Upgrade now

v6.5.8.19 Security relevant 1d

Twig security update

Open

Review required

v6.7.10.2 Mixed 2d

Dependencies

System reqs, export fix, dependency upgrade

Open

Upgrade now

v6.6.10.18 Security relevant 15d

Auth RBAC

Security fixes

Open

Upgrade now

v6.7.10.1 Breaking risk 15d

Auth RBAC RCE / SSRF

System requirements + SVG upload hardening

Open

v6.6.10.17 Bug fix 27d

Fixed cart clearing, tax calculation for free products due to promotions, and rounding issues in price calculations.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.10.0 Breaking risk 28d

⚠ Upgrade required

The product indexer is automatically queued during upgrade; no manual migration script is required beyond the deferred indexing pass.
If custom code accesses `product.display_group`, update it to handle 64‑character SHA-256 values and the new column definition.

Breaking changes

The `display_group` column on the `product` entity is now computed with SHA-256 (64‑hex characters) and stored in a widened `VARCHAR(64)` column; previously it used MD5 (32‑character).
Integrations or plugins that assume a 32‑character hash, compare against old MD5 values, or rely on the original column width must be updated.

Notable features

Agentic Commerce sales channel (experimental) with OpenAI Merchant Center integration for AI‑powered product feed exports.
Per-user and per‑IP rate limiters added to login and OAuth token endpoints via `shopware.api.rate_limiter` config.
Price schemas now describe percentage, list price, and regulation price fields in Admin and Store APIs.

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Features

[Experimental] Agentic Commerce sales channel

A new "Agentic Commerce" sales channel type is available in this release.
The OpenAI Merchant Center integration is the first supported provider for AI-powered product feed exports.
The Administration includes dedicated views for configuration, product mapping, and usage insights.

API

Per-user and per-IP rate limiters for login and OAuth

The login and OAuth token endpoints now support optional per user (login_user, oauth_user) and per IP (login_client, oauth_client) rate limiters, in addition to the existing combined user and IP limiter.
These are optional and can be enabled via shopware.api.rate_limiter in shopware.yaml.

`Price` schemas now describe percentage and reference price fields

The generated Admin API and Store API Price schemas now include property descriptions for percentage, listPrice, regulationPrice, and their nested values.
This improves the generated OpenAPI and Stoplight documentation for integrations that inspect raw price payloads and need to distinguish between the current price, list price, discount percentage, and regulation price fields.

Core

Product `display_group` values use SHA-256

The display_group field on the product entity (available via the Admin API and Store API) is now computed with SHA-256 for variant listing instead of MD5.
Stored values are 64 hexadecimal characters instead of 32. The database column was widened to VARCHAR(64).

A migration registers the product indexer so that only the variant listing updater (product.variant-listing, the step that maintains display_group) is queued.
That pass runs with the usual deferred indexing after an update or installation finishes, not inside the migration.
If your integration or plugin assumes a 32-character display_group, compares against previously stored MD5 values, or relies on custom SQL with the old column width, update it to accept 64-character hashes and the new column definition.

"Find best variant setting" is now applied for storefront filtering

Users can now control which representative of variant products is shown in filtered listings via the Product settings "Preview best matching variant in search results and filtered listings".

Deprecation of `permisionsLocked` property of `SalesChannelContext`

The permisionsLocked property of the SalesChannelContext is deprecated.
Use permissionsLocked property or the new SalesChannelContext::isPermissionsLocked() getter method instead.

Salutation ordering

A new position column was added to the salutation entity so merchants can control the order in which salutations appear in forms (registration, address, checkout, and CMS forms).
Salutations are sorted ascending, meaning lower values appear first.

This replaces the previous alphabetical sorting.
Default salutations (not_specified, mrs, mr) are migrated automatically to positions 1, 2, and 3.
Custom salutations keep the default value of 100 - review them in Administration → Settings → Shop → Salutations after upgrading and assign explicit positions, otherwise they will appear grouped together at the end.

Deprecated non-used `MAIL_TEMPLATE_SALES_CHANNEL_*_EVENT` constants

Deprecated the constants Shopware\Core\Content\MailTemplate\MAIL_TEMPLATE_SALES_CHANNEL_{WRITTEN,DELETED,LOADED,SEARCH_RESULT_LOADED,AGGREGATION_LOADED,ID_SEARCH_RESULT_LOADED}_EVENT as the entity has been removed with Shopware 6.5 and the events were not fired anymore.

JSONL product export format

Product exports now support ProductExportEntity::FILE_FORMAT_JSONL as a third file format.

[Experimental] Agentic Commerce product export provider abstraction

The new AbstractAgenticCommerceProductExportProvider can be used to implement custom Agentic Commerce export providers.

Administration

[Internal] Twig to Native Block Runtime Adapter

A runtime adapter has been added that bridges legacy Twig block overrides ({% block %} / {% parent %}) with the new native <sw-block> / <sw-block-parent /> system. When core components migrate from .html.twig blocks to <sw-block name="...">, existing plugin overrides continue to work automatically. A deprecation warning is emitted to guide plugin developers toward the new native syntax.

Fixed mixin-based route guards for lazy-loaded administration routes

Mixin-defined route guards such as beforeRouteLeave are now executed reliably for lazy-loaded Administration route components.
This fixes cases where cleanup logic in shared mixins, for example in listing pages, was skipped during navigation to detail pages.

Re-render iframe integrations when location changes

Iframe-based Administration extensions now re-render correctly when their locationId changes.
This fixes stale iframe content when switching locations in Meteor Admin SDK integrations and also prevents unnecessary full-page reloads.

Internal comments visible in the order list

The Administration order list now shows internal order comments via a dedicated tooltip icon.
This helps merchants spot internal notes directly from the list view without opening the order detail page.

[Experimental] Agentic Commerce sales channel views and tracking entities

New Agentic Commerce sales channels types can be created.
These sales channels have dedicated configuration options in the administration for property mapping, and usage insights.
New entities for monitoring orders and customers for Agentic Commerce sales channels are included.

Storefront

Order cancellation only shown for open orders

The account order cancellation action is now only shown for orders in state open.
This prevents customers from being offered an invalid cancel action for completed orders.

Earlier focus for cookie bar

To improve the accessibility of the cookie bar, it receives automatic focus when it is shown.
This improves discoverability for screenreader and keyboard users.
A new option autoFocus (default: true) was added to the cookie-permission.html.twig template and CookiePermissionPlugin.

In addition to this the cookie bar will be moved to the top of the body element.

Deprecated block position of base_cookie_permission Cookie permission bar will be moved to top of the body element.

Live purchase limits for closeout products on the product detail page

The buy-widget quantity selector now fetches live minPurchase, purchaseSteps, and maxPurchase values for closeout products (internally uses new Store API endpoint GET /store-api/product/purchase-limit) on first user interaction (focus or click).
This ensures the selector reflects actual stock even when the PDP HTML is served from HTTP cache.

The fetch is triggered by the QuantitySelectorPlugin when a purchaseLimitUrl option is set on the quantity selector element.
This is injected via data-quantity-selector-options by buy-widget-form.html.twig for closeout products.
If you override buy_widget_buy_container or related blocks in buy-widget-form.html.twig,
preserve the data-quantity-selector-options attribute with a purchaseLimitUrl key and the js-quantity-stock-adjusted-template <template> element to use this functionality.

GLTF Animations

User are now able to play animations from their 3D models in the Storefront.
Simply upload a model with one or multiple animations baked into the file, bind the file to a product, and display it in the Storefront.

Show child line items if available

New block component_line_item_type_product_children added to template storefront/component/line-item/type/product.html.twig to display child line items if available

App System

App requirements validation

Apps can now declare requirements in their manifest via a new <requirements> element.
Requirements are validated during app installation and updates in production.
If a requirement is not met, the process fails with FRAMEWORK__APP_REQUIREMENTS_NOT_MET and an actionable message.

The first introduced requirement, <public-access/>, verifies that APP_URL uses HTTPS, does not point to an IP or reserved/local development host, and that /api/_info/health-check returns HTTP 200 when called from the Shopware server.
This helps catch misconfigurations before apps that rely on webhooks or other external communication fail silently.

<requirements>
    <public-access/>
</requirements>

Unknown requirements are ignored and logged as warnings.

Hosting & Configuration

Possibility to disable product search keyword indexing

The new configuration key shopware.product.search_keyword.indexing can be used to disable the product search keyword indexing.
This is helpful for stores that do not require search keywords and want to avoid the overhead of maintaining those indices while still having basic search functionality or using third-party search solutions.

