Latest Releases

Changelog (autogenerated)

swissup/module-pagespeed — 1.17.7 (was 1.17.0)

• Version 1.17.7 aa19e8

• Add support for native Magento 2.4.9 dev/js/defer_non_critical option 3f9c2c

• Magento 2.4.9 fix (CLI execute command) fdc98a

• fix: replace Zend_Cache constant with string for Magento 2.4.9 compat 9a8169

• Version 1.17.6 edbcbc

• refactor: update module-logger to ^2.0, remove from module sequence a8cca6

• Add bin/test script for running unit and integration tests 8ae030

• Extract Logger into swissup/module-logger, update namespaces and dependencies cc376b

• fix: improve interaction mode in requirejs override
  
  - fix 'touch' event to 'touchstart' for proper mobile support
  - add requestIdleCallback(userInteractionListener) as idle fallback
  - add setTimeout fallback (2s) to ensure JS loads without interaction
  - fix DOMContentLoaded race condition via readyState check
  - extract init() to avoid logic duplication
  - remove dead commented code 95e010

• Version 1.17.5 b68149

• fix: remove new-in-initializer default to fix Magento DI compilation
  
  PHP 8.1 'new in initializers' syntax in IndexedAttributeOffsetFinder
  caused Magento DI compiler to serialize TagIndex via var_export(), which
  requires __set_state(). Fixed by removing the default value and passing
  $tagIndex explicitly from TrackerFactory and test setup trait. 9c8e61

• Merge branch 'master' of github.com:swissup/module-pagespeed 0621b9

• Version 1.17.4 33e6c5

• fix(tests): replace @$dom->loadHTML error suppression with libxml_use_internal_errors 594c79

• refactor: address code review — rename SiblingIndexCalculator, deduplicate buildIndex, add docs
  
  - Rename SiblingIndexCalculator → GlobalTagIndexCalculator to reflect that it
  calculates a document-wide index, not a parent-relative sibling position
  - TagIndex: extract maskScripts() as public method; expand TRACKED_TAGS to include
  'style' and MATCH_ATTRIBUTES to include 'data-role', 'data-block'
  - IndexedAttributeOffsetFinder: remove duplicated buildIndex/extractAttributes,
  delegate to TagIndex via constructor injection; remove commented-out is_duplicate guard
  - PatchGrouper: document why maxPasses = count(orphanChains) is the correct upper bound
  - PipelineEasyslideImgLostTest: add @group bisect to testFixtureBinarySearch;
  fix verify_peer: false → true in DOWNLOAD_PROD_HTML stream context 2f337b

• fix: replace fwrite(STDERR) debug with logDebug, clean up debug tests, add regression tests for orphan picture/img bug
  
  - PatchGrouper: replace raw $dbg/fwrite(STDERR) in foldOrphanChains() with logDebug() wrapped in isDebugEnabled()
  - PatchGrouper: use count($orphanChains) instead of magic number 10 for maxPasses
  - Add PipelineEasyslideImgLostTest: integration regression tests for <picture> losing <img> after WebP conversion
  - Add production HTML fixture magento1609274-homepage.html.txt for integration tests
  - Remove PatchGrouperDebugTest (inspection-only debug test, no real assertions)
  - Remove testTrailingNewlineEffect and testDebugFullFixture (debug/inspection tests) 83b5e3

• fix: fold orphan DOM chains so <picture> always contains <img> after WebP conversion
  
  When WebP optimizer wraps an <img> in a <picture>, the new <picture> element
  and its parent container are both 'orphan' patch chains (offset=null) because
  neither is in the DOM position index. The old inlineOrphanChain only searched
  anchored groups, so the <picture> patches were never applied and <picture>
  ended up without an <img> child on pages like Hero Slider with multiple slides.
  
  Introduce foldOrphanChains(): a multi-pass algorithm that folds child orphan
  chains into parent orphan chains by string-matching the child's intermediate
  HTML snapshot inside the parent's newHtml. After folding, the parent chain
  carries the fully-resolved <picture><source>...<img></picture> HTML and
  is emitted as a standalone group in the correct position.
  
