All Versions
Latest Version
Avg Release Cycle
15 days
Latest Release

Changelog History
Page 3

  • v2.10.2 Changes

    July 22, 2020

    ๐Ÿš€ Welcome to Saleor 2.10.2 release! Read the changelog below for the full list of changes:

    ๐Ÿ”„ Changelog

    • โž• Add command to change currencies in the database - #5906 by @d-wysocki
  • v2.10.1 Changes

    May 22, 2020

    ๐Ÿš€ Welcome to Saleor 2.10.1 release! This release fixes issues related to allocations and quantity calculations in Saleor 2.10.0. Read the changelog below for the full list of changes:

    ๐Ÿ”„ Changelog

    • ๐Ÿ›  Fix multiplied stock quantity - #5675 by @fowczarek
    • โœ‚ Remove invalid allocations created by a migration - #5678 by @fowczarek
    • ๐Ÿ›  Fix running order mutations as an app - #5680 by @fowczarek
    • Prevent creating checkouts and draft orders with unpublished products - #5676 by @d-wysocki
  • v2.10.0 Changes

    May 14, 2020

    ๐Ÿš€ Welcome to Saleor 2.10.0 release! Read the changelog below for the full list of changes.

    ๐Ÿ”„ Changelog

  • v2.10.0-rc.2 Changes

    May 07, 2020

    ๐Ÿš€ Welcome to 2.10.0-rc.2 release of Saleor!

    ๐Ÿ”„ Changelog

    • โž• Add error when user pass an empty object as address - #5585 by @fowczarek
    • ๐Ÿ›  Fix checkout and order flow with variant without inventory tracking - #5599 by @fowczarek
    • ๐Ÿ›  Fixed JWT expired token being flagged as an unhandled error rather than handled. - #5603 by @NyanKiyoshi
    • โ™ป๏ธ Refactor read-only middleware - #5602 by @maarcingebala
    • ๐Ÿ›  Fix availability for variants without inventory tracking - #5605 by @fowczarek
  • v2.10.0-rc.1 Changes

    May 04, 2020

    ๐Ÿš€ Welcome to 2.10.0-rc.1 release of Saleor! See the changelog below for the full list of changes.

    ๐Ÿ”„ Changelog

  • v2.9.1 Changes

    January 24, 2020

    ๐Ÿš€ This release fixes a vulnerability issue in Saleor.

    The checkoutCustomerAttach mutation failed to verify whether the customer ID passed matched the currently logged in user. This allowed users to generate checkout sessions and attach them to random existing users. User IDs are integers, so with enough effort, valid ones could be enumerated using brute force.

    As the mutation returns the modified checkout object, the attacker could request its user field to retrieve information about the user the checkout was now assigned to. Information potentially disclosed includes: first and last name, address book contents, order history, and stored payment methods if any (card type, last four digits, expiration date).

    โž• Additionally, weโ€™ve also provided a solution that makes sure any embedded user object will only be obtainable by a privileged site admin or by the same user if currently logged in. This affects the following fields:

    • Checkout.user
    • CustomerEvent.user
    • GiftCard.user
    • Order.user
    • OrderEvent.user
    • User.storedPaymentSources

    CVE for this issue is pending.

    Affected versions

    ๐Ÿš€ All Saleor releases contain this mutation up to version 2.9.

    ๐Ÿ”„ Changelog

  • v2.9.0 Changes

    October 25, 2019

    ๐Ÿš€ Welcome to the 2.9 release of Saleor! Read the full article about the release on our blog:

    ๐Ÿ”„ Changelog


    • โž• Add mutation to change customer's first name last name - #4489 by @fowczarek
    • โž• Add mutation to delete customer's account - #4494 by @fowczarek
    • โž• Add mutation to change customer's password - #4656 by @fowczarek
    • โž• Add ability to customize email sender address in emails sent by Saleor - #4820 by @NyanKiyoshi
    • โž• Add ability to filter attributes per global ID - #4640 by @NyanKiyoshi
    • โž• Add ability to search product types by value (through the name) - #4647 by @NyanKiyoshi
    • โž• Add queries and mutation for serving and saving the configuration of all plugins - #4576 by @korycins
    • โž• Add redirectUrl to staff and user create mutations - #4717 by @fowczarek
    • โž• Add error codes to mutations responses - #4676 by @Kwaidan00
    • โž• Add translations to countries in shop query - #4732 by @fowczarek
    • โž• Add support for sorting product by their attribute values through given attribute ID - #4740 by @NyanKiyoshi
    • โž• Add descriptions for queries and query arguments - #4758 by @maarcingebala
    • โž• Add support for Apollo Federation - #4825 by @salwator
    • โž• Add mutation to create multiple product variants at once - #4735 by @fowczarek
    • โž• Add default value to custom errors - #4797 by @fowczarek
    • ๐Ÿ”ง Extend availablePaymentGateways field with gateways' configuration data - #4774 by @salwator
    • ๐Ÿ”„ Change AddressValidationRules API - #4655 by @Kwaidan00
    • ๐Ÿ‘‰ Use search in a consistent way; add sort by product type name and publication status to products query. - #4715 by @fowczarek
    • ๐Ÿšš Unify menuItemMove mutation with other reordering mutations - #4734 by @NyanKiyoshi
    • Don't create an order when the payment was unsuccessful - #4500 by @NyanKiyoshi
    • Don't require shipping information in checkout for digital orders - #4573 by @NyanKiyoshi
    • โฌ‡๏ธ Drop manage_users permission from the permissions query - #4854 by @maarcingebala
    • ๐Ÿ—„ Deprecate inCategory and inCollection attributes filters in favor of filter argument - #4700 by @NyanKiyoshi & @khalibloo
    • โœ‚ Remove PaymentGatewayEnum from the schema, as gateways now are dynamic plugins - #4756 by @salwator
    • Require manage_products permission to query costPrice and stockQuantity fields - #4753 by @NyanKiyoshi
    • โ™ป๏ธ Refactor account mutations - #4510, #4668 by @fowczarek
    • ๐Ÿ›  Fix generating random avatars when updating staff accounts - #4521 by @maarcingebala
    • ๐Ÿ›  Fix updating JSON menu representation in mutations - #4524 by @maarcingebala
    • ๐Ÿ›  Fix fetching staff user without manage_users permission - #4835 by @fowczarek
    • Ensure that a GraphQL query is a string - #4836 by @nix010
    • โž• Add ability to configure the password reset link - #4863 by @fowczarek


