- #11369 [Docs] Don't use $HOME in SymfonyCloud deployment cookbook (@tucksaun)
- #11387 Remove the doc reference to a promotion action that no longer exists in Core. (@gabiudrescu)
- #11391 Fallback to the locale code if the associated name isn't found (@dunglas)
- #11390 Bug #9738 Fix nested form collections (@vic-blt)
- #11403 Fix Autolabeler configuration (@Zales0123)
- #11416 doc : add the composer dump-autoload instruction (@davidroberto)
- #11450 [Docs] Enable redirections on ReadTheDocs (@pamil)
- #11452 [Docs] Fix redirection for backwards compatibility promise (@pamil)
- #11944 [Shop] Disabling customer when email has been changed (@lchrusciel)
- #11018 Fix: Check PropertyPath value for add error to form (@Coosos)
- #11191 Separated order items subtotal calculation logic from twig extension (@4c0n)
- #11341 [Maintenance] Upgrade packages dependencies & fix 1.6 build (@lchrusciel)
- #11342 [Maintenance] Remove memory swap (@lchrusciel)
- #11346 [ADMIN] fix closed gateway config field in payment method form (@bigboss86)
- #11363 Introduce Probot Autolabeler (@Zales0123)
- #11364 fix #11362 : ignore channel locale listener on profiler routes (@thi3rry)
- #11380 Use !default for SCSS variables to allow overriding them (@pamil)
- #11168 [Docs] Remove sensio.sphinx.refinclude (@Tomanhez)
- #11111 [Docs] Recommend trait usage in Plugin Development Guide (@Zales0123)
- #11147 [Plus Docs] Installation guide improvement and Administrator Roles (@CoderMaggie)
- #11169 [missing return] Update basic-usage (@DurandSacha)
- #11146 [Behat][Admin] Fix step with checking number of orders in the list (@GSadee)
- #11177 [Documentation] Sylius Plus docs part 2; including fixes to links (@CoderMaggie)
- #11181 Sylius Plus feature scope update (@dukusz)
- #11179 [Maintenance] Remove uneeded step (@lchrusciel)
- #11192 Fixtures: fix French translation of cap (@dunglas)
- #11299 Remove useless interface in custom_fixture.rst (@dunglas)
- #11304 [Docs] Require tagged plugins for Sylius Store (@Zales0123)
- #11310 Install symfony/polyfill-php80 to fix the psalm build (@Zales0123)
- #11065 user provider fix exception (@oallain)
- #11079 [Docs] Add organization section to The Book + set up Sphinx redirections (@pamil)
- #11095 [Promotion] Generating long coupons (@oallain, @GSadee)
- #11097 [Composer] Add conflicts to fix build for Symfony 3.4 (@GSadee)
- #11113 [Docs][Plus] Splitting shipments (@CoderMaggie)
- #11114 Fixed wrongly calculated order-item subtotal (@peterukena)
- #11119 [Docs] Sphinx instalation guide (@Tomanhez)
- #11130 Add documentation to deploy Sylius to SymfonyCloud (@tucksaun)
- #11137 [Docs] Improve installation steps (@lchrusciel)
- #11142 [Docs] Mention Minimum stability in plus installation (@Zales0123)
Please refer to the original security advisory for the most updated information.
Impact:
This vulnerability gives the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when %kernel.debug% is set to true.
However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is %kernel.debug% will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false.
Patches:
Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore.