  Add two regression tests that call indexNodes() before processContext() to
  reproduce the bug and verify the fix across single- and multi-slide layouts. fb1b3a

• fix: correct WebP picture/img offset calculation for pages with script templates
  
  - SiblingIndexCalculator: use global getElementsByTagName() index instead of
  local previousSibling iteration so sibling index matches TagIndex candidates[]
  
  - TagIndex + IndexedAttributeOffsetFinder: mask <script> block bodies before
  regex scanning to prevent fake <img> inside Knockout/text-html templates from
  polluting the candidates array and shifting sibling indexes
  
  - ParentContextOffsetFinder: introduce calculateLocalSiblingIndex() that counts
  position among siblings within the immediate parent (not document-wide),
  fixing navigation <span> offset resolution
  
  - SiblingIndexTagOffsetFinder: restore is_duplicate guard so duplicate opening
  tags defer to ContentPriorityOffsetFinder for content-based disambiguation
  
  - WebPTest: add regression tests for easyslider mixed eager/lazy slides and
  for pages with script-template fake <img> nodes (magento-1609274 production bug) a1dfec

• Version 1.17.3 135728

• fix: correct misleading debug measurements in TrackedDomDocument::indexNodes()
  
  Previously the debug code compared parent::saveHTML() (which still
  contains the injected charset meta tag) against $this->originalHtml,
  causing 'normalized_bytes' to always equal 'original_bytes' (same
  variable used twice) and 'diff_bytes' to always include the ~62 byte
  charset meta even when no optimizer had touched the DOM.
  
  Fix: capture a clean DOM snapshot ($initialNormalizedHtml) in the
  constructor immediately after loadHtmlWithUtf8() — using the overridden
  saveHTML() which strips the charset meta and extracts fragments
  correctly. indexNodes() now compares the current DOM state against this
  initial snapshot instead of parent::saveHTML() vs originalHtml, so:
  - normalized_bytes = actual libxml-normalized size (charset meta removed)
  - diff_bytes = only changes made AFTER construction (real optimizer modifications)
  - the 'DOM modified before indexing' warning fires only when an optimizer
  genuinely changed the DOM before indexNodes() was called, not on every page d36e92

• fix: HTML minification silently discarded and patch limit too low
  
  - Raise PatchManager::maxPatchesLimit from 500 to 2000 to handle real
  Magento pages that generate 500+ DOM patches; previously the limit
  caused applyPatches() to bail out and fall back to saveHTML() which
  inflated the response by ~12.70% via libxml normalization
  - Replace isDirty() guard in Pipeline::run() with a string comparison
  so that string-based optimizers (HTML minifier calls setOriginalHtml()
  which intentionally does not set the dirty flag) are no longer silently
  discarded
  - Update PipelineTest to match the new contract: remove stale isDirty()
  expectations and add getHtml() stubs where needed 1e0193

• Version 1.17.2 e22203

• Fixed logger PHP8.4+ issue 1ef5a9

• Version 1.17.1 518887

• Include all HTML5 void (self-closing) elements in SELF_CLOSING_TAGS
  
  Fixes tag closing issues for tags like <source>, <track>, and others.
  Makes output HTML valid by preventing erroneous closing tags for void elements. (close #86) 0aeeab

• fix: Handle corrupted CSP SRI data gracefully in PageSpeed plugin
  
  Prevents site crashes when Subresource Integrity storage contains
  invalid JSON by adding try-catch blocks and auto-clearing corrupted data. c52ed9

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

swissup/module-image-optimizer — 1.0.12 (was 1.0.11)

• No commits found

Changelog (autogenerated)

swissup/module-checkout-success — 2.0.11 (was 2.0.10)

• Version 2.0.11 85cd23

• PHP8.5: Using null as an array offset is deprecated, use empty string 667579

swissup/module-firecheckout — 1.34.5 (was 1.34.4)

• Version 1.34.5 e91f0a

• PHP8.5: Typo fix 28af87

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 1af31e

• Magento 2.4.9 fix 98e08e

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

Changelog (autogenerated)

swissup/module-tfa — 0.2.8 (was 0.2.6)

