5.5.3

• Added craft\commerce\models\LineItemStatus::getDisplayName().
• Fixed a bug where Orders tables on user edit pages were showing an incorrect column heading.
• Fixed a bug where product selector modals didn’t have “Add a product” buttons. (#4205)
• Fixed a bug where order status and line item status names weren’t translatable. (#4213)
• Fixed a bug where it wasn’t possible to change a variant’s shipping category.
• Fixed an error that occurred when adjusting inventory levels with an adjustment of zero. (#4212)
• Fixed a SQL error that could occur when querying variants on PostgreSQL. (#4210)
• Fixed an error that could occur when merging canonical product changes into a draft. (#4199)
• Fixed a bug where variants weren’t being marked as modified when variants were added, deleted, or reordered. (#4222)
• Fixed high-severity SQL injection vulnerabilities in the control panel. (GHSA-j3x5-mghf-xvfw, GHSA-pmgj-gmm4-jh6j)
• Fixed a high-severity XSS vulnerability in the control panel. (GHSA-cfpv-rmpf-f624)
• Fixed low-severity XSS vulnerabilities in the control panel. (GHSA-mqxf-2998-c6cp, GHSA-wj89-2385-gpx3, GHSA-mj32-r678-7mvp)

4.10.2

• Fixed a bug where Orders tables on user edit pages were showing an incorrect column heading.
• Fixed a high-severity SQL injection vulnerability in the control panel. (GHSA-j3x5-mghf-xvfw)
• Fixed low-severity XSS vulnerabilities in the control panel. (GHSA-mqxf-2998-c6cp, GHSA-mj32-r678-7mvp)

5.5.2

• Improved transaction refund amount validation.
• Fixed a bug where settings were being saved to the project config incorrectly. (#4006)
• Fixed a PHP error that could occur when saving a shipping rule. (#4134)
• Fixed a bug where the “New Customers” widget was counting all customers with orders in the date range, rather than only customers whose first order was in the date range.
• Fixed XSS vulnerabilities. (GHSA-w8gw-qm8p-j9j3, GHSA-h9r9-2pxg-cx9m, GHSA-g92v-wpv7-6w22, GHSA-p6w8-q63m-72c8, GHSA-wqc5-485v-3hqh, GHSA-v585-mf6r-rqrc, GHSA-frj9-9rwc-pw9j, GHSA-8478-rmjg-mjj5, GHSA-2h2m-v2mg-656c, GHSA-wq2m-r96q-crrf)

4.10.1

• Fixed a bug where settings were being saved to the project config incorrectly. (#4006)
• Fixed a PHP error that could occur when saving a shipping rule. (#4134)
• Fixed a bug where the “New Customers” widget was counting all customers with orders in the date range, rather than only customers whose first order was in the date range.
• Fixed XSS vulnerabilities. (GHSA-w8gw-qm8p-j9j3, GHSA-h9r9-2pxg-cx9m, GHSA-g92v-wpv7-6w22, GHSA-p6w8-q63m-72c8, GHSA-wqc5-485v-3hqh, GHSA-v585-mf6r-rqrc, GHSA-frj9-9rwc-pw9j, GHSA-8478-rmjg-mjj5, GHSA-2h2m-v2mg-656c, GHSA-wq2m-r96q-crrf)

5.5.1

• Added craft\commerce\models\CatalogPricingRule::afterPreparePurchasableQuery().
• Fixed a bug where tax and shipping categories weren’t getting saved from the Edit variant screen. (#4180)
• Fixed a bug where newly-created variants weren’t visible on product edit screens.
• Fixed a SQL error that could occur when viewing product indexes.
• Fixed a PHP error that could occur when applying project config changes after updating. (#4185)
• Fixed a bug where an order’s origin could be set incorrectly if it was created in the control panel.
• Fixed a bug where order edit screens weren’t formatting prices using the user’s preferred formatting locale.
• Fixed a SQL error that could occur when generating the pricing catalog. (#4175)

5.5.0.1

• Fixed an error that could occur when querying for products via GraphQL. (#4122)

5.5.0

Store Management

• Added the ability to suppress order emails when marking an order as complete in the control panel. (#4144)
• PDF download URLs are now generated with time-limited security tokens.
• Anonymous users attempting to download a PDF with an expired or missing token are now shown an email verification form.
• Added a new system message for customizing PDF download emails.
• Added the ability to select multiple products in variant conditions. (#4166)
• Added the ability to select multiple variants in pricing rules’ “Match Variant” conditions. (#4167)
• Added the ability to select multiple users in pricing rules’ “Match Customer” conditions. (#4167)

Administration

• Added billing and shipping address conditions to payment gateways. (#4100)
• Added preview targets for products. (#4128)
• Added slug translation options to product types. (#4088)
• Gateway condition rules now allow multiple gateways to be selected. (#4112)
• Product action menus now have a “Product type settings” action, for admin users on environments that allow admin changes. (#4157)
• Added the “Link Duration” setting to PDF settings.

