Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Update release notes with changes backported from master

  • Loading branch information...
commit 4387b5468090c760b43672d6454d0a1c536fd045 1 parent e108da7
@jonjensen jonjensen authored
Showing with 48 additions and 0 deletions.
  1. +48 −0 WHATSNEW-5.6
@@ -53,11 +53,38 @@ Core
should review any custom credit card encryption templates to make sure that
the CVV2 is not included, and purge it from any historical data.
+* Fixed rare bug that caused requests to / URL with a query string to fail.
+* Correct .access functionality directly in pages/
+ .access worked in subdirectories like pages/abc/, but didn't work directly
+ under pages/. Instead of looking for pages/.access, it was looking for
+ pages/PAGENAME/.access
+* Fix catalog name not appearing in DebugTemplate output.
+* Fix bug which prevented custom widget type from working. Found by Jeff Boes.
+* Remove CVV2/CSC from default credit card encrypted block template for
+ PCI-DSS compliance.
+* Require Digest::SHA1 module in the sha1 filter.
+* Abort daemon startup when required module is missing and clean up error output.
+* Don't ignore case of passed options to compile_link.
+* Fix problem restarting daemon in PreFork mode.
* Made [email] process cc and bcc options for plain text emails (#250).
+* Updated usps-query tag with country map and latest shipmodes. By Josh Lavin.
+* Fix omission of media type in <link> output. By Thomas J.M. Burton.
@@ -65,6 +92,9 @@ UI
* Fix broken form action quoting. Thanks to Richard Templet <>.
+* Add framekiller for clickjacking defense in template. Probably we are
+ unlikely to have problems in the standard template, but you never know.
@@ -78,6 +108,24 @@ Standard demo
* Fix cross site scripting error found by Josh Lavin of Perusion.
+* Fix default shipmode on admin/entry page.
+* Make forum only available for logged-in users, as spammers are exploiting it
+ constantly.
+* Prevent an incomprehensible error when following an order link that was
+ created on an mv_tmp_session page or other non-connecting session.
+* Avoid possible problem with read-only variable table by using @@MV_PAGE@@
+ instead of @_MV_PAGE_@
+* Removed javascript that submits the form if the user changes his
+ email preferences. By René Hertell.
+* Corrected min/max username length.
+* Correct update of saved company value for shipping address.
Please sign in to comment.
Something went wrong with that request. Please try again.