On 08.06, a new update package for Shopware 5 with version number 5.6.7 was published. This was a minor release which means that new functionality/fixes were applied without breaking backward compatibility.
This update contains bug fixes and new features. It also contains security update, which could close security hole mentioned in “SW-25409: Daten eines anderen Kunden im Blog-Kommentar sichtbar”. This issue has “moderate ” level of danger, which is why it is highly recommended to do the update so that system security is guaranteed.
Clients & Libs Updates
First things to notice are updates of some npm packages (SW-25295) and one of the main UI libraries - jQuery (SW-25393). As js libraries are evolving very fast and get frequent updates, it is important to keep their versions up to date, which is what these two updates help you with.
Other significant change is SW-25361, which allows having zend clients for websites that use HTTP/2 protocol. Previously trying to do so would fail because of outdated regex check.
In every update it is useful to take a look at those changes that got the most votes from community. In this specific update, following are some of the top-voted issues.
First important change is SW-25157 that fixes legal issue introduced by SW-24486. Previous solution was contradicting to geoblocking regulation by not allowing user to set any country in “Change address” section of checkout process, in case his invoice country has delivery possibility. With the new change a switch was introduced to turn off this logic and allow selecting any country independent of invoice country.
Next popular change is SW-25137, which fixes some issues with using “honeypot” captcha variant. Now captcha variations are working on all the pages (including contact form page).
Another highly expected change was done in SW-25264. From now on setting “0” as default value for checkboxes in “Shopping worlds” will not be interpreted as “true” anymore which was looking illogical.
Some installations have different mailing settings (e.g. smpt host) per subshop. Until SW-25377 was introduced, main shop mailer settings were used for sending email in subshops as well.
Also many of the highly-voted tasks related to the processing of caches, cookies and urls resolving were solved in this release. Let's look at them by category.
Cache/performance related issues
The most voted performance-related issue is SW-24877. It describes problem with huge loading time of search pages when “Html minification” is turned on. Default value of “false” was set for this setting as a way to mitigate this issue.
Cache-related issues were fixed in scope of SW-25223 and SW-25265. Cache deletion issue in Doctrine adapter and non-unique trackingUniqueId issue will not bother you after the update.
Cronjob & exports improvements
Following changesets have fixed some issues in another core part of shopware - cronjobs and exports.
In SW-25357 product export cronjob was fixed to use cached values if they are applicable (based on “interval” settings of the feed).
Additionally to that, with help of SW-25373 date fields for export are now properly parsed from strings based on ISO_8601. This change unifies the way date is parsed, making sure that for example 1st of April is not parsed as 4th of January.
SW-25374 introduced two new global events for when cronjob is finished (successfully or with an error). Now you can add handlers for these events in a generic way and get notified for each or all cronjobs.
With SW-25421 customer group id is now used instead of key during product export. This fixes problem when no customer group is selected in export settings.
Cookies handling, which is a core part of any website, also had some changes in this update. One of the previous updates caused an issue with technical cookies acceptance checkbox not being marked in ui even after "Accept all" was clicked. This is now fixed with changeset SW-25290.
Transferring cookies should always be done in secure way. SW-25066 changeset fixed one of such issues by properly setting "secure" attribute of any cookie, so that it is shared only via https, if the request was done with https. With SW-25067 shopware login token was set to HttpOnly, which makes it inaccessible by JS, guaranteeing higher level of security. Both of these changes are very important to guarantee safety of your shop users and lower chances of "man-in-the-middle" attacks.
An automatic page reload was introduced with SW-25236 when partner cookie is set via "Cookie Consent Tool". This makes user experience smooth and removes some misunderstandings.
URLs & Routing related changes
Some technical issues with routing were fixed in this update as well. Previously in case of shopware set up behind reverse proxy like nginx, downloading order pdfs from admin did not work due to it’s url not treated as controller action. This issue was fixed via SW-25299 by adding trailing slash into the url.
SW-25132 fixed an issue when X_FORWARDED_HOST was not sent properly in case of shop without path that is accessed through virtual url. SW-24973 did fix an important seo-related issue with non-seo urls not being set into hreflang. In the given example not all articles had seo url as many of them shared their name and could not be uniquely identified through it.
Rather confusing issue with admin user session getting invalidated when plugin icon is accessed was fixed in SW-25095. This issue was happening with shops set up through composer.
Filtering properly and covering all the case is often a complex task. Latest update made user’s life easier by fixing/extending existing filters in admin and user areas.
SW-25253 fixed issue with filtering by customer groups and shops not being properly applied in order list admin page.
Issue with full article description shown in listing instead of short one even with useShortDescriptionInListing set to true is now fixed with SW-25300. This was done by moving description cutting logic into a more appropriate and common place.
SW-25318 introduced a new way to filter orders - by it’s supplier additionally to existing search by article number.
Annoying issue with filtering by payment method was fixed by SW-25281. Filtering itself did already work but payment method select item did not show selected value as active, which was confusing for the users.
SW-25216 introduced a very nice feature which allows searching for log files by their name in backend which simplifies errors investigations and other logging-related activities.
Widgets in admin UI allow having a quick and nice overview of different statistics and activities. This update contains fixes 2 bugs that affected their behavior and looks. In particular an error when removing an already removed widget was fixed. Other than that now when customer changes his data (like firstname or lastname), new values will be properly displayed in “last orders” widget. Additionally to that all orders of the user will be displayed with new values.
In addition to the visual change in backend SW-25309 - border removed from iFrame, which was necessary for a more modern look of backend ui, some changes related to blocks and translations were also made.
Changes in Blocks
Block “frontend_detail_index_similar_slider_content” in “ related.tpl ” template was renamed to “frontend_detail_index_related_slider_content” for avoiding conflict with block having the same name in “similar.tpl” template. Similar change was also done for “frontend_listing_box_article_badges” block by renaming it to avoid content being displayed twice when extending the product box.
Translation related changes
Translations also incurred some improvements in this update. For example, now it is possible to localize combobox attribute values. Problem with duplicating translations when copying emotion element is now fixed as well. Now the shop will become more international and working with it will be even easier.
As you can see, Shopware is not standing at same place, continues developing to ensure more quality and possibilities with new updates. Considering the fact that this release had security updates, it is highly recommended to update to the latest version of Shopware (5.6.7) so that system is protected. But if it is not possible for some reason, Shopware Security-Plugin could be used. It can be downloaded from store or installed using the Plugin Manager. If you already use this plugin, simply update it to the latest version.
Wir sind eine Digital- & E-Commerce Agentur mit einem hochqualifizierten Expertenteam. Wir entwickeln auch für Sie und Ihr Unternehmen den passenden und effektiven digitalen Weg und stehen Ihnen als Ihr Partner bei der Digitalisierung zur Seite.
Bereits zahlreiche Kunden aus ganz Deutschland werden von uns unterstützt, schenken uns Ihr Vertrauen und lassen Sich von neuesten Technologien sowie modernstem Know-How & Lösungen täglich begeistern.
Wir sind eine qualifizierte und erfahrene Contentful- und Shopware Partner Agentur, sowie Partner von Facebook, Google und vielen weiteren. Kurz gefasst: Digitale Lösungen sind unsere Stärke - Lassen Sie uns gemeinsam digital überzeugen!