v20.10.1
Security fixes
- CVE-2024-41676 - GHSA-5vrp-638w-p8m2 Stored XSS in admin system configs
What's Changed
- Fixed null parameter warning in Mage_Wishlist_Block_Abstract by @addison74 in #4068
- Fixed null parameter warning in Mage_Shipping_Model_Resource_Carrier_Tablerate by @addison74 in #4073
- Updated TinyMCE to 6.8.4 by @fballiano in #4084
- fix codestyle - empty line by @Flyingmana in #4112
- Fixed UI bug in Newsletter Templates backend page, filters not saved in session by @eneiasramos in #4077
- Added check for isModuleOutputEnabled('Mage_Review') in customer's backend page by @eneiasramos in #4075
- Fixed null parameter warning in Mage_Wishlist_Controller_Abstract::allcartAction() by @addison74 in #4083
- Fixed null parameter warning in Mage_ImportExport_Model_Import_Entity_Product::_filterRowData() by @addison74 in #4086
- Fixed invisible configuration values in backend by @fballiano in #4085
- Added hadling of allowed_extensions for file uploads in backend's configuration section by @eneiasramos in #4078
- Backend: Improved "copy button" style in legacy admin theme by @ma4nn in #4072
- Missing translations in Mage_Sales.csv by @addison74 in #4110
Full Changelog: v20.10.0...v20.10.1