• Version 0.2.8 22d978

• Magento 2.4.9 fix (CLI execute command) 9998fb

• Version 0.2.7 f62c4e

• Allow installing bacon-qr-code:3.0 (magento/security 1.7) 1b1c75

swissup/module-core — 1.12.27 (was 1.12.11)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

• Version 1.12.22 382502

• Fixed implicitly marking parameter as nullable error in PHP 8.4 07b6e9

• Version 1.12.21 74757c

• Ability to flush the cache from the configuration page 31181f

• Added direct Cache flush button in top message 6fdf60

• Version 1.12.20 181202

• Fix error in Easy Tabs with M2.4.7 20fc53

• Version 1.12.19 92dcf8

• Fixed missing buttonLockManager on Magento 2.4.7 51bbfe

• Version 1.12.18 2a8e32

• Undefined constant Command::SUCCESS on magento 2.4.5 (close #18) d783fd

• Version 1.12.17 f376f0

• PHPStan fixes 72d569

• Version 1.12.16 cd4b23

• Refactor console command return statements to use built-in constants afb97a

• Version 1.12.15 5b1638

• Add --installed and --outdated options for module:list command f296a6

• Merge pull request #17 from swissup/virtualcheck
  
  Added option to check if there's no virtual themes and fix them 40c551

• Code refactoring fb9de3

• Applied code-review recommendations 2nd attempt c7fae8

• Applied code-review recommendations 4d733c

• Removed objectManager 612d9e

• Removed unused files 1879b3

• Moved js to separate file 772373

• Merge branch 'master' into virtualcheck 342053

• Added controller to apply changes to database f1201c

• Replace \Zend_Http (zf1) for 2.4.6 compatability de5216

• Remove debugging comments 58dcee

• Version 1.12.14 66d6b8

• Magento 2.4.6 compatibility. Get rid of ZendClientFactory usage. 97f79d

• Fixed error when module doesn't have tags yet. 68e1b3

• Version 1.12.13 2d66ce

• Fix 'trim(): Passing null to parameter 1' (closed swissup/module-search-mysql-legacy#14) ef52b3

• Virtual theme: visual fix all button added 2927db

• Virtual theme: small improvement fa72d6

• Virtual theme: Check added cb9d40

• Virtual Theme Check: Start 53f115

• Virtual Theme Check: Start 2e8a7e

• Version 1.12.12 2e8a7e

• Optimize latest version detection; set array_reduce initial param 7fa6ba

• Fix php8.1: Deprecated Functionality: version_compare(): Passing null to parameter #1 ($version1) of type string is deprecated d22180

• Fix: Warning: Undefined array key release_date c643c6

Changelog (autogenerated)

swissup/module-ajaxsearch — 1.14.8 (was 1.14.0)

• Version 1.14.8 73c965

• Magento 2.4.9 fix eaaafd

• Breeze: use `--input-bg` as input background if set 1e84b3

• Inherit placeholder color from theme 670f3d

• Fix for the previous commit 6c4ddd

• Better fix for unscrollable fullscreen mode 8f7477

• Improve fullscreen styles 71d92f

• Fullscreen: sync results width with input 7204a2

• Improve close button position when outline is visible, fix input height c4bf30

• Fixed missing close button on fullscreen mode 9aa874

• Ability to remove styling when ajaxsearch is enabled b7e4ff

• Breeze: improve dark support f5e2c7

• Version 1.14.7 453b4d

• fix: scope autocomplete container to avoid conflicts with multiple instances
  
  Replace global $('.block-swissup-ajaxsearch-results') selectors with instance-
  scoped references to prevent conflicts when multiple ajaxsearch widgets exist
  on the same page (e.g. header search + nav search).
  
