Thelia Network
E-commerce solution

E-commerce software, useful to create and manage online stores, published under a free license. Discover our new version, based on many modern technologies !

Download Thelia
Business

A team of experts at your service.

Showcase

Over 7000 online stores powered by Thelia

Openstudio

Thelia editor.

Our Blog

Version 2.1.2 with security fix

The version 2.1.2 of Thelia was released and includes a security fix.

Simon Vieille from web&design has reported a XSS injection present in the BackOffice of Thelia (error.html template). This vulnaberability is present in version 2.1.0 and 2.1.1 but not version 2.0.*

Here is the complete changelog :

  • Add the possibility to delete a coupon from the backoffice.
  • module list is now reversed. Delivery modules appear first, then payment and finally classic modules.
  • display a loader when a module is uploaded
  • Change product prices export and import format to be compatible, now using product_sale_elements id as key to identify PSE.
  • Fix unused variable in Thelia\Controller\Api\CustomerController::getDeleteEvent
  • change default order for cart loop.
  • Add missing static keyword for Thelia\Core\HttpFoundation\JsonResponse::createError
  • Do not register previous url on XmlHttpRequest
  • Fix deploy image directory destination
  • Fix redirect response if a AuthenticationException is catched
  • Prevent XSS injection in error.html template
  • The hook method is now stored in the ignored_module_hook table
  • Allow to hardlink TinyMCE rather than symlink
  • Add bootstrap paths for thelia-project
  • Enlarge order dropdown menu to prevent wrapping in some languages
  • Fixed langugage when previewing e-mails

Download version 2.1.2

Drop a comment

Your email address will not be published. Required fields are marked *