ Improper access controls in Carrier page, Module Manager and Module Positions (security advisory)
- ๐ Improper authentication (security advisory)
- ๐ Reflected XSS in product page (security advisory)
- ๐ Stored XSS in AdminQuickAccesses (security advisory)
- ๐ Information disclosure in release archive (security advisory)
- ๐ Information exposure in upload directory (security advisory)
โก๏ธ More information about why it is important to update:
- ๐ง External Control of System or Configuration Setting
- Improper Access Control
- Improper Authentication - Generic (CWE-287)
- Cross-site Scripting (XSS)
- Open Redirect (CWE-601)
- Information Exposure Through Directory Listing (CWE-548)
- Information Disclosure (CWE-200)
Notable change
In order to correctly handle user session expiration, two new SQL tables have been added to PrestaShop MySQL schema:
ps_customer_sessionandps_employee_session. These SQL tables are used for security purposes.๐ฅ Breaking or risky changes
๐ Dashboard modules can no longer use
AdminDashboardController::ajaxProcessSaveDashConfig()to save values. This is not possible anymore in PrestaShop 1.7.6.6 in order to enforce the shop's security.A bug fix included in 1.7.6.5 required changing a CSS selector in the Front Office's product page and rendering it more specific. However, this new selector did not work with some third party themes which were based on Classic.
In 1.7.6.6, a new generic selector has been added:.product-container. If you are a theme developer, make sure to add this class to the appropriate container on your product page in order to allow your product page to be refreshed on changes.Full Changelog
- Back Office:
- Bug fix:
- #19814: Change buttons in modal bulk of module page to avoid black color (by @NeOMakinG)
- #18975: BO - Customer View page - Added Green alert when editing a voucher (by @Progi1984)
- #19942: Cast changelogs to array for twig - Backport of #19778 (by @atomiix)
- #19718: Remove i18n access restrictions (by @PierreRambaud)
- #19990: Fix BO page Module permission checks (by @jolelievre)
- Front Office:
- Improvement:
- #19800: Add a new selector in order to select the product page more precisely (by @NeOMakinG)
- Core:
- Improvement:
- #19943: Update Composer dependencies and prestashop module versions (by @PierreRambaud)
- #19980: Update version number to 1.7.6.6 (by @matks)
- #19979: Update outdated assets in 176x (by @matks)
- #19984: Update license headers for PS 1.7.6.6 (by @matks)
- Bug fix:
- #19010: Added missing required_once for Datas class (by @atomiix)
- #19986: Fix php7-only code into 1766 (by @matks)
- #20018: Remove COLLATION placeholder from 1.7.6.6.sql (by @matks)
- #GHSA-mc98-xjm3-c4fm - External control of configuration setting in the dashboard (by @PierreRambaud)
- #GHSA-997j-f42g-x57c - Information exposure in upload directory (by @PierreRambaud)
- #GHSA-492w-2pp5-xhvg - Information disclosure in release archive (by @PierreRambaud)
- #GHSA-ccvh-jh5x-mpg4 - Improper authentication (by @PierreRambaud)
- #GHSA-xp3x-3h8q-c386 - Improper access controls in Carrier page, Module Manager and Module Positions (by @PierreRambaud)
- #GHSA-qgh4-95j7-p3vj - Reflected XSS in product page (by @PierreRambaud)
- #GHSA-v4pg-q2cv-f7x4 - Stored XSS in AdminQuickAccesses (by @PierreRambaud)
- ๐ Web Services:
-
v1.7.6.5
April 17, 2020 -
v1.7.6.4 Changes
March 05, 2020๐ Main fixes
- An error case on the customer email validation (#17809)
- ๐ Failure on loading the product_page.css and translations.css files (#17584)
- ๐ Display issues on the SEO live previews on Safari desktop (#17525)
- A combination color wasnโt displayed when it was selected (#17437)
- View on category not possible when all subcategories were disabled (#17379)
- ๐ง Some product combinations were not displayed on particular stock and product configurations (#17345)
- ๐ Support link was not displayed properly in the order confirmation in Arabic (#17242)
- Display issue on emails' subject with special characters (#16847)
- An error on the discount occurred on the invoice when applying a specific cart rule to an order
(#16491)
Important changes
๐ Find below detailed information about the security fix provided in this version:
- CVE reference: CVE-2020-5250
- ๐ GitHub Security Advisory: GHSA-mhfc-6rhg-fxp3
Full Changelog
- Back Office:
- Bug fix:
- #17711: Fix a bug on safari where SEO preview on create page was not updated (by @NeOMakinG)
- #17613: Files translations.css and product_page.css do not exist (by @PierreRambaud)
- #17395: Can't explore a category when all subcats are disabled (by @PululuK)
- Front Office:
- Improvement:
- #17638: Prevent email enumeration (by @PierreRambaud)
- Bug fix:
- #17457: Disable add-to-cart button when product/attribute combination is not available (by @sowbiba)
- #16616: Fix round remaining value of reduction amount (backport #16531) (by @matks)
- #17608: Email subject doesn't support html entities (by @Progi1984)
- Core:
- Bug fix:
- #17846: Fix exception thrown when editing a customer with a bad email address (by @atomiix)
- #17433: Do not escape translations when using the legacy translator from the new one (by @Progi1984)
- #17306: Do not force memory_limit in index_cli.php (by @PierreRambaud)
-
v1.7.6.3 Changes
January 21, 2020๐ Main fixes
- Unclear error notifications about the number of characters allowed on both following pages:
- Cost price & unit price sections on a product sheet do not save the changes (#16353)
- When I install a new language, emails are not translated at the first generation (#16273)
- Quickview and product flags bug (#16633)
- Wrong encoding for viewed products (#16739)
- Currency translatable fields empty in webservice 1.7.6.1 (#16760)
- Customers export from the BO - Wrong 50 limit (#16328)
- Error in mails/it/order_customer_comment.html (#16829)
- Missing chart in Shop Search stats for new employees (#16730)
- Dashboard - customer link not working 1.7.6.1 (#16460)
- Can't enable/disable Newsletter option & Enabled option when the field "Partner offers" is required (#16509)
- PrestaShopโs front office should be displayed right-to-left when in Arabic (#17245)
Important changes
Below are listed all issues we improve in this version:
- Quick access error when having a wrong url (#17050)
- โฌ๏ธ Protect modules vendor folder on install/upgrade/enable (#17036)
- Email Theme permissions settings are not saved when trying to enable them (#16337)
Full changelog
- Back Office:
- Improvement:
- #17036: Protect modules vendor folder on install/upgrade/enable (by @jolelievre)
- Bug fix:
- #16906: Handle profile name above 32 chars exception (by @atomiix)
- #17087: Define alert message when error are found in Category Form (by @Progi1984)
- #17065: Fix encoding on product name in viewed product (by @Progi1984)
- #17071: Fix recursive check of updated files - backport of #16765 (by @matks)
- #16742: Can't export data more than filters limits (by @PierreRambaud)
- #16696: Fix email theme permission (by @atomiix)
- #16746: Attributes bo_css & bo_theme can be empty (by @PierreRambaud)
- #16729: Cost price & unit price are erased when saving with a supplier (by @PierreRambaud)
- #16888: Fix customer comment template (by @jolelievre)
- #16294: Fix email not translated when installing a new language (by @atomiix)
- #16648: Fix customer statuses not being able to toggle when optin field is required (by @matthieu-rolland)
- Front Office:
- Bug fix:
- #17248: Added RTL Style for Classic Theme (by @Progi1984)
- #16852: Fix a bug where changing quantity on product quickview adds products tags on ever products (by @NeOMakinG)
- #17030: Ignore rtl assets and remove _rtl.css files (by @NeOMakinG)
- Core:
- Bug fix:
- #17050: Quick access error when having a wrong url (by @PierreRambaud)
- #16893: Fix yml config parse typo (by @mvorisek)
- #16522: Prevent getter from changing class state (by @eternoendless)
- Refactoring:
- #17130: Make $localizedSymbols variable to be compatible with develop (by @atomiix)
- ๐ Web Services:
-
v1.7.6.2 Changes
November 28, 2019๐ Main Fixes
- An infinite loop could happen within the checkout page when two specific cart rules were applied to an order [#15574]
- There was a bug impacting contributor and partner payment modules due to amount paid no longer validated when creating an order [#15834]
- Three bugs related to the CLDR implementation in the 1.7.6.0 which were provoking errors in both suppliers and orders pages after deleting a currency [#15376], [#15486] and [#15956]
- A few regressions related to the migration of the Customer page :
- Creating a new Brand Address could fail when VAT identification number is mandatory [#16121]
- 0๏ธโฃ Quantity discounts were not shown for default variant [#16417]
- โช We reverted back to using product url (including combination) rather than canonical one in the miniatures for product lists [#14765]
- ๐ป PrestaShop Command Line Interface (CLI) could not be used to clear the cache [#15324]
Important changes
โก๏ธ Following #15643 we had to add new methods to interfaces DataSourceInterface, CurrencyDataProviderInterface and RepositoryInterface to be able to fetch currencies regardless of them being deleted or unactive. This requires to update any class that implemented that interface.