  - breeze/ajaxsearch.js: use this.autoComplete instead of global selector
  - ajaxsearch/results.js: addWrappers(), recalcWidth(), _addSectionTitle()
  now accept optional $container argument (fallback to global selector)
  - ajaxsearch.js: pass scoped $container when calling Results methods 4014dc

• Breeze: compatibility with `header__dark=deep` ec7063

• Version 1.14.6 53fedd

• feat: add Backpressure rate limiting with cross-version compatibility (v1.14.5)
  
  - Add Model/Backpressure/Compat/ stubs for Magento < 2.4.4 compatibility
  - Add RequestTypeExtractor and LimitConfigManager with class_alias pattern
  - Register ajaxsearch/ajaxsearchCategoryOptions fields as rate-limited
  - Add backpressure DI config (CompositeRequestTypeExtractor + CompositeLimitConfigManager)
  - Add backpressure config defaults: 100 req/hour, configurable via Admin
  - Add Admin UI group: Stores > Config > Ajaxsearch > Rate Limiting 457137

• Version 1.14.5 7b926b

• Version 1.14.4 6ccc28

• refactor: remove Backpressure integration (v1.14.4)
  
  Removed GraphQL Backpressure rate limiting functionality due to backward
  compatibility challenges across Magento versions 2.3.x - 2.4.x.
  
  The conditional class loading approach caused DI compilation failures on
  various Magento versions because:
  - PhpScanner parses all Model/* files regardless of conditional checks
  - 'use' statements trigger autoloader before conditional returns execute
  - Fully Qualified Names (FQN) don't prevent DI compiler from trying to
  instantiate classes that implement non-existent interfaces
  
  Removed:
  - Model/Backpressure/RequestTypeExtractor.php
  - Model/Backpressure/LimitConfigManager.php
  - Backpressure DI configuration from etc/di.xml (lines 73-111)
  - Backpressure default config from etc/config.xml
  - Backpressure admin panel section from etc/adminhtml/system.xml
  
  Kept (working on ALL Magento versions):
  - Security validation (search ≥2 chars OR category >0)
  - GraphQL schema improvements
  - Custom exception handling and logging
  - All resolver validation logic
  
  Version: 1.14.4
  Reason: Versions 1.14.0-1.14.3 had compatibility issues
  
  Future: Backpressure rate limiting may be released as a separate
  optional module for Magento 2.4.4+ installations. d07274

• Version 1.14.3 87c236

• Fix autoloader issues: Use FQN instead of 'use' statements for Backpressure classes
  
  - Removed 'use' statements for Backpressure classes that don't exist on Magento < 2.4.4
  - Replaced with Fully Qualified Names (FQN) throughout both files
  - PHP processes 'use' statements before conditional 'return', causing Fatal Errors on old Magento
  - Using FQN prevents autoloader from trying to load non-existent classes
  - Conditional interface_exists() check at top of files still prevents class creation on old Magento
  - DI compilation succeeds on Magento 2.4.8
  
  Files changed:
  - Model/Backpressure/LimitConfigManager.php: Removed 3 'use' statements, added FQN in implements, method signatures, constants, and object instantiation
  - Model/Backpressure/RequestTypeExtractor.php: Removed 1 'use' statement, added FQN in implements 7b9a0c

• chore: remove unused Compatibility classes
  
  Remove Model/Backpressure/Compatibility/* directory as these classes are
  no longer needed. The current implementation uses conditional class loading
  with early return instead of class_alias() approach.
  
  Changes:
  - Delete Model/Backpressure/Compatibility/RequestTypeExtractorInterface.php
  - Delete Model/Backpressure/Compatibility/LimitConfigManagerInterface.php
  - Delete Model/Backpressure/Compatibility/ContextInterface.php
  - Delete Model/Backpressure/Compatibility/LimitConfig.php
  
  On old Magento (< 2.4.4): Backpressure classes don't load at all (early return)
  On new Magento (2.4.4+): Real Magento interfaces are used directly
  
  Removes ~220 lines of obsolete fallback code. 166b09

• refactor: move backpressure DI config to commented section in di.xml
  
  Instead of separate sample file, add backpressure DI configuration as
  commented section in main etc/di.xml. This makes it easier for users
  to enable rate limiting - just uncomment the section.
  
