Latest Releases

Changelog (autogenerated)

swissup/module-tfa — 0.2.8 (was 0.2.6)

• Version 0.2.8 22d978

• Magento 2.4.9 fix (CLI execute command) 9998fb

• Version 0.2.7 f62c4e

• Allow installing bacon-qr-code:3.0 (magento/security 1.7) 1b1c75

swissup/module-core — 1.12.27 (was 1.12.11)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

• Version 1.12.22 382502

• Fixed implicitly marking parameter as nullable error in PHP 8.4 07b6e9

• Version 1.12.21 74757c

• Ability to flush the cache from the configuration page 31181f

• Added direct Cache flush button in top message 6fdf60

• Version 1.12.20 181202

• Fix error in Easy Tabs with M2.4.7 20fc53

• Version 1.12.19 92dcf8

• Fixed missing buttonLockManager on Magento 2.4.7 51bbfe

• Version 1.12.18 2a8e32

• Undefined constant Command::SUCCESS on magento 2.4.5 (close #18) d783fd

• Version 1.12.17 f376f0

• PHPStan fixes 72d569

• Version 1.12.16 cd4b23

• Refactor console command return statements to use built-in constants afb97a

• Version 1.12.15 5b1638

• Add --installed and --outdated options for module:list command f296a6

• Merge pull request #17 from swissup/virtualcheck
  
  Added option to check if there's no virtual themes and fix them 40c551

• Code refactoring fb9de3

• Applied code-review recommendations 2nd attempt c7fae8

• Applied code-review recommendations 4d733c

• Removed objectManager 612d9e

• Removed unused files 1879b3

• Moved js to separate file 772373

• Merge branch 'master' into virtualcheck 342053

• Added controller to apply changes to database f1201c

• Replace \Zend_Http (zf1) for 2.4.6 compatability de5216

• Remove debugging comments 58dcee

• Version 1.12.14 66d6b8

• Magento 2.4.6 compatibility. Get rid of ZendClientFactory usage. 97f79d

• Fixed error when module doesn't have tags yet. 68e1b3

• Version 1.12.13 2d66ce

• Fix 'trim(): Passing null to parameter 1' (closed swissup/module-search-mysql-legacy#14) ef52b3

• Virtual theme: visual fix all button added 2927db

• Virtual theme: small improvement fa72d6

• Virtual theme: Check added cb9d40

• Virtual Theme Check: Start 53f115

• Virtual Theme Check: Start 2e8a7e

• Version 1.12.12 2e8a7e

• Optimize latest version detection; set array_reduce initial param 7fa6ba

• Fix php8.1: Deprecated Functionality: version_compare(): Passing null to parameter #1 ($version1) of type string is deprecated d22180

• Fix: Warning: Undefined array key release_date c643c6

Changelog (autogenerated)

swissup/module-ajaxsearch — 1.14.8 (was 1.14.0)

• Version 1.14.8 73c965

• Magento 2.4.9 fix eaaafd

• Breeze: use `--input-bg` as input background if set 1e84b3

• Inherit placeholder color from theme 670f3d

• Fix for the previous commit 6c4ddd

• Better fix for unscrollable fullscreen mode 8f7477

• Improve fullscreen styles 71d92f

• Fullscreen: sync results width with input 7204a2

• Improve close button position when outline is visible, fix input height c4bf30

• Fixed missing close button on fullscreen mode 9aa874

• Ability to remove styling when ajaxsearch is enabled b7e4ff

• Breeze: improve dark support f5e2c7

• Version 1.14.7 453b4d

• fix: scope autocomplete container to avoid conflicts with multiple instances
  
  Replace global $('.block-swissup-ajaxsearch-results') selectors with instance-
  scoped references to prevent conflicts when multiple ajaxsearch widgets exist
  on the same page (e.g. header search + nav search).
  
  - breeze/ajaxsearch.js: use this.autoComplete instead of global selector
  - ajaxsearch/results.js: addWrappers(), recalcWidth(), _addSectionTitle()
  now accept optional $container argument (fallback to global selector)
  - ajaxsearch.js: pass scoped $container when calling Results methods 4014dc

• Breeze: compatibility with `header__dark=deep` ec7063

• Version 1.14.6 53fedd

• feat: add Backpressure rate limiting with cross-version compatibility (v1.14.5)
  
  - Add Model/Backpressure/Compat/ stubs for Magento < 2.4.4 compatibility
  - Add RequestTypeExtractor and LimitConfigManager with class_alias pattern
  - Register ajaxsearch/ajaxsearchCategoryOptions fields as rate-limited
  - Add backpressure DI config (CompositeRequestTypeExtractor + CompositeLimitConfigManager)
  - Add backpressure config defaults: 100 req/hour, configurable via Admin
  - Add Admin UI group: Stores > Config > Ajaxsearch > Rate Limiting 457137

• Version 1.14.5 7b926b

• Version 1.14.4 6ccc28

• refactor: remove Backpressure integration (v1.14.4)
  
  Removed GraphQL Backpressure rate limiting functionality due to backward
  compatibility challenges across Magento versions 2.3.x - 2.4.x.
  