Workarounds:
Unsupported versions could be patched by adding the following configuration to run in production:
sylius_channel:
debug: false- #10296 Product show page (@kulczy, @AdamKasp)
- #10342 [Fixture] Togglable default locale loading (@lchrusciel)
- #10355 Adding a coupon generator command (@mamazu)
- #10361 Change master branch to v1.6.0-DEV (@pamil)
- #10382 [Admin][Shipment] Add filtering shipments by a channel (@Tomanhez, @GSadee)
- #10383 [Behat] Make feature filenames consistent with others (@GSadee)
- #10388 Fix product show page margins (@kulczy)
- #10391 [Admin][Product] Show page fixes (@AdamKasp)
- #10392 improved code quality (@oallain)
- #10393 [Docs] Describe available configuration options for locale fixture (@lchrusciel)
- #10396 [Admin] Avoid javascript in saving positions (@Zales0123)
- #10399 Add info into install command about need of setting the locale in symfony config ()
- #10400 Add discounts and totals in the cart (@kulczy, @bartoszpietrzak1994)
- #10406 [Fixtures] Added random generated order complete date (@AdamKasp)
- #10409 Create SECURITY.md (@gabiudrescu, @pamil)
- #10417 [Admin] Order summary UI + discounts and taxes viewing logic (@kulczy, @AdamKasp)
- #10419 Add prices and discounts to the order summary box (@kulczy)
- #10420 Change order summary table (@kulczy, @AdamKasp)
- #10429 Add admin user avatar placeholder (@kulczy)
- #10438 Keep all prices in the same currency in checkout (@pamil)
- #10441 [Inventory][Product] Move inventory to new tab (@AdamKasp)
- #10442 Add an alert about unsaved changes (@kulczy)
- #10443 Unify shipping row on the order summary table (@kulczy)
- #10444 Change dashboard view (@kulczy, @pamil)
- #10449 Administrator's avatar (@Tomanhez, @Zales0123)
- #10451 [Admin] Add possibility to configure custom index route in routing (@GSadee)
- #10453 Fix deprecation notice (@loevgaard)
- #10455 Improve admin product show page UI (@kulczy, @AdamKasp, @GSadee)
- #10456 Make image uploader easier to customize (@Zales0123, @pamil)
- #10460 AvatarImage Doctrine mapping fix (@bartoszpietrzak1994)
- #10461 Fix product show page elements (@kulczy)
- #10467 Drop support for Symfony 4.1 and 4.2 (@pamil)
- #10471 Add footer with Sylius version to the admin panel (@kulczy)
- #10472 [Admin] Index of payments (@Tomanhez)
- #10477 Improve bulk actions (@kulczy, @AdamKasp)
- #10482 [Promotion] Fix Action creation doc (@pierre-H)
- #10483 [Admin]Admin choose channel in product show page (@Tomanhez)
- #10484 [Admin] Minor fixes payment shipment (@Tomanhez)
- #10485 [Promotion] Coupon prefix and suffix (@Zales0123)
- #10491 [Admin] Form validation error (@Tomanhez)
- #10497 Minor Fixes - Admin choose channel in product show page (@Tomanhez)
- #10499 [Admin] Fix css file (@GSadee)
- #10510 Add avatar preview (@kulczy)
- #10514 [Admin] In sections : edit variant and edit product add button product show page in shop (@Tomanhez)
- #10516 Fix Psalm false-positives (@pamil)
- #10518 [Admin] Unify order link in Orders, Payments, Shipments (@Tomanhez)
- #10520 [Admin] Unify payment and shipment labels (@GSadee)
- #10521 [Admin][Product] Disable show in shop button when product is disabled (@GSadee)
- #10522 Fix 'disabled' label (@kulczy)
- #10529 [Fixtures] Improve fixtures. (@AdamKasp)
- #10531 Improve filters UI (@kulczy)
- #10534 [Fixtures] Variant name now is concatenated options value. (@AdamKasp)
- #10536 [Docs] Make Plugins and Plugin Development Guide more visible (@CoderMaggie)
- #10539 [Fixtures] Add tax category to product. (@AdamKasp)
- #10541 Update README.md (@AdamKasp)