  Changes:
  - Remove etc/di_backpressure.xml.sample
  - Add commented backpressure DI blocks to etc/di.xml with instructions
  - Users on Magento 2.4.4+ can simply uncomment to enable rate limiting
  
  Instructions are now in the same file where they're needed. b5095c

• fix: use conditional class loading for Backpressure compatibility
  
  Wrap Backpressure classes in conditional checks - only create them on
  Magento 2.4.4+ where the Backpressure API exists. On older Magento versions,
  these classes won't be created at all, preventing Fatal Errors during DI compilation.
  
  Changes:
  - Add 'return' statement if Backpressure interfaces don't exist
  - Remove DI registration from etc/di.xml (now opt-in via sample file)
  - Add etc/di_backpressure.xml.sample for manual activation on Magento 2.4.4+
  - Remove declare(strict_types=1) from compatibility classes for flexibility
  - Remove class_alias() approach (didn't solve type hint conflicts)
  
  This fixes Fatal Error on old Magento:
  "Declaration of LimitConfigManager::readLimit() must be compatible..."
  
  On Magento < 2.4.4:
  - Security validation works (2+ char search requirement)
  - Rate limiting won't work (no infrastructure)
  - No Fatal Errors during deployment
  
  On Magento 2.4.4+:
  - Copy di_backpressure.xml.sample to di_backpressure.xml to enable rate limiting
  - Both security validation and rate limiting work 071573

• Version 1.14.2 fa1f32

• fix: remove class type hints from compatibility interfaces
  
  Remove type hints for class parameters in fallback interfaces to prevent
  Fatal Error on old Magento versions. When using class_alias(), PHP sees
  different class names in the type hints and throws compatibility errors.
  
  Keep return type hints for scalar types (?string) as they work correctly.
  Real implementation classes keep full type hints for Magento 2.4.4+.
  
  This fixes: Declaration of LimitConfigManager::readLimit() must be
  compatible with Compatibility\LimitConfigManagerInterface::readLimit() c8fe66

• Version 1.14.1 2f05d0

• feat: add backward compatibility layer for Magento < 2.4.4
  
  Add class_alias() fallback pattern to support older Magento versions that lack
  the Backpressure API. This allows the module to install and function on all
  Magento 2.3.x - 2.4.x versions without Fatal Errors.
  
  - Create compatibility stubs for Backpressure interfaces/classes
  - Add class_alias() checks in RequestTypeExtractor and LimitConfigManager
  - Revert composer.json constraint to support magento/module-graph-ql >=100.3
  - Rate limiting will only function on Magento 2.4.4+, but security validation works on all versions bafb37

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

Changelog (autogenerated)

swissup/module-askit — 1.14.22 (was 1.14.18)

• Version 1.14.22 2a412a

• PHP8.5: Using null as an array offset is deprecated, use an empty string 10a2bb

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) e14ee6

• Typo fix c20706

• Magento 2.4.9 fix 3f838b

• Magento 2.4.9 fix 9f7426

• Version 1.14.21 62c79e

• BreezeTheme 3.0 9ba9c0

• Version 1.14.20 7a99b4

• Remove askit because it shows all questions without filtering f824b8

• Version 1.14.19 9d0555

• Refactored to use Filter component with fallback for legacy Widget grids. 8f22fe

• Fix #66: Mass actions now properly respect grid filters
  Refactored to use Filter component and fixed SQL ambiguous column error. 2bf312

• Fix mass actions ignoring grid filters (close #66)
  
  Refactored mass actions to use Magento's Filter component instead of
  manual selected/excluded handling. Now mass delete/enable/disable/status
  properly respect all grid filters. bba7d7

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-helpdesk — 1.4.7 (was 1.4.0)

