Latest Releases

Changelog (autogenerated)

swissup/module-askit — 1.14.22 (was 1.14.18)

• Version 1.14.22 2a412a

• PHP8.5: Using null as an array offset is deprecated, use an empty string 10a2bb

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) e14ee6

• Typo fix c20706

• Magento 2.4.9 fix 3f838b

• Magento 2.4.9 fix 9f7426

• Version 1.14.21 62c79e

• BreezeTheme 3.0 9ba9c0

• Version 1.14.20 7a99b4

• Remove askit because it shows all questions without filtering f824b8

• Version 1.14.19 9d0555

• Refactored to use Filter component with fallback for legacy Widget grids. 8f22fe

• Fix #66: Mass actions now properly respect grid filters
  Refactored to use Filter component and fixed SQL ambiguous column error. 2bf312

• Fix mass actions ignoring grid filters (close #66)
  
  Refactored mass actions to use Magento's Filter component instead of
  manual selected/excluded handling. Now mass delete/enable/disable/status
  properly respect all grid filters. bba7d7

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-helpdesk — 1.4.7 (was 1.4.0)

• Version 1.4.7 e2f2f8

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 2279d2

• Version 1.4.6 4142dc

• Fixed depricated functionality for php 8.4 2e2c1d

• Version 1.4.5 fc7f6c

• Fix: validate file content before saving uploaded attachments
  
  - Add MIME type verification for known extensions (jpg, jpeg, png, gif, txt, pdf, xls, xlsx, xsl, doc, docx, zip)
  - Add deep image validation via Magento built-in Image Validator (GD/Imagick) for image types to reject polyglot files
  - Add PDF magic bytes check (%PDF-) to reject files that only pretend to be PDFs
  - Unknown extensions added by admin fall through to Magento Uploader extension whitelist only
  - Inject Magento\MediaStorage\Model\File\Validator\Image and Magento\Framework\File\Mime via constructor 9595ed

• Fix: safe default extensions fallback and code style cleanup in Config helper
  
  - Return ['gif','jpeg','jpg','png','txt','pdf'] when allowed_extension config is empty
  - Use array_filter() to strip empty values from exploded extension list
  - Remove trailing whitespace in isCaptchaEnabledForHelpdesk() 3a3595

• Version 1.4.4 9de74d

• fix(TicketDataFilter): context-aware forbidden fields — admin vs frontend (close #61)
  
  Admin UI Component sends ALL form fields (hidden + disabled) on every POST,
  so logging system fields as 'attacks' creates false positives for every
  legitimate admin ticket save (issue #61).
  
  Split FORBIDDEN_FIELDS into two context-aware lists:
  - FORBIDDEN_FRONTEND_FIELDS: ticket_id, number, created_at, modified_at,
  store_id, visitor_id, rate — suspicious from a regular customer
  - FORBIDDEN_ADMIN_FIELDS: [] — admin can do everything, whitelist is the defense
  
  Updated hasForbiddenFields/getAttemptedForbiddenFields to accept $isAdmin flag.
  Callers explicitly pass false (frontend) or true (admin). 1088a0

• fix(TicketDataFilter): empty FORBIDDEN_FIELDS to stop false positive security logs
  
  Magento UI Component admin form sends ALL fields (hidden + disabled) on
  every POST — ticket_id, number, created_at, store_id, etc. — causing a
  'Mass Assignment attack' warning on every legitimate admin ticket save.
  