- #10542 [Fixtures] Product fixtures in yaml. (@AdamKasp)
- #10546 Improve filters (@kulczy)
- #10547 [Admin] Remove avatar (@Tomanhez)
- #10552 [Order] Change OrderItemController methods to protected (@Zales0123)
- #10555 [Admin][AdminUser] Improvements for removing an avatar (@GSadee)
- #10560 [Behat][AdminUser] Fix filename typo (@GSadee)
- #10562 Avoid js when removing product from cart (@Zales0123)
- #10570 [Fixtures] Added 'tracked' field to product fixture configuration (@AdamKasp)
- #10572 [Fixtures] Minor fixes. (@AdamKasp)
- #10576 [Fixtures] Jeans attributes names fix (@CoderMaggie)
- #10580 [Admin][Order] Change item to unit discount on summary page (@GSadee)
- #10587 Avoid BC break in ProductExampleFactory (@Zales0123)
- #10588 [AdminBundle] Payments & Shipments index pages sortable by date (@Tomanhez)
- #10594 [CoreBundle] Fixtures creating SimpleProduct, remove options from caps (@Tomanhez)
- #10595 Use {{ limit }} to allow min/max value update (@Prometee)
- #10596 [Documentation][Contribution] Improve doc contribution guide (@lchrusciel)
- #10597 [AdminBundle] Extract logo to separate twig file (@Tomanhez)
- #10606 [Admin][Payment] Not displaying payments in cart state on the list (@GSadee)
- #10614 [AdminBundle] Uncoupled AdminBundle with ShopBundle (@Tomanhez)
- #10615 [HOTFIX] [Behat] Fix tax extraction (@lchrusciel)
- #10616 [Fixture] Make order fixture more flexible (@TiMESPLiNTER, @AdamKasp)
- #10617 Provide an upgrade guide for v1.6.0 (@pamil)
- #10619 Sending email after ship shipment on grid (@AdamKasp)
- #10620 Fix bug after rebase (@AdamKasp)
- #10621 Fix email after complete payment via grid (@AdamKasp)
- #10627 Use fallback locale as default for the new administrators (@pamil)
- #10628 Fix OrderExampleFactory (@Zales0123)
- #10630 [HotFix] Proper order of arguments (@lchrusciel)
- #10631 [Core] Improved fixture example factory (@lchrusciel)
- #10636 [Admin] Proper tests for shipment mailing (@lchrusciel)
- #10639 [Admin] Fix sorting on customer orders list (@lchrusciel)
- #10640 Revert "[Admin][Shipment] Add filtering shipments by a channel" (@lchrusciel)
- #10642 [Admin][Shipment] Add filtering shipments by a channel (@Tomanhez, @GSadee)
- #10695 [Admin][Product] Fix displayed stocks on product show page (@GSadee)
- #10700 [Promotion] Remove coupling to core (@lchrusciel)
- #10716 Minor fixtures fixes (@AdamKasp)
- #10733 Fix 10719 infinite order fixture loading (@igormukhingmailcom)
- #10744 [Documentation][Book] Invoices (@CoderMaggie)
- #10747 Remove flashing from the bulk button (@kulczy)
- #10760 Add JQuery Dirtyforms in UPGRADE-1.6.md (@maximehuran)
- #10784 [Docs] Installation guide update (@lchrusciel)
- #10837 Remove unused templating engine from RemoveAvatarAction (@pamil)
- #10842 [Docs] Update core team (@lchrusciel)
- #10844 Clarify BC promise for final controllers (@pamil)
- #10853 [Behat][Admin][Order] Fix scenarios for displaying promotions on 1.6 after upmerge (@GSadee)
- #10865 [Admin][Promotion] Fix the prevention of generating too many coupons (@GSadee)
- #10884 [Plugins][Docs] Plugin technical requirements changes (@Zales0123)
- #10889 [Fixtures] Update product names (@CoderMaggie)
- #10890 Fix build - remove redundant validation message part (@Zales0123)
- #11046 [Docs] Update sensio.sphinx (@Tomanhez)
- #11060 Fixed typo in services comment (@codreanulaurentiu)
- #11061 [Documentation] Backport of #11054 to 1.6 (@lchrusciel)
Details:
Exception messages from internal exceptions (like database exception) are wrapped by
\Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI.