What's Changed

fix: only show order cancellation for open orders by @mstegmeyer in https://github.com/shopware/shopware/pull/15833
feat: allow disable SearchKeywordUpdater by @vienthuong in https://github.com/shopware/shopware/pull/15475
fix: variable dropdown missing in SEO template configuration by @sydinh in https://github.com/shopware/shopware/pull/15785
fix: remove dependency on maltyxx/images-generator by @shyim in https://github.com/shopware/shopware/pull/15842
fix: allow extending validationMessages before form-validation-config by @mvanhorn in https://github.com/shopware/shopware/pull/15829
feat: separate identify from login event by @adrianles in https://github.com/shopware/shopware/pull/15783
feat: gltf animations by @feliopterix in https://github.com/shopware/shopware/pull/15766
fix: dynamic product groups by @nguyenytran in https://github.com/shopware/shopware/pull/15604
feat: Add choices to product visibility property by @mitelg in https://github.com/shopware/shopware/pull/15866
feat: use real max order values on cached product detail pages by @h1k3r in https://github.com/shopware/shopware/pull/15376
fix: change parsing of Flow Action Parameter by @DennisGarding in https://github.com/shopware/shopware/pull/15813
fix: criteria should not be solved twice when loading via product search route by @vienthuong in https://github.com/shopware/shopware/pull/15814
fix: Profile file import by @DennisGarding in https://github.com/shopware/shopware/pull/15864
feat: show error state in loading spinner in admin by @gweiermann in https://github.com/shopware/shopware/pull/14895
fix: UpdatedByField and CreatedByField with incorrect write scopes by @mstegmeyer in https://github.com/shopware/shopware/pull/15903
fix: Improve error message if clipboard functionality is not available by @mitelg in https://github.com/shopware/shopware/pull/15890
feat: add app requirements rules logic by @Gaitholabi in https://github.com/shopware/shopware/pull/12331
feat: consent revisions by @AydinHassan in https://github.com/shopware/shopware/pull/14899
fix: unskip tests by @hienha-sw in https://github.com/shopware/shopware/pull/15326
feat: add open graph field for the product object by @mdanilowicz in https://github.com/shopware/shopware/pull/15605
fix: product category filter now reflects products from DPG by @sydinh in https://github.com/shopware/shopware/pull/15850
feat: Agentic product feed by @MartinKrzykawski in https://github.com/shopware/shopware/pull/15550
feat: add WasModifiedByUserField for DAL entities by @shyim in https://github.com/shopware/shopware/pull/15747
feat(dal): add maxLength support to attribute entity fields by @SpiGAndromeda in https://github.com/shopware/shopware/pull/15872
feat: add-docs-reference-command by @Isengo1989 in https://github.com/shopware/shopware/pull/14311
fix: bulk edit list price or cheapest price not possible without also checking base price checkbox by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15455
fix: tax calculation for bulk edit price when not set by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15784
fix: limit on customer address select by @mstegmeyer in https://github.com/shopware/shopware/pull/15953
fix(storefront-css): large css selectors due to extend rows by @tobiasberge in https://github.com/shopware/shopware/pull/15874
perf: skip unnecessary HTML escaping for UUIDs and integers in navbar by @shyim in https://github.com/shopware/shopware/pull/15954
fix: hide clearable button in config select fields if they are required by @davidtraum in https://github.com/shopware/shopware/pull/15663
refactor: make sw-entity-multi-id-select handle null value by @gweiermann in https://github.com/shopware/shopware/pull/15565
fix: savepoint errors during queue processing by @h1k3r in https://github.com/shopware/shopware/pull/15912
fix: saleschannel low limit on number range configuration by @h1k3r in https://github.com/shopware/shopware/pull/15923
fix: also translate options for condition multi-select fields by @teunkoster in https://github.com/shopware/shopware/pull/15854
fix: rerender iframe when changing locationId in admin extensions by @gweiermann in https://github.com/shopware/shopware/pull/15930
fix(storefront): sync search widget aria references by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15963
fix: npm audit vulnerabilities by @adrianles in https://github.com/shopware/shopware/pull/15996
fix: move primaryImageOfPage to WebPage scope for correct Google imag… by @taltholtmann in https://github.com/shopware/shopware/pull/15810
fix(cms): restore product slider settings text alignment (#15027) by @taltholtmann in https://github.com/shopware/shopware/pull/15974
fix(cms): add missing video play button asset to storefront (#15385) by @taltholtmann in https://github.com/shopware/shopware/pull/15982
fix: (build performance) Added sass-embedded for faster SCSS compilation. by @jellesiderius in https://github.com/shopware/shopware/pull/14958
feat: provider agnostic product analytics by @bubleg in https://github.com/shopware/shopware/pull/15933
fix: querySelector returns null when no element is found and not false by @alexdumea in https://github.com/shopware/shopware/pull/16021
fix: Adapt translation to include agentic commerce by @alexdumea in https://github.com/shopware/shopware/pull/16020
feat: Disallow usage of empty by @mitelg in https://github.com/shopware/shopware/pull/13986
fix: checkout customer comment storage by @Aliaaaam in https://github.com/shopware/shopware/pull/16006
fix: web installer db autofill from env by @umutdogan4291 in https://github.com/shopware/shopware/pull/15877
fix: ignore missing storefront captcha from deactivated plugins by @umutdogan4291 in https://github.com/shopware/shopware/pull/15929
fix: dynamic product groups broken with safari by @nguyenytran in https://github.com/shopware/shopware/pull/15793
refactor: move webhooks request sending into a central place by @Gaitholabi in https://github.com/shopware/shopware/pull/15909
fix: Add regular-user icon to user media folder by @alexdumea in https://github.com/shopware/shopware/pull/16024
fix: Template select display for product comparison and commerce sale… by @alexdumea in https://github.com/shopware/shopware/pull/15969
fix: set noindex on full cms page by @lacknere in https://github.com/shopware/shopware/pull/16013
fix: Elasticsearch product search can fail with a 500 when a boolean custom field is configured as searchable and the search term is plain text by @tamvt in https://github.com/shopware/shopware/pull/15941
fix: upsize order create modal in admin for better visibility of info… by @Berkantdoku in https://github.com/shopware/shopware/pull/16046
feat: show internal comment tooltip in order list by @MelvinAchterhuis in https://github.com/shopware/shopware/pull/9536
fix: enhance styling for updates wizard and changelog components by @BrocksiNet in https://github.com/shopware/shopware/pull/16016
fix: use schema depth in buy widget by @vienthuong in https://github.com/shopware/shopware/pull/15947
fix: Wrong amount of paginations on category listing with OpenSearch enabled by @tamvt in https://github.com/shopware/shopware/pull/15875
fix: preserve sw_page_full_path from navigation target in page_change events by @bubleg in https://github.com/shopware/shopware/pull/16060
fix: prevent duplicate cross-selling assignments by @vienthuong in https://github.com/shopware/shopware/pull/15949
fix: Reset domain field if storefront sales channel is changed by @alexdumea in https://github.com/shopware/shopware/pull/16040
fix: reindex sales channel theme names for document rendering by @umutdogan4291 in https://github.com/shopware/shopware/pull/15920
fix: CMS content language inheritance by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16026
fix: ACL permission errors for agentic commerce insights tab (#16039) by @taltholtmann in https://github.com/shopware/shopware/pull/16051
fix: align translation icon in sw-snippet-field with meteor component… by @taltholtmann in https://github.com/shopware/shopware/pull/16035
fix: respect main variant that chose in the storefront presentation by @rittou in https://github.com/shopware/shopware/pull/15844
fix: detail-properties table not using $sw-text-color by @Mugentoki in https://github.com/shopware/shopware/pull/13588
fix(administration): preserve admin search term on module switch by @vienthuong in https://github.com/shopware/shopware/pull/15952
fix(inventory): hide empty configurator groups by @vienthuong in https://github.com/shopware/shopware/pull/15951
fix: adding distuingashableName to the payment method search in sales… by @Berkantdoku in https://github.com/shopware/shopware/pull/16033
fix: missing spacer reset on breakpoing lg by @tobiasberge in https://github.com/shopware/shopware/pull/16045
feat: replace legacy SQL hash functions with SHA2 by @BrocksiNet in https://github.com/shopware/shopware/pull/15990
fix: reset property option selection after delete by @vienthuong in https://github.com/shopware/shopware/pull/15934
feat: add support for rendering line item children in product component by @tschaefermedia in https://github.com/shopware/shopware/pull/8774
fix: large export file download for SaaS by @DennisGarding in https://github.com/shopware/shopware/pull/16061
fix: use scss for search close btn by @tobiasberge in https://github.com/shopware/shopware/pull/16110
fix: plugins fallback to bare language by @dgrothaus-sw in https://github.com/shopware/shopware/pull/16066
feat: enhance gallery slider with lazy loading and thumbnail height by @BrocksiNet in https://github.com/shopware/shopware/pull/15876
fix: improve buy box screen reader accessibility by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15962
fix: date range condition timezone subtraction by @CR0YD in https://github.com/shopware/shopware/pull/16023
fix: order document link availability after customer deletion by @CR0YD in https://github.com/shopware/shopware/pull/16036
fix: harden revocation ats by @larskemper in https://github.com/shopware/shopware/pull/16041
fix: missing attachements on document email by @CR0YD in https://github.com/shopware/shopware/pull/16071
fix: upgrade axios dependency to version 1.15 by @davidtraum in https://github.com/shopware/shopware/pull/16114
fix: property typo in SalesChannelContext by @lacknere in https://github.com/shopware/shopware/pull/16115
fix: batch media uploads to prevent browser and server overload (#11571) by @taltholtmann in https://github.com/shopware/shopware/pull/16043
feat: Add twig block to image gallery placeholder icon by @tmchow in https://github.com/shopware/shopware/pull/15926
feat: add optional context and ShopwareEvent to business-layer events by @SpiGAndromeda in https://github.com/shopware/shopware/pull/15830
fix: Use deliveryTime association instead of deliveryMedia in buy-box by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16106
fix: Clear translated cms overrides on layout change by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16113
feat: implement telemetry dispatch handler for extensions by @bubleg in https://github.com/shopware/shopware/pull/16042
feat: Allow Agentic Commerce referrals for analytics by @dgrothaus-sw in https://github.com/shopware/shopware/pull/15975
fix: migrate line item stock rule to actual stock and deprecate product.availableStock by @DennisGarding in https://github.com/shopware/shopware/pull/16015
fix: Improve sw-highlight-text escapeRegExp method by @gecolay in https://github.com/shopware/shopware/pull/14775
fix: re-issue JWT before updateCurrentUser on admin password change by @jleifeld in https://github.com/shopware/shopware/pull/15863
fix(admin): await snippet loading before rendering login page by @mkucmus in https://github.com/shopware/shopware/pull/15907
fix(form-validation): Fix attribute assignment for proper form-validation by @marcelbrode in https://github.com/shopware/shopware/pull/16159
fix(acceptance): correct section type in CmsSlider visual test (#15253) by @taltholtmann in https://github.com/shopware/shopware/pull/16100
feat(consent): Add sw-request-consent-modal and implement admin SDK handlers for consent API by @SebastianFranze in https://github.com/shopware/shopware/pull/16116
fix: clarify bulk edit property empty state by @vienthuong in https://github.com/shopware/shopware/pull/15938
fix(snippet): Fix capitalization typo by @marcelbrode in https://github.com/shopware/shopware/pull/16209
fix: restore digital product flag padding by @nguyenquocdaile in https://github.com/shopware/shopware/pull/16171
fix: duplicate revocation request CMS form translations by @DennisGarding in https://github.com/shopware/shopware/pull/16124
fix: avoid duplicate robots.txt directives for user-agent blocks by @pietervp in https://github.com/shopware/shopware/pull/16177
feat: add support for custom elements in html sanatizer by @Jnoack331 in https://github.com/shopware/shopware/pull/14464
feat: add configurable salutation position by @8mylez-dg in https://github.com/shopware/shopware/pull/15670
fix: Add compatibility for the codemods with ESLint9 by @aragon999 in https://github.com/shopware/shopware/pull/16083
feat: Make return url required by @dgrothaus-sw in https://github.com/shopware/shopware/pull/16161
fix(cms): Restore full-width for sections by @marcelbrode in https://github.com/shopware/shopware/pull/16238
feat: breadcrumb rework with category referrer feature by @lacknere in https://github.com/shopware/shopware/pull/14158
fix: Add release information for versions 6.7.10.0 and 6.7.11.0 by @flegarjur in https://github.com/shopware/shopware/pull/16129
fix: hide variant products after clearance by @rittou in https://github.com/shopware/shopware/pull/15847
fix: change AbstractFileWriter to prevent early initTempFile call by @gecolay in https://github.com/shopware/shopware/pull/16097
fix(framework): avoid double slash in plugin class path by @mvanhorn in https://github.com/shopware/shopware/pull/16250
fix(snippet): Fix ellipsis spacing by @marcelbrode in https://github.com/shopware/shopware/pull/16277
fix: empty footer service menu list style by @lacknere in https://github.com/shopware/shopware/pull/16154
refactor: Deprecate non used MAIL_TEMPLATE_SALES_CHANNEL_* event constants by @aragon999 in https://github.com/shopware/shopware/pull/16070
fix: date-range rule datepicker invalid time offset by @gecolay in https://github.com/shopware/shopware/pull/16112
feat: custom describers to specify privileges for hookable events by @AydinHassan in https://github.com/shopware/shopware/pull/16162
fix: refresh cms sidebar navigation after resize by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16148
fix: defer product type migration to updateDestructive by @larskemper in https://github.com/shopware/shopware/pull/16282
fix: unpropagated index for flow (OrderRouteTest flaky) by @nfortier-shopware in https://github.com/shopware/shopware/pull/16280
refactor: improve checkout customer storage and TOS persistence by @Aliaaaam in https://github.com/shopware/shopware/pull/16079
fix: resolve magnifier zoom node lookup by @vienthuong in https://github.com/shopware/shopware/pull/15946
fix: search inherited manufacturer variants by @vienthuong in https://github.com/shopware/shopware/pull/15948
feat: use meteor tokens in inventory domain by @sydinh in https://github.com/shopware/shopware/pull/16002
fix: render reference price for single calculated price by @officialasishkumar in https://github.com/shopware/shopware/pull/16090
fix: snippets from bare translation files missing by @dgrothaus-sw in https://github.com/shopware/shopware/pull/16242
fix: Move global modals into sw-desktop's content div by @SebastianFranze in https://github.com/shopware/shopware/pull/16299
refactor(snippets): Replace $tc with $t via ESLint rule by @marcelbrode in https://github.com/shopware/shopware/pull/16258
fix: remove padding override on sw-modal__body by @fschmtt in https://github.com/shopware/shopware/pull/16158
fix: restore migrated variant option order by @vienthuong in https://github.com/shopware/shopware/pull/15943
fix: keep active inline edit row stable by @vienthuong in https://github.com/shopware/shopware/pull/16118
fix: stabilize product stock sorting in administration by @vienthuong in https://github.com/shopware/shopware/pull/16119
fix(storefront-a11y): earlier focus for cookie bar by @tobiasberge in https://github.com/shopware/shopware/pull/15991
fix: entity select count mode with large datasets by @lernhart in https://github.com/shopware/shopware/pull/16315
fix: sort customer groups by name in customer listing by @officialasishkumar in https://github.com/shopware/shopware/pull/16089
fix: trim required address fields in NotBlank contraints by @lacknere in https://github.com/shopware/shopware/pull/15950
fix: fix route guards in mixins by @jleifeld in https://github.com/shopware/shopware/pull/15927
fix: export delivery time with products by @DennisGarding in https://github.com/shopware/shopware/pull/16306
fix: add missing refresh index product.indexer 6.6 by @nfortier-shopware in https://github.com/shopware/shopware/pull/16343
fix: improve add product type migration by @vienthuong in https://github.com/shopware/shopware/pull/16321
fix: custom field inheritance by @jleifeld in https://github.com/shopware/shopware/pull/15905
feat: add handle uiSidebarSetActive by @quando1910 in https://github.com/shopware/shopware/pull/16284
fix: Remove base_navigation block from checkout templates by @aragon999 in https://github.com/shopware/shopware/pull/16082
fix: document bulk download by @DennisGarding in https://github.com/shopware/shopware/pull/16256
fix: migrate existing is-download state to product digital type migration by @vienthuong in https://github.com/shopware/shopware/pull/16364
fix: non existence default category layout when migrating by @rittou in https://github.com/shopware/shopware/pull/16294
fix: typo in cms detail empty stage content block by @lacknere in https://github.com/shopware/shopware/pull/16314
feat: twig native block runtime adapter by @jleifeld in https://github.com/shopware/shopware/pull/15347
fix(snippet): Update dummy plugins to use agnostic locales by @marcelbrode in https://github.com/shopware/shopware/pull/16337
fix: rounded corners on sw-modals-renderer by @mstegmeyer in https://github.com/shopware/shopware/pull/16366
fix(storefront-a11y): add landmark role to filter panel by @nguyenquocdaile in https://github.com/shopware/shopware/pull/16365
fix: Re-introduce Twig escaper cache by @mitelg in https://github.com/shopware/shopware/pull/16109
fix: duplicate product collection API alias by @tamvt in https://github.com/shopware/shopware/pull/16353
fix(captcha): restore removal of required validator from reCAPTCHA inputs by @bubleg in https://github.com/shopware/shopware/pull/16396
fix: Remove assertSame from NoAssertsOnObjectsRule PHPStan rule by @mitelg in https://github.com/shopware/shopware/pull/16400
fix(cms): seed parent-language override when removing field inheritance by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16393
fix: preserve sibling slot and parent-language field overrides by @MartinKrzykawski in https://github.com/shopware/shopware/pull/16410
fix: use the billing address country for the vat id validation by @dgrothaus-sw in https://github.com/shopware/shopware/pull/15433
fix: only require min value of quantity range with major version 6.8 by @rittou in https://github.com/shopware/shopware/pull/16412
fix: document percentage in price schemas by @tamvt in https://github.com/shopware/shopware/pull/16367
fix: ignore deleted SEO URLs in resolver by @vienthuong in https://github.com/shopware/shopware/pull/16120
fix: Make it possible for Twig extensions to work again by @mitelg in https://github.com/shopware/shopware/pull/16434
fix: handle invalid custom locales by @dneustadt in https://github.com/shopware/shopware/pull/16285
fix: prevent overencoding external urls and control character filtering by @dneustadt in https://github.com/shopware/shopware/pull/16379
fix: overflow of sw-modals-renderer by @mstegmeyer in https://github.com/shopware/shopware/pull/16416
feat: add ApiAware flag to requested customer group field and update API documentation for requestedGroupId by @mdanilowicz in https://github.com/shopware/shopware/pull/16363
fix: Add upcoming release to release info (backport: 6.7.10.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/16475
fix: skip product analytics test for lower shopware versions (backport: 6.7.10.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/16489
feat(agentic-commerce): OpenAi config migration from plugin (backport: 6.7.10.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/16536