Development

• Orders now have a dateFirstPaid property that records the date and time when the order was first paid in full.
• Improved product and variant query performance.
• Improved the performance of retrieving a line item’s catalog pricing rule ID.
• Added the children, parent, ancestors and descendants fields to products’ GraphQL data. (#4122)
• Added the productStatus variant query param. (#4158)
• Added the productStatus GraphQL variant query argument. (#4158)
• Added the --force option to the commerce/reset-data command. (#4115)

Extensibility

• Added craft\commerce\controllers\BaseStoreManagementController::asStoreManagementCpScreen().
• Added craft\commerce\controllers\DownloadsController::actionEmailChallenge().
• Added craft\commerce\controllers\DownloadsController::actionPdfChallenge().
• Added craft\commerce\controllers\DownloadsController::actionPdfSent().
• Added craft\commerce\elements\Order::$dateFirstPaid.
• Added craft\commerce\elements\Order::getMaskedEmail().
• Added craft\commerce\elements\conditions\customers\CatalogPricingRuleCustomerConditionRule.
• Added craft\commerce\elements\conditions\variants\CatalogPricingRuleVariantConditionRule.
• Added craft\commerce\elements\conditions\variants\VariantConditionRule.
• Added craft\commerce\elements\db\OrderQuery::$dateFirstPaid.
• Added craft\commerce\elements\db\OrderQuery::dateFirstPaid().
• Added craft\commerce\events\InventoryMovementEvent. (#4063)
• Added craft\commerce\events\UpdateInventoryLevelEvent. (#4063)
• Added craft\commerce\helpers\Cp::shippingCategoryFieldHtml().
• Added craft\commerce\helpers\Cp::shippingMethodFieldHtml().
• Added craft\commerce\helpers\Cp::shippingZoneFieldHtml().
• Added craft\commerce\helpers\Cp::taxCategoryFieldHtml().
• Added craft\commerce\helpers\Cp::taxZoneFieldHtml().
• Added craft\commerce\helpers\Gql::getSchemaContainedProductTypes().
• Added craft\commerce\helpers\ProductQuery.
• Added craft\commerce\models\Email::$renderSiteId.
• Added craft\commerce\models\Email::getRenderSite().
• Added craft\commerce\models\Pdf::$linkExpiry.
• Added craft\commerce\queue\jobs\ResaveProductVariants.
• Added craft\commerce\records\Email::$renderSiteId.
• Added craft\commerce\records\Order::$dateFirstPaid.
• Added craft\commerce\services\CatalogPricingRules::hasCatalogPricingRules().
• Added craft\commerce\services\Discounts::appendCouponCode(). (#4084)
• Added craft\commerce\services\Inventory::EVENT_AFTER_EXECUTE_INVENTORY_MOVEMENT. (#3835)
• Added craft\commerce\services\Inventory::EVENT_AFTER_EXECUTE_UPDATE_INVENTORY_LEVEL. (#3835)
• Added craft\commerce\services\Pdfs::getPdfUrl() now generates secure tokenized URLs with expiry timestamps.

System

• Fixed a bug where purchasables could have a shipping category that was no longer available to their product type. (#4018)
• Fixed a bug where order emails weren’t always getting rendered for the correct site.
• Fixed a bug where variant titles were being incorrectly generated for draft products. (#4173, #4126)
• Fixed a PHP error that occurred when retrieving an order that referenced an archived payment gateway. (#4172)
• Fixed a bug where variants with inactive products were being returned in GraphQL variant queries. (#4158)

4.10.0

Store Management

• PDF download URLs are now generated with time-limited security tokens.
• Anonymous users attempting to download a PDF with an expired or missing token are now shown an email verification form.
• Added a new system message for customizing PDF download emails.

Administration

• Added the “Link Duration” setting to PDF settings.

Extensibility

• Added craft\commerce\controllers\DownloadsController::actionEmailChallenge().
• Added craft\commerce\controllers\DownloadsController::actionPdfChallenge().
• Added craft\commerce\controllers\DownloadsController::actionPdfSent().
• Added craft\commerce\elements\Order::getMaskedEmail().
• Added craft\commerce\models\Pdf::$linkExpiry.
• Added craft\commerce\services\Pdfs::getPdfUrl() now generates secure tokenized URLs with expiry timestamps.

5.4.10

• Fixed a SQL error that could occur when viewing unfulfilled orders on PostgreSQL. (#4171)
• Fixed a bug where duplicate pricing catalog jobs could be queued. (#4136)
• Fixed a bug where the commerce_catalogpricing table could be missing indexes. (#4160)
• Deprecated craft\commerce\services\CatalogPricing::afterSavePurchasableHandler().

5.4.9

• Fixed a bug where line items could display values in the wrong currency on Edit Order pages. (#4147)
• Fixed a PHP error that could occur when saving a discount. (#4146, #4059)
• Fixed a PHP error that occurred when applying project config changes after adding a new site.