Welcome to the June 2019 release of Saleor! Read on to learn about the newest changes!
Saleor has, to date, only supported tax calculations for the EU with Vatlayer. To support taxes in other countries, we're integrating the popular Avalara tool with Saleor in this release! With Avalara enabled and configured, you'll get proper tax calculations during the checkout process. Your orders will also be accessible in the Avalara admin panel.
Storing Credit Cards
We've improved the internal payment gateway interface, which now allows for storage and reuse of customers' payment sources, such as credit cards, if the gateway supports it. Additionally, we've implemented support in the Braintree gateway module and plan to add Stripe very soon.
Improved Vouchers Section
Good user experience is always one of our top priorities. We are constantly testing Saleor and decided that the Vouchers section was quite challenging to use, so we set about designing an interface that would make it easier for you to quickly create attractive sales offers for your customers. We have now gathered common settings into visual cards, which makes for a clean and intuitive UI.
CSRF Vulnerability Fix
This release fixes a security issue that was introduced in version 2.7.0. In that release, we made customizations to the Django middleware in order to disable some elements that were unnecessary for requests coming to the GraphQL API. Unfortunately, we inadvertently disabled CSRF protection for all POST requests coming to static Django views in Storefront 1.0 and Dashboard 1.0. An attacker could therefore send a request without the valid CSRF token, and the server would accept it. In this release, to close this loophole, we've reverted to the original middleware configuration. We felt that the performance gain was minimal and it wasn't a crucial feature for the system, so the original solution is acceptable.
The issue was introduced on 16 May, 2019: 94c0703
Affected versions: 2.7.0
All users of the affected version are encouraged to upgrade Saleor immediately.
- Fixed CSRF vulnerability introduced in Saleor 2.7.0 - CVE-2019-13594
- Avatax backend support - #4310 by @korycins
- Add ability to store used payment sources in gateways (first implemented in Braintree) - #4195 by @salwator
- Add ability to specify a minimal quantity of checkout items for a voucher - #4427 by @fowczarek
- Change the type of start and end date fields from Date to DateTime - #4293 by @fowczarek
- Revert the custom dynamic middlewares - #4452 by @NyanKiyoshi
- UX improvements in Vouchers section - #4362 by @benekex2
- Add company address configuration - #4432 by @benekex2
- Require name when saving a custom list filter - #4269 by @benekex2
tsconfig.jsonto simplify imports - #4372 by @dominik-zeglen
- Use hooks instead of a class component in forms - #4374 by @dominik-zeglen
- Drop CSRF token header from API client - #4357 by @dominik-zeglen
- Fix various bugs in the product section - #4429 by @dominik-zeglen
Other notable changes
- Fix error when creating a checkout with voucher code - #4292 by @NyanKiyoshi
- Fix error when users enter an invalid phone number in an address - #4404 by @NyanKiyoshi
- Fix error when adding a note to an anonymous order - #4319 by @NyanKiyoshi
- Fix gift card duplication error in the
populatedbscript - #4336 by @fowczarek
- Fix vouchers apply once per order - #4339 by @fowczarek
- Fix discount tests failing at random - #4401 by @korycins
VoucherType- #4344 by @fowczarek
- New translations:
This month we need to give 5,000 thanks
For those of you who are interested in contributing to the project, we prepared a bunch of issues labeled as help wanted. Don't worry if you don't fully understand the problem - our team will try to guide you and answer all your questions. Remember to check our channels on Gitter and Spectrum; they serve best if you have quick questions that don't require opening an issue on GitHub.
Make sure to check out the article about this release on our blog!