Therefore, some internal system information may leak and be visible to the customer.
A validation message with the exception details will be presented to the user when one will try to log into the shop.
Solution:
This release patches the reported vulnerability. The src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig
file from Sylius should be overridden and {{ messages.error(last_error.message) }} changed to {{ messages.error(last_error.messageKey) }}.
- #10835 Improve deprecation message for "Sylius\Bundle\CoreBundle\Application\Kernel" (@pamil)
- #10837 Remove unused templating engine from RemoveAvatarAction (@pamil)
- #10841 [Docs] Include link to ShopApi docs to REST API Reference (@Zales0123)
- #10842 [Docs] Update core team (@lchrusciel)
- #10844 Clarify BC promise for final controllers (@pamil)
- #10846 [Order] Include order unit promotion adjustments and order item promotion adjustments in order promotion total (@Tomanhez)
- #10849 Move ShopApi reference to main menu (@Zales0123)
- #10853 [Behat][Admin][Order] Fix scenarios for displaying promotions on 1.6 after upmerge (@GSadee)
- #10855 [Docs] Open external links in a new tab (@Zales0123)
- #10857 Change readme banner (@kulczy)
- #10865 [Admin][Promotion] Fix the prevention of generating too many coupons (@GSadee)
- #10880 [Promotion] Improve coupon generation validation message (@GSadee)
- #10881 Add docs banner (@kulczy)
- #10889 [Fixtures] Update product names (@CoderMaggie)
- #10890 Fix build - remove redundant validation message part (@Zales0123)
- #10891 Update release process docs for 1.2 (@pamil)
- #9931 [Payum] infinite loop on state machine exception fixed (@tautelis)
- #10733 Fix 10719 infinite order fixture loading (@igormukhingmailcom)
- #10734 Added: TimestampableInterface to core TaxonInterface (fixes #10728) (@igormukhingmailcom)
- #10744 [Documentation][Book] Invoices (@CoderMaggie)
- #10748 Switch statement conditions (@mikemix)
- #10750 Fix compound form errors (@loic425)
- #10752 Translate attribute type on attributes grid (@loic425)
- #10755 [Docs] Add tag that stripe is outdated and add SCA note (@Tomanhez, @GSadee)
- #10760 Add JQuery Dirtyforms in UPGRADE-1.6.md (@maximehuran)
- #10761 Replace EntityManager#flush($entity) by EntityManager#flush() (@twojtylak)
- #10764 [Behat] Fix a typo on Paypal context (@loic425)
- #10769 Remove unsupported RBAC plugin from command and docs (@GSadee)
- #10773 Update ad url (@kulczy)
- #10776 [Behat] Remove final on product index and product variant index pages (@loic425)
- #10781 Allow no default tax zone in channel fixtures (@pamil)
- #10784 [Docs] Installation guide update (@lchrusciel)
- #10790 [ShippingMethod] Do not allow to specify shipping charge below 0 (@Zales0123)
- #10792 [Behat][Admin] Add scenarios for validating default locale for a channel (@GSadee)
- #10793 [Admin][Channel] Validating default locale for a channel (@GSadee)
- #10805 [Addressing] Make sure the CountryNameExtension::translateCountryIsoCode() always returns a string (@vvasiloi)
- #10806 [Order] include order promotion adjustments in order promotion total (@vvasiloi)
- #10819 Fixed: Typo/artifact (@igormukhingmailcom)
- #10820 Rename shop user factory to help autowiring (@loic425)
- #10821 Specify PHP version for SymfonyInsights (@pamil)