  The whitelist (filterAdminData/filterCustomerData) is the actual defense.
  FORBIDDEN_FIELDS detection is redundant and misleading in this context. ebc2eb

• fix(TicketDataFilter): add missing keys to ADMIN_ADDITIONAL_FIELDS
  
  Keys swissup_helpdesk_ticket_message, http, website, ftp were silently
  stripped by filterAdminData() before reaching ResourceModel/_beforeSave
  and _afterSave, causing:
  - admin replies to never create TicketMessage (no email sent to customer)
  - HTTP/website/FTP credentials to never be written to the notes field 3920bc

• Version 1.4.3 52f4a1

• fix: remove rate limit remaining count from success message 821da9

• fix: pass flag to validator and enricher to allow admin ticket editing 9080b7

• Version 1.4.2 82538e

• fix(MessageDataFilter): remove message_id and email_message_id from FORBIDDEN_MESSAGE_FIELDS
  
  These are legitimate hidden fields sent by the admin form on every save,
  causing a false positive 'Mass Assignment attack' log entry on each
  legitimate admin message edit. The whitelist (ALLOWED_MESSAGE_FIELDS)
  already filters them out — FORBIDDEN list is for detection only. c990a0

• Version 1.4.1 4bb583

• fix(AjaxSave): add MessageDataFilter, SecurityLogger and set user_id from session
  
  - Filter POST data through MessageDataFilter whitelist (text, file only)
  to prevent mass assignment of forbidden message fields
  - Set user_id from backend auth session after filtering so isAdmin()
  returns true and CustomerNotification observer sends email to customer
  - Log forbidden field attempts via SecurityLogger before filtering
  - Remove dead commented-out code bfeb54

• fix: set user_id from admin session in AjaxSave to trigger customer email notifications
  
  When an admin replies to a ticket via the AJAX form, user_id was never
  set on the TicketMessage model. This caused isAdmin() to return false,
  which prevented the CustomerNotification observer from sending email
  replies to the customer.
  
  Fix by explicitly setting user_id from the current backend auth session
  before saving the message. 5dc9a9

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

swissup/module-oauth2-client — 1.0.6 (was 1.0.5)

• No commits found

Changelog (autogenerated)

swissup/module-easybanner — 1.9.24 (was 1.9.22)

• Version 1.9.24 ef2490

• PHP8.5: Using null as an array offset is deprecated, use an empty string 788d7e

• Version 1.9.23 522985

• Fixed incorrect return type 40a477

• Removed non-existing acl name 686ba5

• No need to extend `Adminhtml\Promo\Catalog` action #49 c0e7bc

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-attributepages — 1.8.5 (was 1.7.3)

• Version 1.8.5 e137db

• PHP8.5: Using null as an array offset is deprecated, use an empty string c2a322

• PHP8.5: Using null as an array offset is deprecated, use an empty string ebee34

• Version 1.8.4 eb7d54

• Hide links from Seo html Sitemap based on config 5da82b

• Version 1.8.3 d53e5b

• Configurable search field to allow to quickly find the option (#39) eda575

• Added translation for "No results found" 50c869

• Configurable search field (disabled by default) daffa6

• Breeze integration 2f866a

• Fixed to work nicely with "Group by letter" config ea6c22

• Transform js into component 901529

• Add translation d1e420

• Move styles to css 074dd5

• Script to data-mage-init 5047aa

• Attributepages: Added search 78b8df

• Version 1.8.2 48a150

• Added styling for mobile view 1f145a

• Version 1.8.1 6e10f9

• Fixed inability to upload image in "options grid" at "Manage Pages"
  Closes #36 78b00d

• Version 1.8.0 9ac437

• Ability to activate page on specified date range. Closes #35 d01f9b

• Version 1.7.7 671d27

• Prevent php error when calling the widget, but the module is disabled 4de120

• Version 1.7.6 987bb3

• Do not allow to view the page from different store view ef1e32

• Version 1.7.5 3dbccd

• Remove askit because it shows all questions without filtering 69014e

• Version 1.7.4 a3438a

• Do not render short description is option is disabled.
  Closes #33 1aca2a

• Added missing escapeHtml (#34) 39c6ef

• Use proper escapeHtmlAttr method
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> 5be5a1

• Added escapeHtml f906a2

• Render option from "Active store" view or "All stores" only #32 80a960

• Properly clear fpc when option is linked to multiple parent pages
  Example: BlueEvolution page is linked to ColorEvolution. e9793d

• Revert "Add missing cache identities to the attribute options list page"
  