• Version 1.4.7 e2f2f8

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 2279d2

• Version 1.4.6 4142dc

• Fixed depricated functionality for php 8.4 2e2c1d

• Version 1.4.5 fc7f6c

• Fix: validate file content before saving uploaded attachments
  
  - Add MIME type verification for known extensions (jpg, jpeg, png, gif, txt, pdf, xls, xlsx, xsl, doc, docx, zip)
  - Add deep image validation via Magento built-in Image Validator (GD/Imagick) for image types to reject polyglot files
  - Add PDF magic bytes check (%PDF-) to reject files that only pretend to be PDFs
  - Unknown extensions added by admin fall through to Magento Uploader extension whitelist only
  - Inject Magento\MediaStorage\Model\File\Validator\Image and Magento\Framework\File\Mime via constructor 9595ed

• Fix: safe default extensions fallback and code style cleanup in Config helper
  
  - Return ['gif','jpeg','jpg','png','txt','pdf'] when allowed_extension config is empty
  - Use array_filter() to strip empty values from exploded extension list
  - Remove trailing whitespace in isCaptchaEnabledForHelpdesk() 3a3595

• Version 1.4.4 9de74d

• fix(TicketDataFilter): context-aware forbidden fields — admin vs frontend (close #61)
  
  Admin UI Component sends ALL form fields (hidden + disabled) on every POST,
  so logging system fields as 'attacks' creates false positives for every
  legitimate admin ticket save (issue #61).
  
  Split FORBIDDEN_FIELDS into two context-aware lists:
  - FORBIDDEN_FRONTEND_FIELDS: ticket_id, number, created_at, modified_at,
  store_id, visitor_id, rate — suspicious from a regular customer
  - FORBIDDEN_ADMIN_FIELDS: [] — admin can do everything, whitelist is the defense
  
  Updated hasForbiddenFields/getAttemptedForbiddenFields to accept $isAdmin flag.
  Callers explicitly pass false (frontend) or true (admin). 1088a0

• fix(TicketDataFilter): empty FORBIDDEN_FIELDS to stop false positive security logs
  
  Magento UI Component admin form sends ALL fields (hidden + disabled) on
  every POST — ticket_id, number, created_at, store_id, etc. — causing a
  'Mass Assignment attack' warning on every legitimate admin ticket save.
  
  The whitelist (filterAdminData/filterCustomerData) is the actual defense.
  FORBIDDEN_FIELDS detection is redundant and misleading in this context. ebc2eb

• fix(TicketDataFilter): add missing keys to ADMIN_ADDITIONAL_FIELDS
  
  Keys swissup_helpdesk_ticket_message, http, website, ftp were silently
  stripped by filterAdminData() before reaching ResourceModel/_beforeSave
  and _afterSave, causing:
  - admin replies to never create TicketMessage (no email sent to customer)
  - HTTP/website/FTP credentials to never be written to the notes field 3920bc

• Version 1.4.3 52f4a1

• fix: remove rate limit remaining count from success message 821da9

• fix: pass flag to validator and enricher to allow admin ticket editing 9080b7

• Version 1.4.2 82538e

• fix(MessageDataFilter): remove message_id and email_message_id from FORBIDDEN_MESSAGE_FIELDS
  
  These are legitimate hidden fields sent by the admin form on every save,
  causing a false positive 'Mass Assignment attack' log entry on each
  legitimate admin message edit. The whitelist (ALLOWED_MESSAGE_FIELDS)
  already filters them out — FORBIDDEN list is for detection only. c990a0

• Version 1.4.1 4bb583

• fix(AjaxSave): add MessageDataFilter, SecurityLogger and set user_id from session
  
  - Filter POST data through MessageDataFilter whitelist (text, file only)
  to prevent mass assignment of forbidden message fields
  - Set user_id from backend auth session after filtering so isAdmin()
  returns true and CustomerNotification observer sends email to customer
  - Log forbidden field attempts via SecurityLogger before filtering
  - Remove dead commented-out code bfeb54

• fix: set user_id from admin session in AjaxSave to trigger customer email notifications
  
  When an admin replies to a ticket via the AJAX form, user_id was never
  set on the TicketMessage model. This caused isAdmin() to return false,
  which prevented the CustomerNotification observer from sending email
  replies to the customer.
  