- #10823 Remove unnecessary +x chmod on some files (@pamil)
- #10824 Use SessionInterface instead of Session in UserImpersonator (@pamil)
- #10825 Fixed: Typo at grid configuration example (@igormukhingmailcom)
- #10826 Execute PHPUnit tests inside AdminApiBundle (@pamil)
- #10832 Do not merge promotion action configuration (@pamil)
- #10641 [Documentation] Fixtures customization guides - fixes (@CoderMaggie, @Zales0123)
- #10644 [Documentation] Add tip about locked adjustments (@j0r1s)
- #10645 [Docs] Fix Blackfire Ad (@Tomanhez)
- #10646 [Docs] Fix Ad (@Tomanhez)
- #10649 Update online course ad (@kulczy)
- #10652 Add Sylius 1.6 banner to the docs (@kulczy)
- #10667 Improve GUS information notification (@Zales0123)
- #10680 Fix ChannelCollector related serialization issue in Symfony profiler (@ostrolucky)
- #10695 [Admin][Product] Fix displayed stocks on product show page (@GSadee)
- #10700 [Promotion] Remove coupling to core (@lchrusciel)
- #10701 [Maintenance] Update docs with v1.6 (@lchrusciel)
- #10710 [Address book] Extensibility improvements (@cyrosy)
- #10713 [Behat] Improve dashboard page extensibility (@loic425)
- #10716 Minor fixtures fixes (@AdamKasp)
- #10727 Fix channels label size and alignment (@kulczy)
- #10732 Update course ad (@kulczy)
- #10739 [Admin][Adressing] fixed province code validation regex (@twojtylak)
- #10742 Fix the build for 1.5 and 1.6 branches (@pamil)
- #10747 Remove flashing from the bulk button (@kulczy)
- #10382 [Admin][Shipment] Add filtering shipments by a channel (@Tomanhez, @GSadee)
- #10636 [Admin] Proper tests for shipment mailing (@lchrusciel)
- #10639 [Admin] Fix sorting on customer orders list (@lchrusciel)
- #10395 [Docs] How to add your custom fixtures? (@Tomanhez)
- #10397 [Docs]How to add your custom fixture suites? (@Tomanhez)
- #10456 Make image uploader easier to customize (@Zales0123, @pamil)
- #10512 [Admin] Improve breadcrumbs (especially for ProductVariants and PromotionCoupons) (@CoderMaggie)
- #10540 Skip oauth_user_factory_is_not_overridden test if HWIOAuthBundle is not installed (@vvasiloi)
- #10547 [Admin] Remove avatar (@Tomanhez)
- #10552 [Order] Change OrderItemController methods to protected (@Zales0123)
- #10553 Flags are not languages (@vvasiloi)
- #10555 [Admin][AdminUser] Improvements for removing an avatar (@GSadee)
- #10558 Allow translation of custom labels (@Prometee)
- #10560 [Behat][AdminUser] Fix filename typo (@GSadee)
- #10562 Avoid js when removing product from cart (@Zales0123)
- #10564 [Fixture] Improve order fixture (@Zales0123)
- #10570 [Fixtures] Added 'tracked' field to product fixture configuration (@AdamKasp)
- #10571 Update custom-promotion-rule.rst (@jmwill86)
- #10572 [Fixtures] Minor fixes. (@AdamKasp)
- #10576 [Fixtures] Jeans attributes names fix (@CoderMaggie)
- #10579 Fix lazy choice tree will not automatically expanded (@tom10271)
- #10580 [Admin][Order] Change item to unit discount on summary page (@GSadee)
- #10583 Enable sorting of customer orders in admin panel (@pamil)
- #10587 Avoid BC break in ProductExampleFactory (@Zales0123)
- #10588 [AdminBundle] Payments & Shipments index pages sortable by date (@Tomanhez)
- #10589 [Documentation][Cookbook] How to integrate a Payment Gateway as a Plugin? (@lchrusciel)