New Contributors

@jellesiderius made their first contribution in https://github.com/shopware/shopware/pull/14958
@tschaefermedia made their first contribution in https://github.com/shopware/shopware/pull/8774
@tmchow made their first contribution in https://github.com/shopware/shopware/pull/15926
@pietervp made their first contribution in https://github.com/shopware/shopware/pull/16177
@Jnoack331 made their first contribution in https://github.com/shopware/shopware/pull/14464
@officialasishkumar made their first contribution in https://github.com/shopware/shopware/pull/16090

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.9.1...v6.7.10.0

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.7.9.1 Bug fix 1mo

Fixed modals, category migration, reCAPTCHA, and quantity validation.

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

What's Changed

fix: Move global modals into sw-desktop's content div (backport: 6.7.9.x) by @SebastianFranze in https://github.com/shopware/shopware/pull/16311
fix: non existence default category layout when migrating (backport: 6.7.9.x) by @rittou in https://github.com/shopware/shopware/pull/16378
fix(captcha): restore removal of required validator from reCAPTCHA inputs (backport: 6.7.9.x) by @bubleg in https://github.com/shopware/shopware/pull/16403
fix: duplicate revocation request CMS form translations (backport: 6.7.9.x) by @DennisGarding in https://github.com/shopware/shopware/pull/16404
fix: only require min value of quantity range with major version 6.8 (backport: 6.7.9.x) by @rittou in https://github.com/shopware/shopware/pull/16421

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.9.0...v6.7.9.1

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.16 Bug fix 1mo

Security fixes

ACL checks for twig template routes

Notable features

ZugFerd invoice document support

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.9.0 Breaking risk 1mo

Breaking changes

Microdata deprecated; enable via JSON_LD_DATA feature flag

Notable features

JSON-LD structured data format with comprehensive schema coverage
OpenSearch support for Admin API searches
External media thumbnail support

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Features

Default CMS page ID now persisted for categories

Previously, when a category had no CMS page assigned, the default CMS page ID was only set at runtime during entity loading. This caused missing cmsPage association data when loading categories with criteria that included the cmsPage association.

Now the default CMS page ID is automatically written to the database when a category is saved without a cmsPageId. A migration also backfills all existing categories that have no CMS page assigned.

The categoryLoaded event listener has been removed from CategorySubscriber since the default CMS page ID is now always present in the database. Sales channel-specific CMS page defaults continue to be applied at runtime during salesChannelCategoryLoaded.

The runtime-only field cmsPageIdSwitched on CategoryDefinition and CategoryEntity has been deprecated and will be removed in v6.8.0. It is no longer used internally.

New internal comment for state machine state history entries

A new internal comment field was added to the state change modal which can be used to add additional information about a state change.
The internal comment is only visible in the administration and not shown to customers.
It can be found in the state machine state history modal (state change modal) on the detail page of an order.

Use JSON-LD format for Structured Data

The Storefront now emits structured data as JSON-LD (<script type="application/ld+json"> in the <head>) instead of scattered inline microdata attributes (itemscope, itemtype, itemprop). JSON-LD is the preferred format and keeps structured data cleanly separated from the HTML markup.

In addition to replacing the existing microdata, several schema types that were missing entirely are now included: a WebSite schema with SearchAction (enabling the Google Sitelinks Searchbox), a top-level Organization schema with the shop logo, an ItemList schema on category and search result pages, and VideoObject entries for product video media.

The migration is controlled by the new JSON_LD_DATA feature flag. When the flag is off (default), the existing microdata is rendered as before. When the flag is on, JSON-LD is injected and all microdata is removed. The old microdata is deprecated and will be removed with the next major release (v6.8.0).

The following schema types are now emitted as JSON-LD:

| Schema | Pages |
|---|---|
| WebSite + SearchAction | All pages (enables Google Sitelinks Searchbox) |
| Organization with logo | All pages |
| WebPage / ProductPage / CollectionPage / SearchResultsPage | All pages (type narrows per context) |
| BreadcrumbList | All pages with a navigation breadcrumb |
| Product | Product detail page |
| ItemList | Category pages, search results |

The Product schema on the product detail page is significantly more complete compared to the previous microdata:

All product images are listed (previously only cover image via itemprop)
VideoObject entries are emitted for any video media in the product's media collection
AggregateRating now includes the required ratingCount (total number of approved reviews), sourced via an efficient aggregation query in ProductPageLoader
Individual Review items (up to 10 most recent) are included alongside AggregateRating
OfferShippingDetails with ShippingDeliveryTime is included for single-price products
Dimensions (weight, height, width, depth) are typed as QuantitativeValue nodes
itemCondition and a typed seller (Organization) are set on every Offer
gtin13 (EAN) and mpn (manufacturer number) are included when present

Extending the schema templates

Each schema lives in its own Twig template under storefront/layout/structured-data/. Every template exposes two blocks: an outer block that contains the full data-building logic, and an inner _script block that wraps just the <script> output. Plugins and themes can override either level using Shopware's standard template extension mechanism.

To add or change properties, override the _script block, merge your changes into the data variable (productData, orgData, webPageData, etc.), and call {{ parent() }}.

{# MyPlugin/Resources/views/storefront/layout/structured-data/json-ld-organization.html.twig #}
{% sw_extends '@Storefront/storefront/layout/structured-data/json-ld-organization.html.twig' %}

{% block layout_structured_data_organization_script %}
    {% set orgData = orgData|merge({
        'contactPoint': {
            '@type': 'ContactPoint',
            'contactType': 'customer service',
            'email': config('core.basicInformation.email')
        }
    }) %}
    {{ parent() }}
{% endblock %}

The available outer / script block pairs are:

| Template | Outer block | Script block |
|---|---|---|
| json-ld-webpage.html.twig | layout_structured_data_webpage | layout_structured_data_webpage_script |
| json-ld-breadcrumb.html.twig | layout_structured_data_breadcrumb | layout_structured_data_breadcrumb_script |
| json-ld-organization.html.twig | layout_structured_data_organization | layout_structured_data_organization_script |
| json-ld-website.html.twig | layout_structured_data_website | layout_structured_data_website_script |
| json-ld-item-list.html.twig | layout_structured_data_item_list | layout_structured_data_item_list_script |
| json-ld-product.html.twig | page_product_detail_json_ld | page_product_detail_json_ld_script |

[Experimental] Use OpenSearch for Admin API searches

When the data in your store grows larger the administration might become slower, especially when searching for entities in lists.
This is because the administration relies only on the DB fulltext search. For larger stores, this can lead to performance issues and even timeouts.
Now it is possible to use OpenSearch for the administration and Admin API searches, which can significantly improve the performance of searches in the administration, especially for larger stores.
To enable this feature, you can set the ENABLE_OPENSEARCH_FOR_ADMIN_API feature flag to true. For more technical guidelines refer to the section in the Hosting & Configuration updates.

Online revocation request form

Customers can now conveniently submit revocation requests through an online form.
Similar to the existing Contact Form, the revocation form can be integrated and used via Shopping Experiences, allowing flexible placement within the storefront.

External media thumbnail support

External media entities can now have external thumbnail URLs attached to them, which is useful for CDNs that provide pre-generated thumbnails alongside the main media file.

Two new API endpoints have been added:

POST /api/_action/media/{id}/external-thumbnails - Add thumbnails to existing external media
DELETE /api/_action/media/{id}/external-thumbnails - Remove all external thumbnails from media

Both endpoints require the target media entity to be external (i.e. its path must be an HTTP/HTTPS URL). Attempting to call them on regular file-based media returns an error.

When creating external media via POST /api/_action/media/external-link, you can now provide an optional thumbnails array directly in the request body:

{
  "url": "https://cdn.example.com/image.jpg",
  "thumbnails": [
    { "url": "https://cdn.example.com/image-200x200.jpg", "width": 200, "height": 200 },
    { "url": "https://cdn.example.com/image-400x400.jpg", "width": 400, "height": 400 }
  ]
}

The same thumbnails payload shape is accepted by POST /api/_action/media/{id}/external-thumbnails.

