5.9.19.12
Matej Kendera
- [Notice] Added support for PHP 7.4.
- [Security] possible SSRF: mail account configuration, custom urls requests (#4377) (#4401)
- [Security] Authentication and session cookies are not HttpOnly and secured (#4389)
- [Security] XSS: possible javascript injection in merchant panel (#4385) (#4384) (#4366) (#4356)
- [Security] Download file link can execute any uploaded file in browser (#4371)
- [Security] Import themes: missing check for allowed file tyepes (#4370)
- [Security] HTML signup form: example with echo post field (#4373)
- [Improvement] Remove EXIF data from profile images (#4399)
- [Improvement] Use different commission for existing customers (Lifetime referral commission) (#4381)
- [Improvement] Add user role ID to event logs on unsuccessful login attempt (#4380)
- [Improvement] Knowledge base urls links should be https (#4361)
- [Improvement] Option to select commission group while importing lifetime referrals from a csv file (#4359)
- [Performance] Loading pending tasks on merchant home screen is not effective (#4357)
- [Plugin] Stripe: problems with creating affiliate (#4392)
- [Plugin] Add rules for affiliate fields to HubSpot plugin (#4391)
- [Style] Contact us form in August theme has broken CSS on mobile (#4372)
- [Style] Turn right arrow in menu (#4364)