  The conditional class loading approach caused DI compilation failures on
  various Magento versions because:
  - PhpScanner parses all Model/* files regardless of conditional checks
  - 'use' statements trigger autoloader before conditional returns execute
  - Fully Qualified Names (FQN) don't prevent DI compiler from trying to
  instantiate classes that implement non-existent interfaces
  
  Removed:
  - Model/Backpressure/RequestTypeExtractor.php
  - Model/Backpressure/LimitConfigManager.php
  - Backpressure DI configuration from etc/di.xml (lines 73-111)
  - Backpressure default config from etc/config.xml
  - Backpressure admin panel section from etc/adminhtml/system.xml
  
  Kept (working on ALL Magento versions):
  - Security validation (search ≥2 chars OR category >0)
  - GraphQL schema improvements
  - Custom exception handling and logging
  - All resolver validation logic
  
  Version: 1.14.4
  Reason: Versions 1.14.0-1.14.3 had compatibility issues
  
  Future: Backpressure rate limiting may be released as a separate
  optional module for Magento 2.4.4+ installations. d07274

• Version 1.14.3 87c236

• Fix autoloader issues: Use FQN instead of 'use' statements for Backpressure classes
  
  - Removed 'use' statements for Backpressure classes that don't exist on Magento < 2.4.4
  - Replaced with Fully Qualified Names (FQN) throughout both files
  - PHP processes 'use' statements before conditional 'return', causing Fatal Errors on old Magento
  - Using FQN prevents autoloader from trying to load non-existent classes
  - Conditional interface_exists() check at top of files still prevents class creation on old Magento
  - DI compilation succeeds on Magento 2.4.8
  
  Files changed:
  - Model/Backpressure/LimitConfigManager.php: Removed 3 'use' statements, added FQN in implements, method signatures, constants, and object instantiation
  - Model/Backpressure/RequestTypeExtractor.php: Removed 1 'use' statement, added FQN in implements 7b9a0c

• chore: remove unused Compatibility classes
  
  Remove Model/Backpressure/Compatibility/* directory as these classes are
  no longer needed. The current implementation uses conditional class loading
  with early return instead of class_alias() approach.
  
  Changes:
  - Delete Model/Backpressure/Compatibility/RequestTypeExtractorInterface.php
  - Delete Model/Backpressure/Compatibility/LimitConfigManagerInterface.php
  - Delete Model/Backpressure/Compatibility/ContextInterface.php
  - Delete Model/Backpressure/Compatibility/LimitConfig.php
  
  On old Magento (< 2.4.4): Backpressure classes don't load at all (early return)
  On new Magento (2.4.4+): Real Magento interfaces are used directly
  
  Removes ~220 lines of obsolete fallback code. 166b09

• refactor: move backpressure DI config to commented section in di.xml
  
  Instead of separate sample file, add backpressure DI configuration as
  commented section in main etc/di.xml. This makes it easier for users
  to enable rate limiting - just uncomment the section.
  
  Changes:
  - Remove etc/di_backpressure.xml.sample
  - Add commented backpressure DI blocks to etc/di.xml with instructions
  - Users on Magento 2.4.4+ can simply uncomment to enable rate limiting
  
  Instructions are now in the same file where they're needed. b5095c

• fix: use conditional class loading for Backpressure compatibility
  
  Wrap Backpressure classes in conditional checks - only create them on
  Magento 2.4.4+ where the Backpressure API exists. On older Magento versions,
  these classes won't be created at all, preventing Fatal Errors during DI compilation.
  
  Changes:
  - Add 'return' statement if Backpressure interfaces don't exist
  - Remove DI registration from etc/di.xml (now opt-in via sample file)
  - Add etc/di_backpressure.xml.sample for manual activation on Magento 2.4.4+
  - Remove declare(strict_types=1) from compatibility classes for flexibility
  - Remove class_alias() approach (didn't solve type hint conflicts)
  
  This fixes Fatal Error on old Magento:
  "Declaration of LimitConfigManager::readLimit() must be compatible..."
  