- #10594 [CoreBundle] Fixtures creating SimpleProduct, remove options from caps (@Tomanhez)
- #10595 Use {{ limit }} to allow min/max value update (@Prometee)
- #10596 [Documentation][Contribution] Improve doc contribution guide (@lchrusciel)
- #10597 [AdminBundle] Extract logo to separate twig file (@Tomanhez)
- #10598 Add course ad (@kulczy)
- #10599 [Documentation] Delete additional lines to remove ShopBundle (@wpje)
- #10600 [Documentation][Minor] Removing redundant dots (@lchrusciel)
- #10601 Change course CTA (@kulczy)
- #10603 [Shop] Promotion integrity checker fix (@lchrusciel)
- #10605 [Admin][Shipment] Not displaying shipments in cart state on the list (@GSadee)
- #10606 [Admin][Payment] Not displaying payments in cart state on the list (@GSadee)
- #10608 [Docs] Fix incorrect documentation regarding payments (@dimaip)
- #10609 [Documentation][Minor] Proper comment in xml file (@lchrusciel)
- #10613 [PayumBundle] Use Payment amount in Payum gateways actions (, @Zales0123)
- #10614 [AdminBundle] Uncoupled AdminBundle with ShopBundle (@Tomanhez)
- #10615 [HOTFIX] [Behat] Fix tax extraction (@lchrusciel)
- #10616 [Fixture] Make order fixture more flexible (@TiMESPLiNTER, @AdamKasp)
- #10617 Provide an upgrade guide for v1.6.0 (@pamil)
- #10618 [Fixtures] Allow no shipping and payments in fixtures (@igormukhingmailcom, @Zales0123)
- #10619 Sending email after ship shipment on grid (@AdamKasp)
- #10620 Fix bug after rebase (@AdamKasp)
- #10621 Fix email after complete payment via grid (@AdamKasp)
- #10624 Disable chrome autocomplete (@kulczy)
- #10626 [Fixture] Do not skip payments and shipments manually (@Zales0123)
- #10627 Use fallback locale as default for the new administrators (@pamil)
- #10628 Fix OrderExampleFactory (@Zales0123)
- #10629 [Docs] Add missing items to customization guide menu (@Zales0123)
- #10630 [HotFix] Proper order of arguments (@lchrusciel)
- #10631 [Core] Improved fixture example factory (@lchrusciel)
- #10633 Add Blackfire ad (@kulczy)
- #10634 Add Blackfire logo (@kulczy)
- #10165 Product attribute fixtures improvements (@Zales0123, @pamil)
- #10401 Psalm (@loic425, @pamil)
- #10464 Do not crash when duplicated locales are passed to the fixture (@pamil)
- #10467 Drop support for Symfony 4.1 and 4.2 (@pamil)
- #10468 Remove Symfony workarounds and add conflicts (@pamil)
- #10471 Add footer with Sylius version to the admin panel (@kulczy)
- #10472 [Admin] Index of payments (@Tomanhez)
- #10473 Update docs to follow Symfony 4 standards (@pamil)
- #10477 Improve bulk actions (@kulczy, @AdamKasp)
- #10482 [Promotion] Fix Action creation doc (@pierre-H)
- #10483 [Admin]Admin choose channel in product show page (@Tomanhez)
- #10484 [Admin] Minor fixes payment shipment (@Tomanhez)
- #10485 [Promotion] Coupon prefix and suffix (@Zales0123)
- #10488 Marked router dependency as deprecated in admin ImpersonateUserController (@SebLours)
- #10489 Make it possible to have no shipping methods for Order fixtures (@TiMESPLiNTER)
- #10491 [Admin] Form validation error (@Tomanhez)
- #10492 [Admin] Minor fixes customer group validation form (@Tomanhez)
- #10494 [UI] Fix button groups radius (@kulczy)
- #10496 [UPGRADE] Mention locale requirement change in UPGRADE-1.5 (@Zales0123)
- #10497 Minor Fixes - Admin choose channel in product show page (@Tomanhez)