    • โž• Add enterprise-grade attributes management - #4351 by @dominik-zeglen and @NyanKiyoshi
    • โž• Add extensions manager - #4497 by @korycins
    • โž• Add service accounts - backend support - #4689 by @korycins
    • โž• Add support for webhooks - #4731 by @korycins
    • Migrate the attributes mapping from HStore to many-to-many relation - #4663 by @NyanKiyoshi
    • ๐Ÿ“‡ Create general abstraction for object metadata - #4447 by @salwator
    • โž• Add metadata to Order and Fulfillment models - #4513, #4866 by @szewczykmira
    • ๐Ÿ”Œ Migrate the tax calculations to plugins - #4497 by @korycins
    • ๐Ÿ”Œ Rewrite payment gateways using plugin architecture - #4669 by @salwator
    • Rewrite Stripe integration to use PaymentIntents API - #4606 by @salwator
    • โ™ป๏ธ Refactor password recovery system - #4617 by @fowczarek
    • โž• Add functionality to sort products by their "minimal variant price" - #4416 by @derenio
    • โž• Add voucher's "once per customer" feature - #4442 by @fowczarek
    • โž• Add validations for minimum password length in settings - #4735 by @fowczarek
    • โž• Add form to configure payments in the dashboard - #4807 by @szewczykmira
    • ๐Ÿ”„ Change unique_together in AttributeValue - #4805 by @fowczarek
    • ๐Ÿ”„ Change max length of SKU to 255 characters - #4811 by @lex111
    • Distinguish OrderLine product name and variant name - #4702 by @fowczarek
    • ๐Ÿ›  Fix updating order status after automatic fulfillment of digital products - #4709 by @korycins
    • ๐Ÿ›  Fix error when updating or creating a sale with missing required values - #4778 by @NyanKiyoshi
    • ๐Ÿ›  Fix error filtering pages by URL in the dashboard 1.0 - #4776 by @NyanKiyoshi
    • ๐Ÿ›  Fix display of the products tax rate in the details page of dashboard 1.0 - #4780 by @NyanKiyoshi
    • ๐Ÿ›  Fix adding the same product into a collection multiple times - #4518 by @NyanKiyoshi
    • ๐Ÿ›  Fix crash when placing an order when a customer happens to have the same address more than once - #4824 by @NyanKiyoshi
    • ๐Ÿ›  Fix time zone based tests - #4468 by @fowczarek
    • ๐Ÿ›  Fix serializing empty URLs as a string when creating menu items - #4616 by @maarcingebala
    • The invalid IP address in HTTP requests now fallback to the requester's IP address. - #4597 by @NyanKiyoshi

    Dashboard 2.0

    ๐Ÿšš Below are changes from the changelog in Saleor main repository. Since the dashboard was moved to its own repository, the rest of the changes can be found there .

    Other notable changes

    • Replace Pipenv with Poetry - #3894 by @michaljelonek
    • โฌ†๏ธ Upgrade django-prices to v2.1 - #4639 by @NyanKiyoshi
    • Disable reports from uWSGI about broken pipe and write errors from disconnected clients - #4596 by @NyanKiyoshi
    • ๐Ÿ›  Fix the random failures of populatedb trying to create users with an existing email - #4769 by @NyanKiyoshi
    • ๐Ÿ’… Enforce pydocstyle for Python docstrings over the project - #4562 by @NyanKiyoshi
    • ๐Ÿšš Move Django Debug Toolbar to dev requirements - #4454 by @derenio
    • ๐Ÿ”„ Change license for artwork to CC-BY 4.0
    • ๐Ÿ†• New translations:
      • Greek
  • v2.9.0.b5

    November 20, 2019
  • v2.9.0.b4

    November 12, 2019
  • v2.9.0.b3

    October 25, 2019