  This reverts commit 550843a710ebb93aae07ccbd9ee067e690deff84. 829723

• Add missing cache identities to the attribute options list page 550843

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-pdf-invoice — 1.4.11 (was 1.4.7)

• Version 1.4.11 c451f7

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) 162553

• Version 1.4.10 7d3be6

• Catch possible attachment errors to prevent email sending fail, see #12 6ba2d1

• Better way to find image in template 1f6037

• Get payment title more safely to prevent errors 2f5691

• Prevent duplicate of logger instances on every getMpdf() call 2e94af

• Use application/pdf type for email attachments ee178e

• Code fixes after review 36423e

• Version 1.4.9 b035b0

• Fixed unescaped output error, closes #13 999378

• Version 1.4.8 e27ec9

• Fixed email attachments in Magento 2.4.8, closes #11 5e9992

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-navigationpro — 1.18.0 (was 1.17.33)

• Version 1.18.0 58f9cc

• PHP8.5: Using null as an array offset is deprecated, use an empty string d87100

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) b74f7d

• Ability to set gap for multicolumn layout 65b99a

• If at least one link is marked as parent, highlight all other parents
  (Event if they are empty) 7026c8

• Breeze: reset dark colors only if header__dark = true 1032ef

• Use CSS variables edeed5

• Fixed not visible loading-mask because of Magento bug 7a6d30

• Fixed incorrect column width in backend preview 27683b

• Version 1.17.36 54f8f9

• Fixed broken resizable columns 69ba9c

• Version 1.17.35 c443ca

• Allow setting colors using any available format 8d996f

• Version 1.17.34 9cbf43

• Breeze: fixed uninitialized menu 8623d5

swissup/module-core — 1.12.27 (was 1.12.25)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

Changelog (autogenerated)

swissup/module-sold-together — 1.11.4 (was 1.10.6)

• Version 1.11.4 884c4f

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 77cd08

• PHP8.5: Non-canonical cast (boolean) is deprecated, use the (bool) 75227c

• Magento 2.4.9 fix (CLI execute command) a8f141

• Fixed ability to show `Customer` block on the shopping cart page 3b7a4e

• Version 1.11.3 3741ee

• Added missing currency cache key 14b3ce

• Version 1.11.2 75e49e

• Merge pull request #51 from swissup/feature/add-nosnippet-attribute
  
  Option to add 'data-nosnippet' attribute to sold-together blocks fe03c7

• Option to add 'data-nosnippet' attribute to sold-together blocks 366381

• Version 1.11.1 d3c5df

• Added missing translation 66be41

• Version 1.11.0 d26409

• Enhance template security by escaping section titles and descriptions in assign_products.phtml #49 07b71a

• Enhance template security by escaping product ID and attribute IDs in configurable options #49 3d1ccc

• Enhance security and readability by using Escaper for URL and HTML escaping in templates #49 bf837e

• Fix output method for script rendering in initialize template d206fb

• Fix syntax for noEscape annotation in script rendering 2d4026

• Refactor JavaScript URL handling and improve code readability in templates (#49) e2355b

• Enhance template security and readability by escaping HTML attributes and adding type hints in product templates (#49) 74d10a

• Version 1.10.8 eebcc3

• Added titles to links, see #45 885694

• Fixed js error when using breeze fcf085

• Version 1.10.7 ad7013

• Fixed helper.restoreValuesToRelatedProductsField is not a function error 4c4c82

• New swiper uses mobile-first approach for breakpoints (min-width) e357af

swissup/module-sold-together-custom-options — 1.0.2 (was 1.0.1)

• Version 1.0.2 a7a3db

• Fixed unescaped output detected cb3fa6

• Fixed unescaped output detected error, see #1 078f61

swissup/module-sold-together-import-export — 1.0.2 (was 1.0.1)

• Version 1.0.2 c83c0b

• Magento 2.4.9 fix cb8160

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-rich-snippets — 1.8.2 (was 1.7.17)