Support of long-running MySQL connections

It is now possible to use libraries like doctrine-mysql-come-back, which wrap the default DBAL connection.
More information on how to set up, can be found here: https://developer.shopware.com/docs/guides/hosting/infrastructure/database.html#setup-for-long-running-environments

System config overrides in staging mode

The system:setup:staging command now supports pre-configuring system config keys during staging setup. Both global and sales channel-specific values can be set, following the same YAML structure used for static system configuration.

Use default for global config values and sales channel IDs for channel-specific overrides:

shopware:
  staging:
    system_config:
      default:
        core.mailerSettings.smtpHost: "smtp.staging.local"
        core.listing.allowBuyInListing: false
      0188da12724970b9b4a708298259b171:
        core.mailerSettings.smtpHost: "smtp.other.staging.local"

When bin/console system:setup:staging is executed, the configured keys are written to the database via SystemConfigService.

API

Minimum value constraints added to quantity fields in ProductPriceDefinition

The fields quantityStart and quantityEnd of ProductPriceDefinition now require a minimum value of 1.

Deprecation of newsletter route methods

The following methods are deprecated and will be removed with the next major version:

AbstractNewsletterSubscribeRoute::subscribe() → use subscribeWithResponse() instead
AbstractNewsletterConfirmRoute::confirm() → use confirmWithResponse() instead
AbstractNewsletterUnsubscribeRoute::unsubscribe() → use unsubscribeWithResponse() instead

The new methods currently return StoreApiResponse in the abstract classes. In the next major version, the return types will change to their explicit types:

subscribeWithResponse() → NewsletterSubscribeRouteResponse
confirmWithResponse() → SuccessResponse
unsubscribeWithResponse() → SuccessResponse

The Store API newsletter routes now return 200 OK with a response body instead of 204 No Content:

| Route | Response |
|-------|----------------------------------------------------------------|
| /store-api/newsletter/subscribe | {"success": true, "status": "notSet\|optIn\|optOut\|direct"} |
| /store-api/newsletter/confirm | {"success": true} |
| /store-api/newsletter/unsubscribe | {"success": true} |

OpenAPI enums via DAL `Choice` flag

DAL fields can now declare a finite set of allowed values using the Choice flag.
This information is used to enrich the generated OpenAPI schema with enum values for better API documentation and client generation.

By default, Choice is non-strict and does not affect write validation.
If you want to enforce values on write, set strict: true when creating the flag; the write layer will then validate the input for supported field types (string, int, float).

Deprecated `/api/_action/mail-template/validate` route

The /api/_action/mail-template/validate route is deprecated and will be removed without replacement in v6.8.0.0, as it was not used and did not provide any significant value.

Core

Changed behaviour of default fields in EntityDefinition

Currently, it is not possible to overwrite the default fields createdAt and updatedAt of an entity in the definition.
This is because the default fields are applied on top of the fields defined in the defineFields method.
From the next major version on, the logic is turned around and the defined fields will be applied after the default fields.
This makes it possible to overwrite the current default fields createdAt and updatedAt.
Check your EntityDefinitions if this change will have an effect on your entities' behaviour. (Only applicable if you manually add CreatedAtField and/or UpdatedAtField)

Product stream deletion is blocked while product exports exist

Deleting a product stream that's been used in a product export raises a dedicated delete restriction.
This rule is additionally enforced on database level by changing the foreign key delete action from CASCADE to RESTRICT.

Reduced HTTP cache invalidation on system config changes

SystemConfigService::set(), setMultiple(), and delete() now accept an optional $silent parameter. When silent=true, the internal config cache is still cleared immediately, but the broad HTTP cache tag system.config-{salesChannelId} is not invalidated.

This prevents "invalidation storms" where writing internal config values (e.g. timestamps, license keys, store secrets) would wipe big amount of HTTP-cached pages.

Internal Shopware call sites that write non-storefront config values now pass silent=true. The ConfigSet CLI command accepts --silent, and the Admin API POST /_action/system-config and POST /_action/system-config/batch accept a ?silent query parameter.

In v6.8.0.0, silent parameter in SystemConfigService methods will default to true. Clients should pass value explicitly to prepare for changes.

Scheduled cleanup of expired customer recovery records

A new scheduled task customer.cleanup_customer_recovery has been added that automatically removes expired customer recovery records from the database on a daily basis.

Customer recovery records (password reset tokens) expire after 2 hours. Previously these records were never removed, causing the customer_recovery table to grow indefinitely. The new task deletes all records older than 48 hours.

New attribute field types for entity definitions

The attribute-based entity definition system now supports additional field types:

FieldType::EMAIL maps to EmailField for email validation
#[Password] attribute for password fields with configurable hashing algorithm, hash options, and scope
#[ListField] attribute for storing lists with optional typed field specification
FieldType::PRICE maps to PriceField for price storage

Inheritance added to product main categories

Product main categories are now inherited from parent product if not explicitly defined on the variant itself.

CategoryIndexer doesn't dispatch IndexingMetaEvent when only index irrelevant data changes

The CategoryIndexer did already check for changed payload and only triggered the tree/child-count updaters when the parentId changed and the breadcrumb updater when the name changed.
But it still dispatched the CategoryIndexingMessage, even though all relevant Updaters would be skipped. For performance and efficiency reasons that event is not thrown anymore in the case of an update when only irrelevant data has changed.
This saves resources, as we don't need to fetch any child categories, dispatch unneeded messages and create DB transactions when it's not needed, especially as this whole handling was also triggered when you only assign products to a category, which is a quite common action.
Note that this only affects the update case, in the case of newly inserted or deleted categories the event is still dispatched, as all updaters are relevant in that case.

Existing cart recalculations no longer recreate deleted carts

When an existing cart is recalculated, Shopware now uses the cart's persisted state to avoid recreating carts that were already deleted.
This prevents race conditions where a concurrent request, such as placing an order, deletes the cart and a stale recalculation writes it back afterwards.

Deprecation of unused `TemplateGroup` class

The class \Shopware\Core\Content\Seo\SeoUrlTemplate\TemplateGroup has been deprecated as it is unused and will be removed in the next major version v6.8.0.

New criteria events for product slider CMS element

Two new events are dispatched when the product slider CMS element resolves its product criteria, allowing subscribers to modify the criteria:

Shopware\Core\Content\Product\Events\ProductSliderStaticCriteriaEvent is fired by the StaticProductProcessor when resolving a static product list.
Shopware\Core\Content\Product\Events\ProductSliderStreamCriteriaEvent is fired by the ProductStreamProcessor when resolving a product stream.

Allow custom HTTP client injection for S3 client creation

The S3 client creation flow (S3ClientFactory, AwsS3v3Factory, PresignedUploadUrlGenerator)
now accepts an optional HttpClientInterface parameter. When provided, this HTTP client is
forwarded to the underlying AsyncAws S3Client instead of letting it create its own default.

Both AwsS3v3Factory and PresignedUploadUrlGenerator are wired via DI to the new
shopware.filesystem.s3.client service ID. This service is not registered by default, so
null is injected and AsyncAws uses its own internal HTTP client. Integrators can register
the shopware.filesystem.s3.client service to provide a custom Symfony HTTP client with
custom timeouts, retry strategies, or HTTP protocol version for S3 operations.

Administration

CMS data mapping source for media custom fields

Fixed media custom fields not being available as data mapping source for image elements in category and product CMS layouts. Shop Administrators can now reliably bind media custom fields to images in CMS pages without workarounds.

Storefront

Block renaming

Deprecated block page_product_detail_product_buy_button_label in Resources/views/storefront/component/product/card/action.html.twig which will be removed in v6.8.0. Use block component_product_box_action_buy_button_label instead.

Disabled runtime error overlay in webpack dev server

The webpack dev server overlay for runtime errors has been disabled in hot-reload mode. The overlay frequently interrupted the development workflow by covering the entire viewport for non-critical runtime errors, making it difficult to interact with the storefront during development. Error details remain available in the browser console.

`HEAD`-requests do not trigger the registration double-opt-in

As some mail clients send HEAD requests to links which are contained in emails, the registration double-opt-in was sometimes already confirmed, as Symfony treats HEAD-requests the same as GET-request. Now HEAD-requests do not trigger the registration double-opt-in anymore, only "real" GET-requests.

