5.9.19.12

  • [Notice] Added support for PHP 7.4.
  • [Security] possible SSRF: mail account configuration, custom urls requests (#4377) (#4401)
  • [Security] Authentication and session cookies are not HttpOnly and secured (#4389)
  • [Security] XSS: possible javascript injection in merchant panel (#4385) (#4384) (#4366) (#4356)
  • [Security] Download file link can execute any uploaded file in browser (#4371)
  • [Security] Import themes: missing check for allowed file tyepes (#4370)
  • [Security] HTML signup form: example with echo post field (#4373)
  • [Improvement] Remove EXIF data from profile images (#4399)
  • [Improvement] Use different commission for existing customers (Lifetime referral commission) (#4381)
  • [Improvement] Add user role ID to event logs on unsuccessful login attempt (#4380)
  • [Improvement] Knowledge base urls links should be https (#4361)
  • [Improvement] Option to select commission group while importing lifetime referrals from a csv file (#4359)
  • [Performance] Loading pending tasks on merchant home screen is not effective (#4357)
  • [Plugin] Stripe: problems with creating affiliate (#4392)
  • [Plugin] Add rules for affiliate fields to HubSpot plugin (#4391)
  • [Style] Contact us form in August theme has broken CSS on mobile (#4372)
  • [Style] Turn right arrow in menu (#4364)