• Version 1.8.2 5ee8bc

• PHP8.5
  ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1
  Using null as an array offset is deprecated, use an empty string instead e38455

• Refactor modifier modal and builder manager to improve event handling and modal interactions
  
  Co-authored-by: Copilot <copilot@github.com> 30beba

• Version 1.8.1 bc23a1

• Remove unused modal dependency from modifier builder 4060db

• Version 1.8.0 d81a93

• Refactor AdditionalProperty and implement visual modifier builder (#42)
  
  * Modifiers for AdditionalProperty
  
  * Refactor AdditionalProperty and ModifiersRenderer for improved modifier handling and UI enhancements
  
  * feat: Implement visual modifier builder with modal interface
  
  * Address MCS errors and warnings.
  
  * Address Copilit suggestions. fc4df1

• Address Copilit suggestions. c01f14

• Address MCS errors and warnings. 488ddc

• feat: Implement visual modifier builder with modal interface ab2311

• Refactor AdditionalProperty and ModifiersRenderer for improved modifier handling and UI enhancements e9cfbf

• Breeze: Fixed not working breadcrumbs when merge is enabled 5150a7

• Modifiers for AdditionalProperty fbdf7b

• Add AdditionalProperty support for structured data and configuration (#41) c2dc26

• Add skipCrosslinksProcessing parameter to productAttribute method ed9877

• Added 'Local Business' section c7d12a

• Version 1.7.18 d95bbd

• Skip home breadcrumb in JSON-LD output and enforce minimum items for valid BreadcrumbList 6da95a

• Add reeze integration for product breadcrumbs created via JS. ea00c7

• Improve product page breadcrumbs snippet. Generate it via JS. d907f6

• Refactor FAQPage and QAPage to use PageContext ViewModel for page context resolving. Remove copy/paste error. 5d2ca6

• Update schema.org URLs to use HTTPS e31276

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

Changelog (autogenerated)

swissup/module-cache-warmer — 1.0.38 (was 1.0.34)

• Version 1.0.38 69576f

• Magento 2.4.9 fix 472e89

• Magento 2.4.9 fix (CLI execute command) 05aae3

• Version 1.0.37 09d92e

• Fixed broken json config 5b7d12

• Version 1.0.36 ee8372

• Fix: Unescaped output detected 15d59b

• Version 1.0.35 c40f05

• rm debug comment 6da114

swissup/module-core — 1.12.27 (was 1.12.22)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7

• Version 1.12.26 74dff6

• Improve the libxml fix to include `data-post` and `data-config` attrs 3fee5e

• Version 1.12.25 2186f6

• Fixed broken markup when using newer libxml version (2.15.1) (#23) 61ceab

• Use same quotes c33f29

• Update Plugin/FixHtmlMarkup.php
  
  Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> e056e2

• Fixed broken markup when using newer libxml version (2.15.1) 7ff0db

• Version 1.12.24 4ac8cb

• Fixed unescaped output, closes #22 67c9f1

• Version 1.12.23 13d1c7

• Fixed integrity constraint violation: Duplicate entry for key primary b9d95d

Changelog (autogenerated)

swissup/module-knowledge-base — 1.1.44 (was 1.1.36)

• Version 1.1.44 f90dd2

• Typo fix 0780cb

• Magento 2.4.9 fix 79e635

• Magento 2.4.9 fix bee9e6

• Version 1.1.43 1ce509

• test: medium-priority coverage — AbstractDataProvider
  
  Ui/DataProvider/Form/AbstractDataProviderTest:
  - collection items returned keyed by ID when no persisted data
  - empty collection + no persistor → null result (not error)
  - DataPersistor data merged into result on failed-save round-trip
  - persistor clear() called exactly once after merge
  - persistor clear() NOT called when persistor returns nothing
  - getData() result is cached: collection.getItems() called once
  even on repeated calls 3d8ef8