App System

Hosting & Configuration

Critical Fixes

What's Changed

fix: index used custom fields in product by @rittou in https://github.com/shopware/shopware/pull/14770
fix(promotion): redeemed when entering code in lowercase by @FlorianKe in https://github.com/shopware/shopware/pull/14589
fix: add number type to stock inline edit fields by @lacknere in https://github.com/shopware/shopware/pull/15004
fix: Do not try to create a list price of 0 by @aragon999 in https://github.com/shopware/shopware/pull/14889
fix: Head Request do not trigger account confirm by @aragon999 in https://github.com/shopware/shopware/pull/14614
fix: use order versionId by @En0Ma1259 in https://github.com/shopware/shopware/pull/15028
feat: Return subscription status in "store-api.newsletter.subscribe" by @umutdogan4291 in https://github.com/shopware/shopware/pull/14653
feat: Refactor empty usage in Framework DAL to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/15041
feat: Refactor empty usage in Framework app and API to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/15040
fix: ATTRIBUTE_NO_STORE is not processed when CACHE_REWORK feature is disabled by @h1k3r in https://github.com/shopware/shopware/pull/15142
fix: remove _isCmsForm to not run into formSubmittedByCaptcha blocking the form submission by @BrocksiNet in https://github.com/shopware/shopware/pull/15119
fix: apply analyzer for search term with one token to filter stopword by @tamvt in https://github.com/shopware/shopware/pull/14646
fix: Do not hide important info from mobile users by @amenk in https://github.com/shopware/shopware/pull/15103
fix: use new hasLineItemWithType method by @En0Ma1259 in https://github.com/shopware/shopware/pull/15097
feat: add action response possibility to newsletter subscribe route by @lacknere in https://github.com/shopware/shopware/pull/15010
fix: use correct expiry for symfony cache by @keulinho in https://github.com/shopware/shopware/pull/15149
fix: resolve npm audit failures across all packages by @BrocksiNet in https://github.com/shopware/shopware/pull/15164
fix: allow select parent product for cross selling by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15169
feat: Persist backend and tracking consent by @SebastianFranze in https://github.com/shopware/shopware/pull/15127
feat: product analytics auth fetch transport by @adrianles in https://github.com/shopware/shopware/pull/13887
fix: revert fix for storefront session cookie path (#14599) by @umutdogan4291 in https://github.com/shopware/shopware/pull/15173
fix: default folder for product media by @sydinh in https://github.com/shopware/shopware/pull/15174
feat: allow to refresh opensearch during cache clear by @keulinho in https://github.com/shopware/shopware/pull/15162
fix: empty product stream id when updating product assignment type to product by @rittou in https://github.com/shopware/shopware/pull/15138
fix: prevent image upscaling in standard display mode (#14468) by @taltholtmann in https://github.com/shopware/shopware/pull/15171
feat: Set up Consent Rate metrics by @bubleg in https://github.com/shopware/shopware/pull/14961
fix(cms-slider): Adjust image/product slider/galery styling (re-apply) by @marcelbrode in https://github.com/shopware/shopware/pull/15066
fix: analytics test when admin loads longer then 3s by @keulinho in https://github.com/shopware/shopware/pull/15191
fix: deprecated sw-product-settings-mode component by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14379
fix: administration have no robots information + set robots meta to no-index, no-follow by @DerKaito in https://github.com/shopware/shopware/pull/15208
fix: Check plugin requirements during activation by @mitelg in https://github.com/shopware/shopware/pull/15177
fix: prevent maintenance mode heading style inconsistency (#15090) by @taltholtmann in https://github.com/shopware/shopware/pull/15223
fix: use correct delimiter in refresh migration command by @keulinho in https://github.com/shopware/shopware/pull/15211
feat: trigger conditions for consent by @bubleg in https://github.com/shopware/shopware/pull/15161
fix: ZUGFeRD download label and filename by @vintagesucks in https://github.com/shopware/shopware/pull/15202
fix: rename product box action buy button label block by @lacknere in https://github.com/shopware/shopware/pull/14956
feat: online revocation request by @DennisGarding in https://github.com/shopware/shopware/pull/14362
feat: add mainCategories inheritance by @lacknere in https://github.com/shopware/shopware/pull/15197
fix(admin): enable natural sorting when sorting variants by name by @sydinh in https://github.com/shopware/shopware/pull/15220
feat: Use new consent system for backend data consent by @SebastianFranze in https://github.com/shopware/shopware/pull/14814
feat: Add event for the config info API route by @mitelg in https://github.com/shopware/shopware/pull/15229
fix: correct the change log by @rittou in https://github.com/shopware/shopware/pull/15286
revert: applifecycle reorganisation by @AydinHassan in https://github.com/shopware/shopware/pull/15281
refactor: use Context::enableInheritance in ProductStreamUpdater by @lacknere in https://github.com/shopware/shopware/pull/15238
feat: add Model Editor sidebar by @feliopterix in https://github.com/shopware/shopware/pull/15105
fix: Use correct array annotation for country address format property by @mitelg in https://github.com/shopware/shopware/pull/15072
fix: email template link in flow builder modal by @vintagesucks in https://github.com/shopware/shopware/pull/15128
fix: add loading indicator to sw-flow detail by @keulinho in https://github.com/shopware/shopware/pull/15232
fix: attach xml invoice documents to emails by @vintagesucks in https://github.com/shopware/shopware/pull/15255
fix(language-widget): update language display in offcanvas by @BrocksiNet in https://github.com/shopware/shopware/pull/15219
feat: apply opensearch globally in admin by @vienthuong in https://github.com/shopware/shopware/pull/11634
fix: Fix issue ES working wrong with NotEquals filter in nested fields by @tamvt in https://github.com/shopware/shopware/pull/15244
fix(cookie): recaptcha form validation issue by @BrocksiNet in https://github.com/shopware/shopware/pull/15212
fix: Check for consent in the admin before sending events by @bubleg in https://github.com/shopware/shopware/pull/15296
fix(snippet): Replace snippet with global default by @marcelbrode in https://github.com/shopware/shopware/pull/15311
fix: mt-text-editor closing bug by @MartinKrzykawski in https://github.com/shopware/shopware/pull/15297
fix(admin): Clean up usage data consent modal checklist and icon layout by @bubleg in https://github.com/shopware/shopware/pull/15320
feat: Add CMS product slider criteria events by @aragon999 in https://github.com/shopware/shopware/pull/15306
feat: Add declined state for consent by @SebastianFranze in https://github.com/shopware/shopware/pull/15301
feat: make database tz data required in next major by @shyim in https://github.com/shopware/shopware/pull/15282
feat: Add scheduled task to delete old customer recovery entries by @aragon999 in https://github.com/shopware/shopware/pull/15134
feat(administration): send identified consent_revoked event with deletion identifiers by @bubleg in https://github.com/shopware/shopware/pull/15334
feat(telemetry): Handle telemetry events from Telemetry.track by @SebastianFranze in https://github.com/shopware/shopware/pull/15345
fix: remove unused template for address-actions by @Berkantdoku in https://github.com/shopware/shopware/pull/15317
refactor: document settings by @larskemper in https://github.com/shopware/shopware/pull/14878
fix: broken transaction level on cache storage deadlock by @keulinho in https://github.com/shopware/shopware/pull/15332
fix: twig template loading without db by @shyim in https://github.com/shopware/shopware/pull/14856
feat(consent): Don't show consent modal when consent was already set by @SebastianFranze in https://github.com/shopware/shopware/pull/15355
fix: load language on languageId change by @davidtraum in https://github.com/shopware/shopware/pull/15183
feat: introduce enum provider for better API schema by @vienthuong in https://github.com/shopware/shopware/pull/13811
fix(performance): Change full table scan to indexed parent id query by @runelaenen in https://github.com/shopware/shopware/pull/14719
feat: make model editor scale lockable by @Deristes in https://github.com/shopware/shopware/pull/15368
refactor: implement sw-vector-field varaints colored - neutral by @Deristes in https://github.com/shopware/shopware/pull/15369
fix: crash of admin by extension reload through propagating reload to the entire page by @gweiermann in https://github.com/shopware/shopware/pull/14868
fix(snippets): Fix grammar mistakes by @marcelbrode in https://github.com/shopware/shopware/pull/15387
fix: disable anonymous tracking by @shyim in https://github.com/shopware/shopware/pull/15411
fix: insufficient contrast for review timestamps by @larskemper in https://github.com/shopware/shopware/pull/15375
fix: preview document invoice reference by @vintagesucks in https://github.com/shopware/shopware/pull/15338
fix: remove unnecessary profiler toggling in tests by @shyim in https://github.com/shopware/shopware/pull/15412
fix: avoid double event tracking on first consent by @bubleg in https://github.com/shopware/shopware/pull/15422
fix: add alt fall back to product name by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15241
feat: Use types to validate consent event options by @SebastianFranze in https://github.com/shopware/shopware/pull/15434
fix: Missing undefined array key checks in HookableBusinessEvent by @mitelg in https://github.com/shopware/shopware/pull/15420
feat: improved cache invalidation on system config writes by @h1k3r in https://github.com/shopware/shopware/pull/15279
feat: add heartbeat scheduled hookable event by @Gaitholabi in https://github.com/shopware/shopware/pull/15316
fix(admin): adjust consent modal layout by @bubleg in https://github.com/shopware/shopware/pull/15453
feat: Allow external thumbnails for external media by @dgrothaus-sw in https://github.com/shopware/shopware/pull/15340
fix: dont use product search config loader in global search term interpreter by @vienthuong in https://github.com/shopware/shopware/pull/15436
fix: token refresh behavior over multiple tabs by @davidtraum in https://github.com/shopware/shopware/pull/14454
fix: Sales channel shows wrong language data after save on language switch by @davidtraum in https://github.com/shopware/shopware/pull/14641
fix: Sync frontend email validation with backend by @s-hamann in https://github.com/shopware/shopware/pull/15449
refactor: text rendering in sw-highlight-text by @davidtraum in https://github.com/shopware/shopware/pull/15467
fix: Don't validate composer constraints on activate after install by @keulinho in https://github.com/shopware/shopware/pull/15472
fix(admin): remove pre-consent amplitude sdk usage by @bubleg in https://github.com/shopware/shopware/pull/15493
fix: update feedback ID format for Google reCAPTCHA v2 and v3 components by @BrocksiNet in https://github.com/shopware/shopware/pull/15494
feat: add moduleCriteria method for admin es search by @vienthuong in https://github.com/shopware/shopware/pull/15446
fix: validate RTE code content before closing CMS element settings mo… by @taltholtmann in https://github.com/shopware/shopware/pull/15406
fix: delete document media files by @ennasus4sun in https://github.com/shopware/shopware/pull/15319
feat: add webhook failure strategy by @AydinHassan in https://github.com/shopware/shopware/pull/15488
fix: reset order addresses on destroy in sw-order-detail by @mstegmeyer in https://github.com/shopware/shopware/pull/15503
fix: normalize telemetry event names to snake_case by @bubleg in https://github.com/shopware/shopware/pull/15528
fix: race condition on theme assign causes error when mariadb is used by @h1k3r in https://github.com/shopware/shopware/pull/15498
fix: admin amplitude retries and disable sdk logs by @bubleg in https://github.com/shopware/shopware/pull/15479
fix: price inheritance is not applied correctly for product variants by @nguyenytran in https://github.com/shopware/shopware/pull/15373
fix: race condition between cart persist and load by @mstegmeyer in https://github.com/shopware/shopware/pull/15501
fix: create product page wrong directly to variant page by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15396
feat: product filter by product number with partial matches by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15413
feat: move digital content access checkbox to submit order button by @Berkantdoku in https://github.com/shopware/shopware/pull/15309
fix: change product stream product export delete rule by @rittou in https://github.com/shopware/shopware/pull/15243
fix: add sales-channel access key to HTTP cache Vary headers by @shyim in https://github.com/shopware/shopware/pull/15445
fix(consent): Don't update consent state in Admin when logged out by @SebastianFranze in https://github.com/shopware/shopware/pull/15547
feat(consent): Move legal links into sub cards by @SebastianFranze in https://github.com/shopware/shopware/pull/15532
fix(admin): delete amplitude user data when consent is revoked during deferred init by @bubleg in https://github.com/shopware/shopware/pull/15538
fix: rating average for products with variants by @vintagesucks in https://github.com/shopware/shopware/pull/15526
refactor: applifecycle reorganisation by @AydinHassan in https://github.com/shopware/shopware/pull/15463
fix: don't read unfiltered many to many associations by @keulinho in https://github.com/shopware/shopware/pull/15539
feat: Ensure proper types on connection driver options by @mitelg in https://github.com/shopware/shopware/pull/15551
fix(meteor): register mt-badge component by @fschmtt in https://github.com/shopware/shopware/pull/15454
fix(admin): hide upload button when runtime extension management is disabled by @shyim in https://github.com/shopware/shopware/pull/15439
fix: allow bulk deletion of dependent documents via sync API by @ennasus4sun in https://github.com/shopware/shopware/pull/15549
feat: add warning message to the error that catches unexpected warnings in admins testing environment by @gweiermann in https://github.com/shopware/shopware/pull/15585
feat: allow custom HTTP client injection for S3 client creation by @lankhaar in https://github.com/shopware/shopware/pull/15464
perf: improve join in PerformanceRedemptionUpdater by @mstegmeyer in https://github.com/shopware/shopware/pull/15603
refactor: deprecate blocking automatic promotions by @mstegmeyer in https://github.com/shopware/shopware/pull/15602
fix: center dashboard card content by @larskemper in https://github.com/shopware/shopware/pull/15590
fix: setting vatIds back to null by @jozsefdamokos in https://github.com/shopware/shopware/pull/15588
feat: Structured Data as JSON-LD Format by @Phil23 in https://github.com/shopware/shopware/pull/15541
fix: Listen to input-change event of mt-price-field by @tristantisch in https://github.com/shopware/shopware/pull/15261
fix: digital products are not downloadable on storefront by @vienthuong in https://github.com/shopware/shopware/pull/15563
fix: align flow names with event names by @larskemper in https://github.com/shopware/shopware/pull/15611
fix(snippet): Be consistent with shop data translation by @marcelbrode in https://github.com/shopware/shopware/pull/15613
feat: async email address validation by @DennisGarding in https://github.com/shopware/shopware/pull/15102
feat: add zugferd cancellation invoice by @larskemper in https://github.com/shopware/shopware/pull/15421
fix(admin): preserve consent event order in amplitude by @bubleg in https://github.com/shopware/shopware/pull/15587
fix(admin): prevent consent modal overlap with shop id change modal by @bubleg in https://github.com/shopware/shopware/pull/15567
fix(admin): use natural sorting in product list for correct ordering by @sydinh in https://github.com/shopware/shopware/pull/15495
fix: replace wrong feature flag change by @Phil23 in https://github.com/shopware/shopware/pull/15621
feat: add zugferd embedded cancellation invoice by @larskemper in https://github.com/shopware/shopware/pull/15492
feat: add loading indicator to cms form submit buttons by @larskemper in https://github.com/shopware/shopware/pull/15612
fix(static-analyze): improve cache handling in phpstan-bootstrap.php by @BrocksiNet in https://github.com/shopware/shopware/pull/15625
revert: fix: order address validation by @En0Ma1259 in https://github.com/shopware/shopware/pull/15642
feat: add zugferd & embedded credit note by @larskemper in https://github.com/shopware/shopware/pull/15568
fix(admin): use shield icon for privacy settings menu item by @bubleg in https://github.com/shopware/shopware/pull/15610
fix: Making SQL query lighter, just check if the table is accessible in TestBootstrapper by @matheusgontijo in https://github.com/shopware/shopware/pull/15230
fix: Display correct rate limit message by @DennisGarding in https://github.com/shopware/shopware/pull/15662
feat: filter product list by configurable product types by @sydinh in https://github.com/shopware/shopware/pull/15648
feat(consent): Refactor consent events in Administration by @SebastianFranze in https://github.com/shopware/shopware/pull/15595
fix: Can't unlink inherited custom fields in bulk edit by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15656
fix(admin): send logout analytics beacon as json and dedupe flush flow by @bubleg in https://github.com/shopware/shopware/pull/15660
fix(admin): add explicit consent actions for single-option usage data modal by @bubleg in https://github.com/shopware/shopware/pull/15666
fix: cart not recalculated without ESI on sub requests by @keulinho in https://github.com/shopware/shopware/pull/15460
fix: ProductPriceCalculator calculate doesnt work with partial entity by @vienthuong in https://github.com/shopware/shopware/pull/15185
fix: revert breaking changes by @larskemper in https://github.com/shopware/shopware/pull/15679
fix: load cms page association data with category has no cms page by @rittou in https://github.com/shopware/shopware/pull/15215
feat: app url validation infra by @AydinHassan in https://github.com/shopware/shopware/pull/15593
fix: Correct description of the customer.hash field by @aragon999 in https://github.com/shopware/shopware/pull/15683
fix: bulk edit handle any document type by @jozsefdamokos in https://github.com/shopware/shopware/pull/15658
fix(phpstan): Iterable type errors in Shopware\Core\Content by @aragon999 in https://github.com/shopware/shopware/pull/15664
feat: add customer number and customerid to customer login logs by @Berkantdoku in https://github.com/shopware/shopware/pull/15654
feat: implemented oauth token revocation (compliant to OIDC 3.1.2.1 & RFC-7009) by @Nickolaus in https://github.com/shopware/shopware/pull/15569
feat(product-analytics): Identify users by @SebastianFranze in https://github.com/shopware/shopware/pull/15677
feat: Add danger rule so the baseline for routes without Schema doesn't get bigger by @mitelg in https://github.com/shopware/shopware/pull/15697
feat: improve readability of rate limiter key by @matheusgontijo in https://github.com/shopware/shopware/pull/15668
fix: Dynamic Product Group preview not showing correct results when Advanced Search is enabled by @tamvt in https://github.com/shopware/shopware/pull/15691
fix: NPM audit issues by @Phil23 in https://github.com/shopware/shopware/pull/15704
fix: load default sql number range increment storage with redis by @lacknere in https://github.com/shopware/shopware/pull/15426
fix: remove unknown tags field by @bojanrajh in https://github.com/shopware/shopware/pull/15600
fix: load missing product media with product detail store api by @rittou in https://github.com/shopware/shopware/pull/15310
fix: switch inheritance in product listing variants modal on price column by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15646
fix: bulk edit product auto calculated price by @nguyenquocdaile in https://github.com/shopware/shopware/pull/15674
fix: dal reverse association error by @vienthuong in https://github.com/shopware/shopware/pull/15716
fix: time zone shift in date range rule by @DennisGarding in https://github.com/shopware/shopware/pull/15703
fix: Wrong usage of JSON_THROW_ON_ERROR flag on json_decode by @Claude in https://github.com/shopware/shopware/pull/15725
fix(product-analytics): Send delete user requests via gateway client by @SebastianFranze in https://github.com/shopware/shopware/pull/15698
feat: allow system config overrides in staging mode by @shyim in https://github.com/shopware/shopware/pull/15723
feat: add isEmpty method to Collection by @mvanhorn in https://github.com/shopware/shopware/pull/15724
fix: sales channel name translations in mail templates by @DennisGarding in https://github.com/shopware/shopware/pull/15676
fix: change wrong tax snippet in storefront order history by @Berkantdoku in https://github.com/shopware/shopware/pull/15689
fix: sales channel context language by @En0Ma1259 in https://github.com/shopware/shopware/pull/15733
feat: added search ranking attribute by @teunkoster in https://github.com/shopware/shopware/pull/14483
feat: Allow overriding entity default fields by @jasperP98 in https://github.com/shopware/shopware/pull/14326
fix: number ranges starting from zero by @keulinho in https://github.com/shopware/shopware/pull/15711
feat: Storefront Components by @Phil23 in https://github.com/shopware/shopware/pull/15651
fix: remove obsolete warning log from send mail action by @larskemper in https://github.com/shopware/shopware/pull/15708
fix: adds CMS data mapping source for media custom fields #14648 by @zFl4wless in https://github.com/shopware/shopware/pull/15597
fix: avoid infinite retries on rufus 401 SSO error by @davidtraum in https://github.com/shopware/shopware/pull/15653
fix: typo in usage data settings snippet by @Jofu-swag in https://github.com/shopware/shopware/pull/15765
fix: migrate deprecated rule and product stream conditions by @vienthuong in https://github.com/shopware/shopware/pull/15678
fix: wasted empty space in documents by @larskemper in https://github.com/shopware/shopware/pull/15712
fix: prevent SSO state invalidation caused by race condition during logout redirect by @Nickolaus in https://github.com/shopware/shopware/pull/15696
fix: Import map for index components by @Phil23 in https://github.com/shopware/shopware/pull/15768
fix: add min value constraints to product price quantity fields by @lacknere in https://github.com/shopware/shopware/pull/15771
feat: Refactor empty usage in ES and Storefront bundle to prepare its… by @mitelg in https://github.com/shopware/shopware/pull/15778
fix: test mail double mail attachment by @larskemper in https://github.com/shopware/shopware/pull/15731
feat: Improve copying of admin assets by @mitelg in https://github.com/shopware/shopware/pull/15756
fix: Fix issue that incorrect navigation to product detail when variant names are similar by @tamvt in https://github.com/shopware/shopware/pull/15452
fix: Add specific ACL checks for routes that render twig templates by @keulinho in https://github.com/shopware/shopware/pull/15764
feat: Shim for OptionsAPI overrides on Components written with CompositionAPI by @jleifeld in https://github.com/shopware/shopware/pull/15034
fix: filter unrelated YAML defaults in SystemConfigService::getDomain() by @vanWittlaer in https://github.com/shopware/shopware/pull/15323
fix: List price ratio rule by @DennisGarding in https://github.com/shopware/shopware/pull/15760
fix: and search on multiple terms should be a must query by @vienthuong in https://github.com/shopware/shopware/pull/15599
fix: admin es index throws even without errors by @keulinho in https://github.com/shopware/shopware/pull/15802
fix: Add prefix to e-mail validation path by @davidtraum in https://github.com/shopware/shopware/pull/15806
fix: load the env var for admin path redirect by @zukucker in https://github.com/shopware/shopware/pull/14619
feat: add bulk deletion of documents in admin by @ennasus4sun in https://github.com/shopware/shopware/pull/15672
fix(promotion): fix cart merge with product set promotions by @Aliaaaam in https://github.com/shopware/shopware/pull/15777
fix: disable runtime errors overlay in webpack dev server by @shyim in https://github.com/shopware/shopware/pull/15742
fix: less distract devs on storefront watcher by @shyim in https://github.com/shopware/shopware/pull/15782
fix: prevent duplicate import export mappings by @larskemper in https://github.com/shopware/shopware/pull/15739
feat: Add password, list and email field types to attribute entity by @OliverSkroblin in https://github.com/shopware/shopware/pull/15337
fix: upgrade axios dependency to version 1.15 (backport: 6.7.9.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/16127