โช Following #15621 we had to revert previous 1.7.6.0 change #11876 as it introduced a regression [#15274] that changed how multistore data was persisted.
Full changelog
- Back Office:
- Bug fix:
- #16365: Viewed products - the date is showing product id - not a date (by @khouloudbelguith)
- #16265: Fix category checkbox redirect (Backport #16159) (by @atomiix)
- #16153: Add missing field type DNI in brand address form (by @jolelievre)
- #16158: Fix filter not being taken into account in grid export (by @matthieu-rolland)
- #16172: Remove constraint on siret in CustomerType (by @matthieu-rolland)
- #16047: Handle multistore customers sharing in customers listing at group level (by @matks)
- #16036: Add redirect routes on security annotation of Category pages (by @jolelievre)
- #15643: Allow CLDR to display deleted/inactive currencies (by @jolelievre)
- #15859: Add clickable row option for grid actions (by @jolelievre)
- #15880: Fix wrong data mapping in export (by @eternoendless)
- #15855: Allow anonymous mode for AdminController (by @PierreRambaud)
- #15856: Must use min-with instead max-widght for the Profile button (by @PierreRambaud)
- #15685: Unable to create new supplier when VAT identification number is mandatory (by @PierreRambaud)
- #15665: Wrong selector expression, unable to move parent category (by @PierreRambaud)
- #15660: Fix tracking url in Theme and Logo page (by @jolelievre)
- #15658: Use empty legacy action parameter (by @jolelievre)
- #15382: Remove useless and buggy identifier computation (by @jolelievre)
- Front Office:
- Bug fix:
- #16423: Use default attribute when no one are passed in front page (by @PierreRambaud)
- #16274: Fix contact us email display (by @atomiix)
- #15964: Use product url (including combination) rather than canonical one in the miniatures (by @jolelievre)
- #15963: Add rel="nofollow" to prestashop website link (by @matks)
- #15930: Fix on product-flags class for product cards (by @Progi1984)
- Core:
- Improvement:
- #16203: Update version to 1.7.6.2 (by @atomiix)
- Bug fix:
- #16500: Incorrect email subject and template variable {shop_name} (by @PierreRambaud)
- #16335: Update id_order_state at the right place (by @atomiix)
- #16258: Remove unnecessary require_once config.inc (by @matks)
- #16026: Remove final keyword from Lang entity (by @jolelievre)
- #15917: Define use_debug_toolbar even if it's not set in parameters.php (by @PierreRambaud)
- #15691: Cart rules mustn't be auto added automatically in some cases (by @PierreRambaud)
- #15621: Revert "Fix lang table multi-store data issue" (by @matks)
- #15731: Webservices shouldn't display warning when running with fpm or Nginx (by @PierreRambaud)
- #15515: SqlTranslator must throw a NotFoundResourceException (by @PierreRambaud)
- โ
Tests:
- Bug fix:
- #15847: Npm is not anymore in the nodejs package (by @PierreRambaud)
- #15895: Add management of an env var to disable debug toolbar in travis tests (by @jolelievre)
- #15590: Remove selenium tests (by @PierreRambaud)
-
v1.7.6.1 Changes
August 26, 2019๐ Main fixes
- In some circumstances prices would appear with 6 decimal digits (#14640)
- The โconvert a guest into a customerโ feature wasnโt working (#14639)
- It was possible to circumvent the BO token in some circumstances (Thanks Guillaume Lictevout) (#14671)
- ๐ The โerase allโ button in the logs page wasnโt working (#14686)
- Mails werenโt completely translated/translatable (#14633)
- ๐ Links pointing to edit/view customers werenโt working on legacy pages like Quick Search (#14672)
- Prices in Czech would sometimes be displayed using the wrong formatting (#14657)
- ๐ Applying filters in the logs page would result in an error (#14785)
- ๐ Importing a theme would fail it if contained a translations directory with no files (#14960)
- ๐ The translation interface wasnโt working when using a theme other than classic (#14733 and #15133)
- ๐ Module translations edited through the new back office interface were being ignored by the module (#14932)
- Disabled categories were not being shown in the parent category tree when editing categories, resulting in an error (#14790)
- Accessing the suppliers page after an import would result in an error (#14908)
- Following steps in the checkout process were being disabled even when the theme didnโt include a โcontinueโ button (#14846)
- Errors would occur when manipulating orders in some circumstances when working on a multishop environment (#14595 and #15144)
Important changes
โก๏ธ Following #15173 we had to modify
CurrencyDataProviderInterface::findAlland add an optional parameter to be able to fetch all currencies regardless of the current shop context. This doesnโt break any previous use of the method since the parameter is optional, but it requires to update any class that implemented that interface.๐ Following #15139, module translations are no longer attached to the currently active theme. If you want a different translation for each theme, you will have to edit the theme translations; this requires the specific wording to be physically present in the theme's templates or else it won't appear in the translation interface. Only theme translations are attached to a theme now, all other translations are now global.
