View file File name : changelog.txt Content :2.3.12 Fixed admin redirect logic after login to properly handle single-level permissions by redirecting to the first accessible child route. #11141 [fixed] - Fixed an issue where, in certain scenarios, adding a bundle product with a quantity greater than 1 calculated the cart subtotal for only a single quantity, resulting in incorrect pricing. #11137 [fixed] - Fixed an issue where invoice email attachments were not being sent correctly. #11030 [fixed] - Added management support for shop footer copyright content in the admin panel. #10929 [fixed] - Added redirect URI configuration support for social authentication login. #10831 [fixed] - Fixed COD appearing for downloadable products in mixed cart. 2.3.11 🐛 Bug Fixings Security updates. Enhanced form validation by implementing auto-scroll to the first error field, with support for regular inputs, array fields (categories, channels), nested fields, and TinyMCE editors. Added fallback flash messages when error fields cannot be located or scrolled to. #11080 - Fixed a currency display issue in invoices when the channel currency differed from the admin panel currency. 2.3.10 ✏️ Changes Fixed a security issue in the installer endpoints. Fixed a security issue in the customer order reorder functionality. Fixed a Server-Side Template Injection (SSTI) vulnerability in the first and last name fields that could be exploited by low-privileged users. Refined the Blade tracer to track only view files, ensuring accurate view-level tracing. Fixed SSTI vulnerability in type parameter handling — user input is now properly sanitized/validated to prevent server-side template injection. Sanitized product review attachments to prevent stored XSS. Sanitized CMS html_content during create and update operations to prevent stored XSS vulnerabilities. Added validation for external URLs in downloadable product samples to block access to private and reserved IP ranges. 🐛 Bug Fixings #11058 - Fixed the speculation issue and resolved the revoke endpoint issue. #11053 - Fixed an issue where the custom field price was not converted according to the exchange rate on the product view page. #11051 - Fixed a redirection issue that occurred when a product had insufficient quantity. #11028 - Fixed an issue where horizontal scrolling caused misalignment of fixed-position elements (Cart/Profile buttons) on the search page. #10975 - Fixed validation to ensure the source and target currencies are different when creating exchange rates.