• test: high-priority coverage — Config, FAQPageSchema, Router branches
  
  Helper/ConfigTest:
  - getUrlPrefix() sanitisation via getRootPrefix/getFaqPrefix/getFaqsPrefix
  - special chars stripped, underscore stripped, spaces stripped
  - empty/null/all-disallowed → fallback to default constant
  
  Model/Resolver/DataProvider/FAQPageSchemaTest:
  - getSchemaData() structure: @context, @type FAQPage, mainEntity
  - items without title or content are skipped
  - dateCreated present/absent based on created_at field
  - total_count=0 → empty array
  - cleanContent(): script/style stripped, br/p/div → space,
  whitespace collapsed, HTML entity double-decode,
  5000-char truncation boundary
  
  Controller/RouterTest additions:
  - valid category path → Forward + faq_category_id param set
  - unknown category identifier → 301 Redirect (not null)
  - root KB path /knowledge-base → Forward to index/index, no DB calls d9cdc3

• test: add unit tests for IdentifierValidator and Router
  
  - phpunit.xml.dist for standalone test runs
  - bin/test convenience script (follows module-breeze-ai pattern)
  - Test/Unit/Model/Validator/IdentifierValidatorTest: 45 cases covering
  valid slugs, type/empty/length/char validation, SQL keyword blocking,
  and false-positive regression (sleep-disorders, drop-shipping, etc.)
  - Test/Unit/Controller/RouterTest: Router+Validator integration tests
  verifying SQL injection paths return null with no DB call
  - IdentifierValidator: switch from regex word-boundary to slash-segment
  matching so dash-compound slugs (sleep-disorders) are allowed while
  bare keyword path segments (/sleep, /select) are still blocked 6dd1f6

• Version 1.1.42 865342

• perf: skip categories request on search, memoize GraphQL responses
  
  Skip loadCategories() when search is active — results span all categories
  so category IDs filter is unnecessary. Saves one GraphQL round-trip per
  search keystroke.
  
  Memoize loadCategories() — result is stable per page load, no need to
  re-fetch when user clears search and categories view restores.
  
  Memoize loadFaqs() by cache key: search|categoryIds|page|pageSize — same
  query params return same data, so repeated calls (e.g. type/clear/type)
  hit cache instead of network.
  
  Fix inline event handler order: set search = e.target.value before calling
  loadData() so _doLoadData reads correct search value synchronously.
  
  Result: search input → 1 request (faqs only). Clear search → 0 requests
  (both categories and faqs from cache). 3a2b32

• fix: restore search input reactivity in Breeze compatibility mode
  
  Replace textInput: with value + valueUpdate + explicit event binding.
  
  Root cause: Breeze uses KO-ES5 plugin (ko.track) for reactive properties.
  KO textInput binding calls eb() to write back, which requires ko.observable()
  or _ko_property_writers. ES5 tracked props have neither, so textInput
  could not write back the value.
  
  Additionally, listens: { search: loadData } subscribed via _on() (custom
  event bus) because search = '' (falsy) at init time, bypassing ko.getObservable
  subscription path in Breeze component-ui.js:on().
  
  Fix: value: updates ES5 setter on blur, valueUpdate: input makes it fire
  on every keystroke, event: {input: loadData} explicitly triggers loadData
  so debounce fires correctly regardless of listens subscription path. 41a95a

• Version 1.1.41 b58ec1

• feat: show short snippet in search results instead of full article content 7f557b

• Version 1.1.40 4dc5e0

• refactor: extract prefix building into private methods 55ed92

• Version 1.1.39 05ca7c

• fix: allow slashes in URL route prefixes be5723

• fix: allow hyphens in URL route prefixes 047327

• Version 1.1.38 d9345d

• fix: decode escaped HTML in PageBuilder content type before widget filter b1809c

• Version 1.1.37 5a97e5

• fix: filter FAQs by current category, skip loadCategories() on category page 19baac

swissup/module-core — 1.12.27 (was 1.12.26)

• Version 1.12.27 ac70c7

• Magento 2.4.9 fix (CLI execute command) d224be

• Prevent news retrieval after each cache flush ac96b7