  Fix by explicitly setting user_id from the current backend auth session
  before saving the message. 5dc9a9

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

swissup/module-oauth2-client — 1.0.6 (was 1.0.5)

• No commits found

Changelog (autogenerated)

swissup/module-easybanner — 1.9.24 (was 1.9.22)

• Version 1.9.24 ef2490

• PHP8.5: Using null as an array offset is deprecated, use an empty string 788d7e

• Version 1.9.23 522985

• Fixed incorrect return type 40a477

• Removed non-existing acl name 686ba5

• No need to extend `Adminhtml\Promo\Catalog` action #49 c0e7bc

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-attributepages — 1.8.5 (was 1.7.3)

• Version 1.8.5 e137db

• PHP8.5: Using null as an array offset is deprecated, use an empty string c2a322

• PHP8.5: Using null as an array offset is deprecated, use an empty string ebee34

• Version 1.8.4 eb7d54

• Hide links from Seo html Sitemap based on config 5da82b

• Version 1.8.3 d53e5b

• Configurable search field to allow to quickly find the option (#39) eda575

• Added translation for "No results found" 50c869

• Configurable search field (disabled by default) daffa6

• Breeze integration 2f866a

• Fixed to work nicely with "Group by letter" config ea6c22

• Transform js into component 901529

• Add translation d1e420

• Move styles to css 074dd5

• Script to data-mage-init 5047aa

• Attributepages: Added search 78b8df

• Version 1.8.2 48a150

• Added styling for mobile view 1f145a

• Version 1.8.1 6e10f9

• Fixed inability to upload image in "options grid" at "Manage Pages"
  Closes #36 78b00d

• Version 1.8.0 9ac437

• Ability to activate page on specified date range. Closes #35 d01f9b

• Version 1.7.7 671d27

• Prevent php error when calling the widget, but the module is disabled 4de120

• Version 1.7.6 987bb3

• Do not allow to view the page from different store view ef1e32

• Version 1.7.5 3dbccd

• Remove askit because it shows all questions without filtering 69014e

• Version 1.7.4 a3438a

• Do not render short description is option is disabled.
  Closes #33 1aca2a

• Added missing escapeHtml (#34) 39c6ef

• Use proper escapeHtmlAttr method
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 5be5a1

• Added escapeHtml f906a2

• Render option from "Active store" view or "All stores" only #32 80a960

• Properly clear fpc when option is linked to multiple parent pages
  Example: BlueEvolution page is linked to ColorEvolution. e9793d

• Revert "Add missing cache identities to the attribute options list page"
  
  This reverts commit 550843a710ebb93aae07ccbd9ee067e690deff84. 829723

• Add missing cache identities to the attribute options list page 550843

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-pdf-invoice — 1.4.11 (was 1.4.7)

• Version 1.4.11 c451f7

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) 162553

• Version 1.4.10 7d3be6

• Catch possible attachment errors to prevent email sending fail, see #12 6ba2d1

• Better way to find image in template 1f6037

• Get payment title more safely to prevent errors 2f5691

• Prevent duplicate of logger instances on every getMpdf() call 2e94af

• Use application/pdf type for email attachments ee178e

• Code fixes after review 36423e

• Version 1.4.9 b035b0

• Fixed unescaped output error, closes #13 999378

• Version 1.4.8 e27ec9

• Fixed email attachments in Magento 2.4.8, closes #11 5e9992

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-navigationpro — 1.18.0 (was 1.17.33)

• Version 1.18.0 58f9cc

• PHP8.5: Using null as an array offset is deprecated, use an empty string d87100

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) b74f7d

• Ability to set gap for multicolumn layout 65b99a

• If at least one link is marked as parent, highlight all other parents
  (Event if they are empty) 7026c8

• Breeze: reset dark colors only if header__dark = true 1032ef

• Use CSS variables edeed5

• Fixed not visible loading-mask because of Magento bug 7a6d30

• Fixed incorrect column width in backend preview 27683b

• Version 1.17.36 54f8f9

• Fixed broken resizable columns 69ba9c

• Version 1.17.35 c443ca

• Allow setting colors using any available format 8d996f

• Version 1.17.34 9cbf43

• Breeze: fixed uninitialized menu 8623d5

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e