New Contributors

@DerKaito made their first contribution in https://github.com/shopware/shopware/pull/15208
@s-hamann made their first contribution in https://github.com/shopware/shopware/pull/15449
@tristantisch made their first contribution in https://github.com/shopware/shopware/pull/15261
@matheusgontijo made their first contribution in https://github.com/shopware/shopware/pull/15230
@Nickolaus made their first contribution in https://github.com/shopware/shopware/pull/15569
@Claude made their first contribution in https://github.com/shopware/shopware/pull/15725
@zukucker made their first contribution in https://github.com/shopware/shopware/pull/14619

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.8.2...v6.7.9.0

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.7.8.2 Bug fix 2mo

Minor fixes and improvements.

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Critical Fixes

Webhook for order state change

Fixed an undefined array key warning within the webhook handling, which could lead to a server error, if strict error displaying is set up.

Digital product legacy states repair after update

We fixed a bug in the indexer for the product.states field, which lead to issues where rules (and flows depending on those rules) with the line item with product state condition did not work as expected. This especially affected the flows to deliver digital download products after purchase.

This release repairs digital products with missing legacy states via a one-time UpdatePostFinishEvent subscriber.

The repair runs automatically once per installation and is marked as completed in app_config.

What's Changed

fix: disable anonymous tracking (backport: 6.7.8.x) by @shyim in https://github.com/shopware/shopware/pull/15527
fix: Missing undefined array key checks in HookableBusinessEvent (backport: 6.7.8.x) by @mitelg in https://github.com/shopware/shopware/pull/15518
feat: add webhook failure strategy (backport: 6.7.8.x) by @AydinHassan in https://github.com/shopware/shopware/pull/15546
fix: price inheritance is not applied correctly for product variants (backport: 6.7.8.x) by @nguyenytran in https://github.com/shopware/shopware/pull/15548
fix: digital products are not downloadable on storefront (backport: 6.7.8.x) by @vienthuong in https://github.com/shopware/shopware/pull/15614

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.8.1...v6.7.8.2

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.15 Security relevant 2mo

Security fixes

Double signature verification in app-reregistration (GHSA-c4p7-rwrg-pf6p)
Account enumeration via Store API (GHSA-gqc5-xv7m-gcjq)
deepLinkCode filter type validation (GHSA-7vvp-j573-5584)

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.8.1 Security relevant 2mo

Security fixes

Double signature verification in app-reregistration (GHSA-c4p7-rwrg-pf6p)
Account enumeration via Store API (GHSA-gqc5-xv7m-gcjq)
deepLinkCode filter type validation (GHSA-7vvp-j573-5584)

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Critical Fixes

Double signature verification in app-reregistration flow

Introduces a secure, asynchronous app secret rotation feature to the app system, including both API and CLI interfaces.
Added a new API endpoint and command for rotating app secrets, implemented the underlying rotation logic, and adjusted the app registration process to support secret updates and dual signature confirmation.
This increases security by enforcing a two-step verification process during app re-registration, ensuring that only authorized parties can update app secrets.

LoginRoute and AccountService don't throw CustomerNotFoundException

The LoginRoute and AccountService have been updated to no longer throw a CustomerNotFoundException when a login attempt is made with an email address that does not exist in the system.
Instead, they will now throw a generic BadCredentialsException without revealing whether the email address is registered or not.
This change enhances security by preventing potential attackers from enumerating valid email addresses through error messages.

Improve OrderRoute deepLinkCode filter type validation

Improve the logic in \Shopware\Core\Checkout\Order\SalesChannel\OrderRoute::load to ensure the deepLinkCode filter is an instance of \Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter.

What's Changed

GHSA-c4p7-rwrg-pf6p - Double signature verification in app-reregistration flow
GHSA-gqc5-xv7m-gcjq - Limit account enumeration via Store API
GHSA-7vvp-j573-5584 - Proper check for the deepLinkCode filter type

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.8.0...v6.7.8.1

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.14 Mixed 3mo

Notable features

DomPDF dependency major version update

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.8.0 Breaking risk 3mo

Breaking changes

Increment-based message queue statistics deprecated

Notable features

Product custom fields indexing with Elasticsearch
Database table helper class
Primary key validation in dal:validate command

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Features

New internal comment for state machine state history entries

A new internal comment field was added to the state change modal which can be used to add additional information about a state change.
The internal comment is only visible in the administration and not shown to customers.
It can be found in the state machine state history modal (state change modal) on the detail page of an order.

API

Core

Indexing the product's custom fields

Custom fields used in product sorting and product streams, as well as those belonging to apps, are now included when indexing products with Elasticsearch.