- #10498 Add search bar css rule for Firefox (@aloupfor)
- #10499 [Admin] Fix css file (@GSadee)
- #10508 Revert "Make it possible to have no shipping methods for Order fixtures" (@lchrusciel)
- #10509 [Admin] Add link to product in variant breadcrumb (@Tomanhez)
- #10510 Add avatar preview (@kulczy)
- #10514 [Admin] In sections : edit variant and edit product add button product show page in shop (@Tomanhez)
- #10516 Fix Psalm false-positives (@pamil)
- #10517 [Grid] Allow not to pass "apply_transition" button class (@Zales0123)
- #10518 [Admin] Unify order link in Orders, Payments, Shipments (@Tomanhez)
- #10520 [Admin] Unify payment and shipment labels (@GSadee)
- #10521 [Admin][Product] Disable show in shop button when product is disabled (@GSadee)
- #10522 Fix 'disabled' label (@kulczy)
- #10525 Bump lodash from 4.17.11 to 4.17.14 (@dependabot[@bot])
- #10529 [Fixtures] Improve fixtures. (@AdamKasp)
- #10531 Improve filters UI (@kulczy)
- #10534 [Fixtures] Variant name now is concatenated options value. (@AdamKasp)
- #10535 [Shop] Fix passed channel context service to be composite (@GSadee)
- #10536 [Docs] Make Plugins and Plugin Development Guide more visible (@CoderMaggie)
- #10539 [Fixtures] Add tax category to product. (@AdamKasp)
- #10541 Update README.md (@AdamKasp)
- #10542 [Fixtures] Product fixtures in yaml. (@AdamKasp)
- #10546 Improve filters (@kulczy)
- #10548 [HotFix?] Move mysql service to fix the build (@Zales0123)
- #10296 Product show page (@kulczy, @AdamKasp)
- #10342 [Fixture] Togglable default locale loading (@lchrusciel)
- #10355 Adding a coupon generator command (@mamazu)
- #10361 Change master branch to v1.6.0-DEV (@pamil)
- #10383 [Behat] Make feature filenames consistent with others (@GSadee)
- #10388 Fix product show page margins (@kulczy)
- #10391 [Admin][Product] Show page fixes (@AdamKasp)
- #10392 improved code quality (@oallain)
- #10393 [Docs] Describe available configuration options for locale fixture (@lchrusciel)
- #10396 [Admin] Avoid javascript in saving positions (@Zales0123)
- #10399 Add info into install command about need of setting the locale in symfony config (@Holicz)
- #10400 Add discounts and totals in the cart (@kulczy, @bartoszpietrzak1994)
- #10406 [Fixtures] Added random generated order complete date (@AdamKasp)
- #10409 Create SECURITY.md (@gabiudrescu, @pamil)
- #10417 [Admin] Order summary UI + discounts and taxes viewing logic (@kulczy, @AdamKasp)
- #10419 Add prices and discounts to the order summary box (@kulczy)
- #10420 Change order summary table (@kulczy, @AdamKasp)
- #10429 Add admin user avatar placeholder (@kulczy)
- #10438 Keep all prices in the same currency in checkout (@pamil)
- #10441 [Inventory][Product] Move inventory to new tab (@AdamKasp)
- #10442 Add an alert about unsaved changes (@kulczy)
- #10443 Unify shipping row on the order summary table (@kulczy)
- #10444 Change dashboard view (@kulczy, @pamil)
- #10449 Administrator's avatar (@Tomanhez, @Zales0123)
- #10451 [Admin] Add possibility to configure custom index route in routing (@GSadee)
- #10453 Fix deprecation notice (@loevgaard)
- #10455 Improve admin product show page UI (@kulczy, @AdamKasp, @GSadee)
- #10460 AvatarImage Doctrine mapping fix (@bartoszpietrzak1994)
- #10461 Fix product show page elements (@kulczy)