  On Magento < 2.4.4:
  - Security validation works (2+ char search requirement)
  - Rate limiting won't work (no infrastructure)
  - No Fatal Errors during deployment
  
  On Magento 2.4.4+:
  - Copy di_backpressure.xml.sample to di_backpressure.xml to enable rate limiting
  - Both security validation and rate limiting work 071573

• Version 1.14.2 fa1f32

• fix: remove class type hints from compatibility interfaces
  
  Remove type hints for class parameters in fallback interfaces to prevent
  Fatal Error on old Magento versions. When using class_alias(), PHP sees
  different class names in the type hints and throws compatibility errors.
  
  Keep return type hints for scalar types (?string) as they work correctly.
  Real implementation classes keep full type hints for Magento 2.4.4+.
  
  This fixes: Declaration of LimitConfigManager::readLimit() must be
  compatible with Compatibility\LimitConfigManagerInterface::readLimit() c8fe66

• Version 1.14.1 2f05d0

• feat: add backward compatibility layer for Magento < 2.4.4
  
  Add class_alias() fallback pattern to support older Magento versions that lack
  the Backpressure API. This allows the module to install and function on all
  Magento 2.3.x - 2.4.x versions without Fatal Errors.
  
  - Create compatibility stubs for Backpressure interfaces/classes
  - Add class_alias() checks in RequestTypeExtractor and LimitConfigManager
  - Revert composer.json constraint to support magento/module-graph-ql >=100.3
  - Rate limiting will only function on Magento 2.4.4+, but security validation works on all versions bafb37

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

Changelog (autogenerated)

swissup/module-askit — 1.14.22 (was 1.14.18)

• Version 1.14.22 2a412a

• PHP8.5: Using null as an array offset is deprecated, use an empty string 10a2bb

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) e14ee6

• Typo fix c20706

• Magento 2.4.9 fix 3f838b

• Magento 2.4.9 fix 9f7426

• Version 1.14.21 62c79e

• BreezeTheme 3.0 9ba9c0

• Version 1.14.20 7a99b4

• Remove askit because it shows all questions without filtering f824b8

• Version 1.14.19 9d0555

• Refactored to use Filter component with fallback for legacy Widget grids. 8f22fe

• Fix #66: Mass actions now properly respect grid filters
  Refactored to use Filter component and fixed SQL ambiguous column error. 2bf312

• Fix mass actions ignoring grid filters (close #66)
  
  Refactored mass actions to use Magento's Filter component instead of
  manual selected/excluded handling. Now mass delete/enable/disable/status
  properly respect all grid filters. bba7d7

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-helpdesk — 1.4.7 (was 1.4.0)

• Version 1.4.7 e2f2f8

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 2279d2

• Version 1.4.6 4142dc

• Fixed depricated functionality for php 8.4 2e2c1d

• Version 1.4.5 fc7f6c

• Fix: validate file content before saving uploaded attachments
  
  - Add MIME type verification for known extensions (jpg, jpeg, png, gif, txt, pdf, xls, xlsx, xsl, doc, docx, zip)
  - Add deep image validation via Magento built-in Image Validator (GD/Imagick) for image types to reject polyglot files
  - Add PDF magic bytes check (%PDF-) to reject files that only pretend to be PDFs
  - Unknown extensions added by admin fall through to Magento Uploader extension whitelist only
  - Inject Magento\MediaStorage\Model\File\Validator\Image and Magento\Framework\File\Mime via constructor 9595ed

• Fix: safe default extensions fallback and code style cleanup in Config helper
  
  - Return ['gif','jpeg','jpg','png','txt','pdf'] when allowed_extension config is empty
  - Use array_filter() to strip empty values from exploded extension list
  - Remove trailing whitespace in isCaptchaEnabledForHelpdesk() 3a3595

• Version 1.4.4 9de74d

• fix(TicketDataFilter): context-aware forbidden fields — admin vs frontend (close #61)
  
  Admin UI Component sends ALL form fields (hidden + disabled) on every POST,
  so logging system fields as 'attacks' creates false positives for every
  legitimate admin ticket save (issue #61).
  
  Split FORBIDDEN_FIELDS into two context-aware lists:
  - FORBIDDEN_FRONTEND_FIELDS: ticket_id, number, created_at, modified_at,
  store_id, visitor_id, rate — suspicious from a regular customer
  - FORBIDDEN_ADMIN_FIELDS: [] — admin can do everything, whitelist is the defense
  
  Updated hasForbiddenFields/getAttemptedForbiddenFields to accept $isAdmin flag.
  Callers explicitly pass false (frontend) or true (admin). 1088a0

• fix(TicketDataFilter): empty FORBIDDEN_FIELDS to stop false positive security logs
  
  Magento UI Component admin form sends ALL fields (hidden + disabled) on
  every POST — ticket_id, number, created_at, store_id, etc. — causing a
  'Mass Assignment attack' warning on every legitimate admin ticket save.
  