Deprecation of increment-based message queue statistics

The increment-based message queue statistics system is deprecated and will be removed in v6.8.0.0.

What's changing:

The Administration notification center will no longer show indexing progress notifications (e.g., "X products will be indexed")
API endpoint GET /api/_info/queue.json is deprecated - use GET /api/_info/message-stats.json instead

Deprecated configuration options:

shopware.admin_worker.enable_queue_stats_worker
shopware.increment.message_queue

Deprecated code:

IncrementGatewayRegistry::MESSAGE_QUEUE_POOL constant
Increment-based handling in MessageQueueStatsSubscriber::onMessageHandled()

Why?
The increment-based statistics were often inaccurate due to hardcoded multipliers and missing decrements in edge cases. The replacement functionality was introduced in https://github.com/shopware/shopware/pull/8698

Immediate disable:
To disable the deprecated functionality before v6.8.0.0:

shopware:
    admin_worker:
        enable_queue_stats_worker: false

Internal product streams

A new boolean field internal has been added to product streams with a default value of false.
This allows you to mark product streams as internal for system or plugin use, preventing them from appearing in merchant-facing selection lists throughout the Administration (e.g., in categories, cross-selling, CMS elements, or sales channels).

Use this feature when you need to create product streams programmatically that should not be modified or selected by shop administrators.

Database table helper class

A new helper class \Shopware\Core\Framework\Util\Database\TableHelper was introduced,
which could be used to check the table for existence, columns, indexes, and foreign keys.

Deprecation of helper methods in `\Shopware\Core\Framework\DataAbstractionLayer\Dbal\EntityDefinitionQueryHelper`

As consequence of the introduction of the new table helper class following methods are deprecated and will be removed with the next major version:

\Shopware\Core\Framework\DataAbstractionLayer\Dbal\EntityDefinitionQueryHelper::columnExists
\Shopware\Core\Framework\DataAbstractionLayer\Dbal\EntityDefinitionQueryHelper::columnIsNullable
\Shopware\Core\Framework\DataAbstractionLayer\Dbal\EntityDefinitionQueryHelper::tableExists

Migration generator improvements

The migration generator previously used a fixed format: fk.<table-name>.<column> for foreign key names.
Doctrine does not support this format and creates broken migrations; therefore, we changed to the format fk__<table-name>__<column> for foreign key names.

Also, the generator now sets CASCADE DELETE on foreign keys for the translation table references.

CategoryIndexer selective indexing optimization

The CategoryIndexer now skips tree/child-count updaters when parentId hasn't changed, and breadcrumb updater when name hasn't changed. All updaters still run for INSERT and DELETE operations.

Updated `doctrine/dbal` dependency

The doctrine/dbal dependency was updated to the new 4.4 minor version.
They introduced many deprecations, especially in the SchemaManager tool, which also might affect you.
Read more about it in their upgrade guide.

Primary key validation in `dal:validate` command

The dal:validate command now includes validation to detect mismatches between database PRIMARY KEY constraints and entity definition PrimaryKey flags.
This validation prevents silent failures where queries return correct total counts but empty data arrays due to entity hydration failures caused by inconsistent primary key definitions.
When a mismatch is detected, the command provides a clear error message indicating which fields differ between the database schema and the entity definition.

Deprecation of default value for `serializer` in `#[Serialized]` field attribute

When you use #[Serialized] field in your attribute entity you should always pass the serializer explicitly, as the default serializer does not work as expected.
Additionally, the SerializerField will become internal in the next major release, as that field should be only used for attribute entities, but never directly in classic EntityDefinitions.

Administration

Product detail variants: `configSettingGroups` as computed and deprecations

In sw-product-detail-variants, the following changes were made:

configSettingGroups (now computed): Previously a data() property set by loadConfigSettingGroups(). It is now a computed property derived from productEntity.configuratorSettings and groups.
loadConfigSettingGroups() (deprecated): Marked as @deprecated tag:v6.8.0. It will be removed in 6.8.0 without replacement.

Deprecation of `items` prop in `sw-entity-listing` component

The items prop in the sw-entity-listing component has been deprecated and will be removed in v6.8.0.
Please use the dataSource prop instead to align with the parent sw-data-grid component.

Before (deprecated):

<sw-entity-listing
    :items="entityList"
    :repository="entityRepository"
    :columns="columns"
/>

After (recommended):

<sw-entity-listing
    :data-source="entityList"
    :repository="entityRepository"
    :columns="columns"
/>

The component will continue to work with the items prop for backward compatibility, but you will see a deprecation warning in the browser console.

Notification translations now update when language changes

Notifications now store translation keys directly in their title and message fields instead of translating them immediately.
The template checks if the text is a translation key and translates it reactively, allowing notifications to update automatically when the user changes the interface language.

Help text support for color picker custom fields

The color picker type for custom fields now supports adding a help text. When creating or editing a custom field of type "Colorpicker" in Settings > Content > Custom fields, you can now specify a help text that will be displayed to users in the Administration.

`sw-select-base` clearable button default behavior changed

The showClearableButton prop in sw-select-base now defaults based on the required attribute:

When required is false or not set: clearable button is shown by default
When required is true: clearable button is hidden by default

Previously, the clearable button was always hidden by default (showClearableButton: false).

Migration: If you relied on the previous behavior where the clearable button was hidden by default, explicitly set :show-clearable-button="false" on your select components.

Storefront

Selling and packaging information in the product detail page

Display the selling and packaging information with the product that has advanced pricing.
Deprecated block buy_widget_price_unit and it childrens in Resources/views/storefront/component/buy-widget/buy-widget-price.html.twig, will be moved into Resources/views/storefront/component/buy-widget/buy-widget.html.twig.

Default theme breakpoints now available in theme config

The default layout breakpoints in the Storefront were hard-coded before and couldn't easily be overriden. Now you will find new theme config fields in the default config, which serve as the default values. The fields are hidden in the visual configuration, so they serve as a feature for theme developers for now. You can override the following config fields in your custom theme.json file to change the default breakpoints. The fields are mapped to the existing hard-coded configuration. The configuration is only passed in Twig and JS currently and there is no direct usage in SCSS, as they represent the Bootstrap default breakpoints. If you want to make a full override, you can simply configure the Bootstrap breakpoints in your custom SCSS and use the theme config values for that.

sw-breakpoint-xs
sw-breakpoint-sm
sw-breakpoint-md
sw-breakpoint-lg
sw-breakpoint-xl
sw-breakpoint-xxl

Make static alerts announced in the screenreader

Static alert boxes that are rendered in the DOM on page load were previously not read out by screenreaders.
The role="alert" did not have an effect. Only role="alerts" added to the DOM by JavaScript were read out.

To solve the screenreader issue with static alerts, we introduced a new parameter announceOnLoad.
When announceOnLoad is set to true, the alert box content will be announced in the screenreader right after the page is loaded.
The alert box will apply an additional JavaScript plugin that attempts to trigger the screenreader.
This is done by changing the DOM within the aria-live region after a short delay, which tells the screenreader to read it.

{% sw_include '@Storefront/storefront/utilities/alert.html.twig' with {
    type: "primary",
    content: "An important message on initial page load",
    announceOnLoad: true
    ariaLive: 'assertive' {# Define the priority of the alert #}
} %}

App System

Fixed custom headers for app flow action webhooks in async mode

Custom headers defined in app flow action configurations are now correctly sent when webhooks are processed asynchronously via message queue (when admin_worker is disabled). Previously, these headers were only sent when admin_worker was enabled (synchronous processing).

Hosting & Configuration

Deprecated HTTP cache reverse proxy configuration

The following HTTP cache reverse proxy configuration options have been doing nothing since 6.7.0.0 and are therefore now deprecated. They will be removed in version 6.8.0.0:

shopware.http_cache.reverse_proxy.use_varnish_xkey
shopware.http_cache.reverse_proxy.ban_method
shopware.http_cache.reverse_proxy.ban_headers
shopware.http_cache.reverse_proxy.purge_all
- shopware.http_cache.reverse_proxy.purge_all.ban_method
- shopware.http_cache.reverse_proxy.purge_all.ban_headers
- shopware.http_cache.reverse_proxy.purge_all.urls

If you are currently using any of these options, you can safely remove them from your configuration.

Configurable Elasticsearch shard and replica counts

The number_of_shards and number_of_replicas settings for Elasticsearch indices are now configurable via environment variables instead of being hardcoded.

For the Storefront/Store API Elasticsearch:

SHOPWARE_ES_NUMBER_OF_SHARDS (default: empty, meaning Elasticsearch default)
SHOPWARE_ES_NUMBER_OF_REPLICAS (default: empty, meaning Elasticsearch default)

For the Admin Elasticsearch:

SHOPWARE_ADMIN_ES_NUMBER_OF_SHARDS (default: 3, will also be empty with next major)
SHOPWARE_ADMIN_ES_NUMBER_OF_REPLICAS (default: 3, will also be empty with next major)

Critical Fixes

Session deadlock fix for file-based sessions

A new configuration option shopware.cache.disable_stampede_protection has been added to prevent deadlocks when using file-based sessions with Symfony's cache stampede protection.

Problem: A deadlock (ABBA pattern) can occur when:

Process 1: Acquires Session File Lock → Needs Cache → Tries to acquire Cache Lock
Process 2: Acquires Cache Lock (stampede protection) → Needs Session → Tries to acquire Session File Lock

Solution: Set shopware.cache.disable_stampede_protection: true in your configuration to disable file-based cache locking when file-based sessions are in use.

shopware:
    cache:
        disable_stampede_protection: true

Note: This is an opt-in fix for environments where Redis is not available. Using Redis for both sessions and cache is the recommended solution. Disabling stampede protection may increase database load under high concurrency when cache entries expire.

