- asset-server-plugin Fix local file read vulnerability when using the LocalAssetStorageStrategy (e2ee0c4). See the security advisory
- admin-ui Fix theme & ui language switcher (c93589b), closes #3111
- core Do not include deleted variants when indexing productInStock (#3110) (73cb190), closes #3110 #3109
- core Fix coupon code validation across multiple channels (e57cc1b), closes #2052
- core Fix filtering on list queries of tree entities (227da05), closes #3107
- core Improve error message on populating without tax rates (7e36131), closes #1926
28884197f7b195a1598426bf5f7dab2b35793c21
- admin-ui-plugin Implement rate limiting on static server (9516c71)
- admin-ui Add padding to default relation custom field dropdown (02e68e0)
- admin-ui Add support for custom fields on CustomerGroup list (7128a33)
- admin-ui Enable selective loading of custom fields (9d7744b), closes #3097
- admin-ui Fix bad locale detection regex (f336d7f)
- admin-ui Lazy-load only selected custom fields in list views (690dd0f), closes #3097
- admin-ui Unsubscribe from alerts when logging out (#3071) (f38340b), closes #3071 #2188
- asset-server-plugin Do not return raw error message on error (801980e)
- core Correctly parse numeric sessionDuration and verificationTokenDuration values (#3080) (98e4118), closes #3080
- core Fix issues caused by f235249f (5a4299a)
- core Fix RequestContext race condition causing null activeOrder (f235249), closes #2097
- core Handle empty state for product and variant id filter (#3064) (9a03c84), closes #3064
- core Prevent theoretical polynomial regex attack (9f4a814)
- core Remove duplicate call in applyCouponCode resolver (bffc58a)
- core Replace insecure randomness with secure randomBytes (cb556d8)
- payments-plugin Use default channel in Stripe webhook calls to reach all orders (#3076) (8434111), closes #3076
- core Fix performance when using FacetValue-based checks (a735bdf)
- admin-ui List views only load the visible custom fields, closes #3097
- admin-ui Display up to 3 decimal places in OrderSummary tax rate (13a1b21), closes #3051
- core Fix regression in correctly setting OrderLine.featuredAsset (7d070f2)
- admin-ui Fix removing coupon code from draft order (04340f1), closes #2969
- core Fix search indexing issue when working with multiple channels (#3041) (75ed6e1), closes #3041 #3012
- core Prevent exposure of private custom fields via JSON type (042abdb), closes #3049
- elasticsearch-plugin Fix search multichannel indexing issue (9d6f9cf), closes #3012
- core Fix slow
order
query for postgres v16 (1baa8e7), closes #3037 - core Omit ID encode/decode step if default EntityIdStrategy used (ad30b55)
- core Optimizations to the addItemToOrder path (70ad853)
- core Optimize order operations (e3d6c21)
- core Optimize resolution of featuredAsset fields (d7bd446)
- core Optimize setting active order on session (c591432)
- admin-ui Add missing and revise portuguese and brazilian portuguese translations (#3002) (9b5911f), closes #3002
- admin-ui Fix overflow in channel assignment block (#2984) (0f8bdb5), closes #2984
- admin-ui Make sku optional in create-product-variant-dialog (#3007) (13fe069), closes #3007 #2999
- admin-ui Use correct 24hr format for locale in dates (#2972) (f078b41), closes #2972 #2970
- core Allow fulfillment creation with deleted product variants (#2982) (752c2b6), closes #2982 #2434
- core Fix EntityHydrator error on long table names (#2959) (bcfcf7d), closes #2959 #2899
- core Fix NaN error thrown when modifying pro-rated discounted OrderLine to 0 (#3009) (fa50770), closes #3009
- core Make firstName and lastName required in CreateCustomerAndUser method (#2996) (0d8054d), closes #2996
- core Resolve User.roles field in GraphQL APIs (#3011) (8f99b2d), closes #3011
- core Return type of collection breadcrumb was missing slug (#2960) (620eeb1), closes #2960
- create Dynamically find open port if 3000 in use (a40fbb1)
- create Fix typo (#2994) (999e89e), closes #2994
- create Update EmailPlugin config to use templateLoader API (6708440), closes #2981
- payments-plugin Fix Mollie not calling webhook on updated orders (#3014) (694845f), closes #3014 #2941
- payments-plugin Mollie - add missing request when settled amount is 0 (#2993) (afd6435), closes #2993
- core Improve hydrator performance for customFields (#2961) (f40761d), closes #2961
- core Refactor applyCollectionFiltersInternal method to improve performance (#2978) (6eeae1c), closes #2978
Note: the changes in this release are identical to v2.3.0.
- admin-ui Add support for tabs on custom UI routes (26b4ea5)
- admin-ui Enable useQuery hook to refetch on channel change (#2869) (3d516ea), closes #2869
- core Add RefundEvent & publish on Refund creation (#2832) (cb08427), closes #2832 #2830
- core Enable inherit resolvers from interfaces (#2800) (1069b3b), closes #2800
- core Make Refund process configurable (#2942) (c8f1d62), closes #2942
- core Publish event when OrderLine cancelled (#2829) (213a26b), closes #2829
- create Support SSL enforced PostgreSQL databases (#2905) (65b4f3c), closes #2905
- email-plugin Add support for computed email subject (#2863) (e546f24), closes #2863
- email-plugin Support dynamic globalTemplateVars (#2950) (cab67b6), closes #2950 #2933
- ui-devkit Support pnpm to build UI extensions (#2877) (37e6a35), closes #2877
- core Add usage check of nested custom property filters in ListQueryBuilder (#2939) (05cfc9d), closes #2939
- core Copy tax category on product duplication (#2947) (2f0521c), closes #2947
- core Update DefaultSearchPlugin indexer controller to avoid TypeORM memory leak (#2883) (ee2c177), closes #2883
BREAKING CHANGE: All core Vendure packages are now licensed under the GPL v3.0 license. See LICENSE.md and the License FAQ.
Changelogs for versions prior to v3.0.0 can be found in the CHANGELOG_v2.md and CHANGELOG_v1.md files.