HEX
Server: LiteSpeed
System: Linux server318.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: sahadove (2893)
PHP: 8.2.30
Disabled: NONE
$ pwd: /proc/self/root/proc/thread-self/root/var/softaculous/bagisto/
Upload Files
File: //proc/self/root/proc/thread-self/root/var/softaculous/bagisto/changelog.txt
2.3.11

🐛 Bug Fixings

    Security updates.

    Enhanced form validation by implementing auto-scroll to the first error field, with support for regular inputs, array fields (categories, channels), nested fields, and TinyMCE editors. Added fallback flash messages when error fields cannot be located or scrolled to.

    #11080 - Fixed a currency display issue in invoices when the channel currency differed from the admin panel currency.


2.3.10

✏️ Changes

    Fixed a security issue in the installer endpoints.

    Fixed a security issue in the customer order reorder functionality.

    Fixed a Server-Side Template Injection (SSTI) vulnerability in the first and last name fields that could be exploited by low-privileged users.

    Refined the Blade tracer to track only view files, ensuring accurate view-level tracing.

    Fixed SSTI vulnerability in type parameter handling — user input is now properly sanitized/validated to prevent server-side template injection.

    Sanitized product review attachments to prevent stored XSS.

    Sanitized CMS html_content during create and update operations to prevent stored XSS vulnerabilities.

    Added validation for external URLs in downloadable product samples to block access to private and reserved IP ranges.

🐛 Bug Fixings

    #11058 - Fixed the speculation issue and resolved the revoke endpoint issue.

    #11053 - Fixed an issue where the custom field price was not converted according to the exchange rate on the product view page.

    #11051 - Fixed a redirection issue that occurred when a product had insufficient quantity.

    #11028 - Fixed an issue where horizontal scrolling caused misalignment of fixed-position elements (Cart/Profile buttons) on the search page.

    #10975 - Fixed validation to ensure the source and target currencies are different when creating exchange rates.
	
2.3.9

🐛 Bug Fixings

    Meta tag, comment and header added for Bagisto.

    #11035 - Fixed an issue where an exception occurred when saving a CMS page without selecting a channel.

    #11014 - Fixed the wishlist icon issue on the product view page caused by Full Page Cache (FPC).

    #11011 - Added missing translation for the Customer Group delete response message.

    #11010 - Fixed the CAPTCHA configuration issue that allowed saving settings without the site key or secret key.

    #10985 - Fixed an issue in CustomerGroupPrice where deleting any group discount incorrectly removed the last discount entry instead of the selected one.

    #10899 - Fixed a validation error that occurred while importing CSV files in Data Transfer.

    #10866 - Fixed the issue where filterable options on the theme page were not appearing.
@ Telegram