Full Changelog
- Back Office:
- Bug fix:
- #15173: CLDR has access to all currencies regardless of the current shop (by @jolelievre)
- #15139: Make module and email translations work again when using a theme other than classic (by @eternoendless)
- #14966: Keep BO from using two different translators in parallel (by @matthieu-rolland)
- #15030: Get all categories in category tree form (not only enabled ones) (by @matthieu-rolland)
- #14962: Fix error preventing to translate backoffice wordings when using a theme other than classic (by @eternoendless)
- #15017: Improve translation test module (by @eternoendless)
- #14721: Manage edit/view link for customers in HelperList (by @jolelievre)
- #15036: Fix supplier display after import (by @jolelievre)
- #14719: Scan translation keys from email themes (by @jolelievre)
- #14938: Fix error when loading theme that includes a translations directory but no translations (by @eternoendless)
- #14926: Fix logs filtering (by @sarjon)
- #14671: Make sure token is properly used in legacy context (by @PierreRambaud)
- #14914: Date picker calendar is shown in wrong place when rendered downwards in grid (by @PierreRambaud)
- #14828: Cannot save the "No Picture Image" (by @PierreRambaud)
- #14805: Fix unclosed div tag (by @sarjon)
- #14701: Fix log delete all action on Logs page (by @matks)
- #14605: Do not use encodeURIComponent with POST data (by @PierreRambaud)
- #14673: Fix Orders view page link to transform guest to customer (by @matks)
- Front Office:
- Bug fix:
- #15042: Only disable following steps in the checkout process when the current step has a continue button (by @jolelievre)
- #14945: Fixed {firstname} typo in order customer comment mail in 1.7.6.x (by @dheerajwebkul)
- #14786: Sprintf function broken in 1.7.6 for custom module templates (by @roja45)
- #14863: Prevent uninstall of Product Comments module (by @templatin)
- Core:
- Improvement:
- #14579: Fix many things that were supposed to be removed during build not being removed (by @eternoendless)
- Bug fix:
- #15132: Fix abstract service declaration (by @eternoendless)
- #14711: Update Decimal library to 1.2.0 (by @eternoendless)
- #14833: Bad currency format for Czech language (by @PierreRambaud)
- #14664: Update precision and numeric iso code of currencies (by @Quetzacoalt91)
- Installer:
- Bug fix:
- #14620: Init properly the Kernel on major manual upgrades (by @Quetzacoalt91)
- #14739: Keep Composer.lock file in release (by @jolelievre)
- ๐ Web Services:
- Bug fix:
- #14953: Initialize container in WebService environment (by @matthieu-rolland)
- Localization:
- Bug fix:
- #15051: Fix translations (by @jolelievre)
- โ
Tests:
- Refactoring:
- #14356: Fix "02_autoupgrade" in install_upgrade campaign (by @nesrineabdmouleh)
-
v1.7.6.0 Changes
July 10, 2019๐ This release includes all the changes from 1.7.6.0 Beta, Release Candidate 1 and Release Candidate 2.
๐ Changes since Release Candidate 2
- Back Office:
- Bug fix:
- #14532: Check if index.php file exists before ignoring it (by @jolelievre)
- Core:
- Refactoring:
- #14552: Use variable instead of recomputing (by @jolelievre)
- Back Office:
-
v1.7.5.2 Changes
May 02, 2019๐ Main fixes
- Spammers can no longer register Customers using a name that looks like an URL (#13524)
- Some of the Grid customization features were unavailable due to a wrongly-formatted hook name (#13579)
Full Changelog
- Core:
- Bug fix:
- #13599: Forbid URLs to be added in customer names (by @PierreRambaud)
- #13580: Fixed dispatched hook on the Grid presenter (by @mickaelandrieu)
- #13567: Improve name validation (by @eternoendless)
- #13549: Forbid URLs to be inserted into Name fields (by @matks)
- โ
Tests:
- Refactoring:
- #13583: Fix selector in E2E tests for addons catalog page and another one in the autoupgrade test (by @nesrineabdmouleh)
-
v1.6.1.24 Changes
May 02, 2019๐ Main fixes
- Spammers can no longer register Customers using a name that looks like an URL (#13524)
- Deleting a product would wrongfully delete keywords from the search index (PSCSX-8239)
Full Changelog