Download Latest Version
v2.2.3 source code.tar.gz (24.8 MB)
Get an email when there's a new version of Sylius
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-03-09 | 2.8 kB | |
| v2.1.12 source code.tar.gz | 2026-03-09 | 24.8 MB | |
| v2.1.12 source code.zip | 2026-03-09 | 30.7 MB | |
| Totals: 3 Items | 55.5 MB | 0 | |
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- Open Redirect via Referer Header
- DQL Injection via API Order Filters
- Promotion Usage Limit Bypass via Race Condition
- IDOR in Cart and Checkout LiveComponents
- Missing Authorization in API v2 Add Item Endpoint
- XSS Vulnerability in Checkout Login Form
- Authenticated Stored XSS
Details
- #18747 Fix panther build (@TheMilek)
- #18758 Remove duplicated serialization group field (@TheMilek)
- #18785 Try to fix build after ResourceBundle release (@TheMilek)
- #18742 [Admin] Fix order history address fields not displaying empty values (@Wojdylak)
- #18806 Fix after new release of PayumBundle (@TheMilek)
- #18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@TheMilek)
- #18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@GSadee)
- #18841 Fix Dutch translation for payment method (@JordiDekker)
- #18871 Add conflict to api-platform/serializer 4.2.17 (@TheMilek)
- #18888 Remove redundant check with apip4.1.7 in matrix (@TheMilek)
- #18887 [BUGFIX] Make GitHub actions green again 2.1 (@rust-le)
- #18844 Fix formatting in UPGRADE-2.0.md (@LucaGallinari)
Full Changelog: https://github.com/Sylius/Sylius/compare/v2.1.11...v2.1.12