  The whitelist (filterAdminData/filterCustomerData) is the actual defense.
  FORBIDDEN_FIELDS detection is redundant and misleading in this context. ebc2eb

• fix(TicketDataFilter): add missing keys to ADMIN_ADDITIONAL_FIELDS
  
  Keys swissup_helpdesk_ticket_message, http, website, ftp were silently
  stripped by filterAdminData() before reaching ResourceModel/_beforeSave
  and _afterSave, causing:
  - admin replies to never create TicketMessage (no email sent to customer)
  - HTTP/website/FTP credentials to never be written to the notes field 3920bc

• Version 1.4.3 52f4a1

• fix: remove rate limit remaining count from success message 821da9

• fix: pass flag to validator and enricher to allow admin ticket editing 9080b7

• Version 1.4.2 82538e

• fix(MessageDataFilter): remove message_id and email_message_id from FORBIDDEN_MESSAGE_FIELDS
  
  These are legitimate hidden fields sent by the admin form on every save,
  causing a false positive 'Mass Assignment attack' log entry on each
  legitimate admin message edit. The whitelist (ALLOWED_MESSAGE_FIELDS)
  already filters them out — FORBIDDEN list is for detection only. c990a0

• Version 1.4.1 4bb583

• fix(AjaxSave): add MessageDataFilter, SecurityLogger and set user_id from session
  
  - Filter POST data through MessageDataFilter whitelist (text, file only)
  to prevent mass assignment of forbidden message fields
  - Set user_id from backend auth session after filtering so isAdmin()
  returns true and CustomerNotification observer sends email to customer
  - Log forbidden field attempts via SecurityLogger before filtering
  - Remove dead commented-out code bfeb54

• fix: set user_id from admin session in AjaxSave to trigger customer email notifications
  
  When an admin replies to a ticket via the AJAX form, user_id was never
  set on the TicketMessage model. This caused isAdmin() to return false,
  which prevented the CustomerNotification observer from sending email
  replies to the customer.
  
  Fix by explicitly setting user_id from the current backend auth session
  before saving the message. 5dc9a9

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

swissup/module-oauth2-client — 1.0.6 (was 1.0.5)

• No commits found

Changelog (autogenerated)

swissup/module-easybanner — 1.9.24 (was 1.9.22)

• Version 1.9.24 ef2490

• PHP8.5: Using null as an array offset is deprecated, use an empty string 788d7e

• Version 1.9.23 522985

• Fixed incorrect return type 40a477

• Removed non-existing acl name 686ba5

• No need to extend `Adminhtml\Promo\Catalog` action #49 c0e7bc

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-attributepages — 1.8.5 (was 1.7.3)

• Version 1.8.5 e137db

• PHP8.5: Using null as an array offset is deprecated, use an empty string c2a322

• PHP8.5: Using null as an array offset is deprecated, use an empty string ebee34

• Version 1.8.4 eb7d54

• Hide links from Seo html Sitemap based on config 5da82b

• Version 1.8.3 d53e5b

• Configurable search field to allow to quickly find the option (#39) eda575

• Added translation for "No results found" 50c869

• Configurable search field (disabled by default) daffa6

• Breeze integration 2f866a

• Fixed to work nicely with "Group by letter" config ea6c22

• Transform js into component 901529

• Add translation d1e420

• Move styles to css 074dd5

• Script to data-mage-init 5047aa

• Attributepages: Added search 78b8df

• Version 1.8.2 48a150

• Added styling for mobile view 1f145a

• Version 1.8.1 6e10f9

• Fixed inability to upload image in "options grid" at "Manage Pages"
  Closes #36 78b00d

• Version 1.8.0 9ac437

• Ability to activate page on specified date range. Closes #35 d01f9b

• Version 1.7.7 671d27

• Prevent php error when calling the widget, but the module is disabled 4de120

• Version 1.7.6 987bb3

• Do not allow to view the page from different store view ef1e32

• Version 1.7.5 3dbccd

• Remove askit because it shows all questions without filtering 69014e

• Version 1.7.4 a3438a

• Do not render short description is option is disabled.
  Closes #33 1aca2a

• Added missing escapeHtml (#34) 39c6ef

• Use proper escapeHtmlAttr method
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 5be5a1

• Added escapeHtml f906a2

• Render option from "Active store" view or "All stores" only #32 80a960

• Properly clear fpc when option is linked to multiple parent pages
  Example: BlueEvolution page is linked to ColorEvolution. e9793d

• Revert "Add missing cache identities to the attribute options list page"
  
  This reverts commit 550843a710ebb93aae07ccbd9ee067e690deff84. 829723

• Add missing cache identities to the attribute options list page 550843

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d