What's Changed

fix: sw-grid spacer by @larskemper in https://github.com/shopware/shopware/pull/14408
fix: Required fields can not be saved with empty value by @rittou in https://github.com/shopware/shopware/pull/14479
fix: migration generator to use unique fk names by @shyim in https://github.com/shopware/shopware/pull/14406
refactor: login meteor tokens & add proper sso button by @larskemper in https://github.com/shopware/shopware/pull/14363
fix: display selling and packaging information in pdp with product has advanced pricing by @rittou in https://github.com/shopware/shopware/pull/14524
fix: Release date input is vertically misaligned on Admin product detail page by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14528
fix: Google reCAPTCHA input visibility and error handling by @mdanilowicz in https://github.com/shopware/shopware/pull/14548
fix: Partial entity loading with nested association by @mitelg in https://github.com/shopware/shopware/pull/14536
fix: DateRangeRule empty timezone by @aragon999 in https://github.com/shopware/shopware/pull/14492
fix: allow empty field for product measurement by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14547
fix: update router link for user edit context menu item in user listing component by @jleifeld in https://github.com/shopware/shopware/pull/14559
fix: Image zoom modal touch gestures by @Phil23 in https://github.com/shopware/shopware/pull/14550
fix: random deadlocks when file session handler is used by @h1k3r in https://github.com/shopware/shopware/pull/14474
fix: error during offline theme compilation by @h1k3r in https://github.com/shopware/shopware/pull/14543
fix: optimize default product seo category selection by @lacknere in https://github.com/shopware/shopware/pull/14461
fix: Subtotal element styling by @rittou in https://github.com/shopware/shopware/pull/14572
fix: tax rate is inconsistent with variant products by @rittou in https://github.com/shopware/shopware/pull/14596
fix: flaky BasicConsentBannerAcceptAllCookies.spec.ts in SaaS by @yusufttur in https://github.com/shopware/shopware/pull/14603
fix: Profiler: use $title as key in start() so it will correctly be unset in stop() by @daniel-memo-ict in https://github.com/shopware/shopware/pull/14019
fix: skip VariantProductListingPriceVisibility.spec.ts in SaaS by @yusufttur in https://github.com/shopware/shopware/pull/14609
feat: general consent system by @AydinHassan in https://github.com/shopware/shopware/pull/14031
fix(storefront-js): JS errors in CmsGdprVideoElement by @tobiasberge in https://github.com/shopware/shopware/pull/14549
refactor: change unit price and total price from int to double by @FlorianKe in https://github.com/shopware/shopware/pull/14192
feat: Introduce database table helper by @mitelg in https://github.com/shopware/shopware/pull/14277
fix: fallback on invalid locale in twig number format filters by @keulinho in https://github.com/shopware/shopware/pull/14637
refactor: migrate from sw-modal to mt-modal in sw-media-modal-v2 by @gweiermann in https://github.com/shopware/shopware/pull/14556
refactor!: set default behavior of showClearableButton to true by @gweiermann in https://github.com/shopware/shopware/pull/14591
fix: add help text to custom field color picker configuration by @gweiermann in https://github.com/shopware/shopware/pull/14584
fix: added a new block outside if by @En0Ma1259 in https://github.com/shopware/shopware/pull/14504
feat: Add internal column for product stream table by @phuoccx in https://github.com/shopware/shopware/pull/14458
fix: reset document selection state between bulk edits by @vintagesucks in https://github.com/shopware/shopware/pull/14618
refactor: notification center by @larskemper in https://github.com/shopware/shopware/pull/14597
fix: newsletter settings by @larskemper in https://github.com/shopware/shopware/pull/14418
feat: update notification handling to support translation keys by @jleifeld in https://github.com/shopware/shopware/pull/14590
fix: app flow actions custom headers are not sent by @h1k3r in https://github.com/shopware/shopware/pull/14617
fix: entitylisting component mismatch with parent data grid component by @jleifeld in https://github.com/shopware/shopware/pull/14601
fix: Product Stream should have default value for internal field by @silverDuy in https://github.com/shopware/shopware/pull/14662
fix: register all twig extensions in DI container by @keulinho in https://github.com/shopware/shopware/pull/14546
fix: disable meteor fields is now working in system config by @jleifeld in https://github.com/shopware/shopware/pull/14639
fix: build price definition by @rittou in https://github.com/shopware/shopware/pull/14652
fix: elasticsearch requirement in core bundle by @shyim in https://github.com/shopware/shopware/pull/14696
fix: add missing product heading cms element snippets by @lacknere in https://github.com/shopware/shopware/pull/14714
fix: getAddress inAddressDetailPageLoader by @gecolay in https://github.com/shopware/shopware/pull/14718
fix: respect invoice selection in credit notes by @vintagesucks in https://github.com/shopware/shopware/pull/14668
fix: exception typo by @En0Ma1259 in https://github.com/shopware/shopware/pull/14743
fix: order edit loading by @keulinho in https://github.com/shopware/shopware/pull/14745
fix: Add default language to ui by @alexdumea in https://github.com/shopware/shopware/pull/14429
fix: Sales channel bound customer logout issue by @Phil23 in https://github.com/shopware/shopware/pull/14574
fix: JS plugin initialization in async content by @Phil23 in https://github.com/shopware/shopware/pull/14557
feat: Update doctrine/dbal and fix deprecations by @mitelg in https://github.com/shopware/shopware/pull/13911
fix: conditionally hide product selection cms inherit wrapper as a whole in buy box cms element by @lacknere in https://github.com/shopware/shopware/pull/14734
feat(cms-video): Add CMS video block and element by @marcelbrode in https://github.com/shopware/shopware/pull/14239
fix(snippet-sets): Toggle inlineEdit after snippet set creation by @marcelbrode in https://github.com/shopware/shopware/pull/14773
feat(consent): Add ACL check to consents by @SebastianFranze in https://github.com/shopware/shopware/pull/14761
feat(consent): Remove all consents during staging setup by @SebastianFranze in https://github.com/shopware/shopware/pull/14751
feat(product-analytics): Load consents in Admin by @SebastianFranze in https://github.com/shopware/shopware/pull/14010
fix: handle uncaught errors during customer deletion by @Aliaaaam in https://github.com/shopware/shopware/pull/14760
feat: introduce dependabot for ATS by @frobel in https://github.com/shopware/shopware/pull/14460
feat: provide field description in entity schema by @larskemper in https://github.com/shopware/shopware/pull/14748
fix(storefront): resolve base url without index.php script name by @SpiGAndromeda in https://github.com/shopware/shopware/pull/14769
fix: remove deprecated assert active option by @frobel in https://github.com/shopware/shopware/pull/14799
fix: Upgrade dompdf to 3.1.4 to fix PHP 8.5 issues by @gecolay in https://github.com/shopware/shopware/pull/14766
fix: improve pagination and filter behavior by @davidtraum in https://github.com/shopware/shopware/pull/14588
feat: add disposal of quickview in sw-model-viewer by @feliopterix in https://github.com/shopware/shopware/pull/14810
feat: auto merge downstream PRs by @keulinho in https://github.com/shopware/shopware/pull/14650
fix: Change allowed_types default value to match config file by @JoshuaBehrens in https://github.com/shopware/shopware/pull/14762
fix(customer): prevent failure when customer language is missing from sales channel by @Aliaaaam in https://github.com/shopware/shopware/pull/14772
fix(a11y): alerts on initial page load not read by screenreader by @tobiasberge in https://github.com/shopware/shopware/pull/14575
fix: shop logo size when using smaller viewports in checkout by @pt1602 in https://github.com/shopware/shopware/pull/14448
feat: Add FileLoader methods to load media files from MediaEntity by @alexdumea in https://github.com/shopware/shopware/pull/14480
fix: translate notification titles by @vintagesucks in https://github.com/shopware/shopware/pull/14808
refactor: replace schema introspection patterns with tablehelper methods by @SpiGAndromeda in https://github.com/shopware/shopware/pull/14642
fix: changing variant in buybox on shopping experience by @pt1602 in https://github.com/shopware/shopware/pull/14165
fix: navigation-flyout-col to use 3 or 4 column depending on media by @BrocksiNet in https://github.com/shopware/shopware/pull/14510
feat: Add prompt=login to SSO redirect by @mitelg in https://github.com/shopware/shopware/pull/14783
fix: product-slider cms element navigationArrows config by @lacknere in https://github.com/shopware/shopware/pull/14688
fix: Google reCAPTCHA base plugin initialization and form validation feedback with multiple forms by @lacknere in https://github.com/shopware/shopware/pull/14573
fix(notifications): Re-implement rendering of titles by @marcelbrode in https://github.com/shopware/shopware/pull/14843
feat: Make default breakpoints available in theme config by @Phil23 in https://github.com/shopware/shopware/pull/14612
feat: add more precise test for model viewer condition. by @feliopterix in https://github.com/shopware/shopware/pull/14847
fix: Prevent admin search bar render issue with missing order customer by @gecolay in https://github.com/shopware/shopware/pull/14776
feat: add 3D viewer background color support through css. by @feliopterix in https://github.com/shopware/shopware/pull/14875
feat: Refactor empty usage in checkout area to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14812
fix: missing exclude regulation price extension when encoding calculated price by @rittou in https://github.com/shopware/shopware/pull/14874
fix(theme-manager): Ensure general tab to be first in order by @marcelbrode in https://github.com/shopware/shopware/pull/14885
feat: db instant column, phpstan check by @BrocksiNet in https://github.com/shopware/shopware/pull/14545
fix(customer): validate language assignment before creation by @Aliaaaam in https://github.com/shopware/shopware/pull/14836
fix: deleting properties not possible by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14720
feat: Refactor empty usage in tests to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14906
perf: Memoize twig env for script rules by @keulinho in https://github.com/shopware/shopware/pull/14867
fix(breadcrumb): handle null category in buy-widget-form by @BrocksiNet in https://github.com/shopware/shopware/pull/14884
feat: add env vars for opensearch replica shards by @shyim in https://github.com/shopware/shopware/pull/14887
feat: Update rector and add rules for refactoring empty by @mitelg in https://github.com/shopware/shopware/pull/14905
fix: generate variants with empty restrictions by @rittou in https://github.com/shopware/shopware/pull/14660
fix: correct manufacturer link condition check by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14866
fix: integrate sw-upload-listener component for media uploads by @BrocksiNet in https://github.com/shopware/shopware/pull/14883
feat: Add primary key validation to dal:validate command by @BrocksiNet in https://github.com/shopware/shopware/pull/13483
fix: prevent float steps for integer custom fields by @davidtraum in https://github.com/shopware/shopware/pull/14846
fix: only upload playwright html reports if exists by @mkraeml in https://github.com/shopware/shopware/pull/14877
fix: system config card field block by @FlorianKe in https://github.com/shopware/shopware/pull/14687
fix: account register accessibility errors (a11y) by @FlorianKe in https://github.com/shopware/shopware/pull/14207
refactor: fix a11y errors by @FlorianKe in https://github.com/shopware/shopware/pull/14531
fix(media-modal): Fix auto-close of media modal on any click by @marcelbrode in https://github.com/shopware/shopware/pull/14896
fix: correct order date filter by @Aliaaaam in https://github.com/shopware/shopware/pull/14935
feat: Remove caching of SchemaManager in TableHelper by @mitelg in https://github.com/shopware/shopware/pull/14924
fix: load all existing property group in product variants by @rittou in https://github.com/shopware/shopware/pull/14826
feat: Refactor empty usage in administration to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14908
fix: add branch alias for main by @shyim in https://github.com/shopware/shopware/pull/14820
fix: rollback plugin installation on failure by @umutdogan4291 in https://github.com/shopware/shopware/pull/14558
feat: add no unserialize usage rule by @larskemper in https://github.com/shopware/shopware/pull/14936
fix: skip VAT ID validation for non-EU company shipping countries by @Aliaaaam in https://github.com/shopware/shopware/pull/14907
feat: app app url as referer to service list request by @AydinHassan in https://github.com/shopware/shopware/pull/14934
fix: clear cache after creating categories by @keulinho in https://github.com/shopware/shopware/pull/14942
fix: allow disabling autocomplete in single select components by @shyim in https://github.com/shopware/shopware/pull/14827
fix: import export profile mapping disabled position buttons by @lacknere in https://github.com/shopware/shopware/pull/14859
fix(cms-sliders): Adjust image slider/galery styling by @marcelbrode in https://github.com/shopware/shopware/pull/14913
feat: Refactor empty usage in storefront to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14909
fix: Consider SSO correctly while opening the admin user details by @mitelg in https://github.com/shopware/shopware/pull/14939
feat(translations): Added missing languages to download command by @marcelbrode in https://github.com/shopware/shopware/pull/14931
fix: use cookie path in storefront sessions by @umutdogan4291 in https://github.com/shopware/shopware/pull/14599
fix: Fixed media upload in image gallery by @MartinKrzykawski in https://github.com/shopware/shopware/pull/14943
feat: Refactor empty usage in content area to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14815
fix: deprecate noop options in HTTP cache by @shyim in https://github.com/shopware/shopware/pull/14526
feat: add Shopware account login/logout events and small refactor by @AydinHassan in https://github.com/shopware/shopware/pull/14959
fix: correct promotion rule evaluation by @Aliaaaam in https://github.com/shopware/shopware/pull/14962
feat: Add comment column to state_machine_history table by @gecolay in https://github.com/shopware/shopware/pull/13351
fix(Storefront): skip popstate handling for hash-only in product listing by @mkucmus in https://github.com/shopware/shopware/pull/14539
feat: Add presign url generator by @alexdumea in https://github.com/shopware/shopware/pull/14686
fix: use correct path in playwright html upload check by @mkraeml in https://github.com/shopware/shopware/pull/14980
fix: load phpunit config from PR when found by @nfortier-shopware in https://github.com/shopware/shopware/pull/14643
fix: set autofocus true by @En0Ma1259 in https://github.com/shopware/shopware/pull/14957
fix: required field validation by @En0Ma1259 in https://github.com/shopware/shopware/pull/14923
fix: Reading associations via the parent, if the parent has multiple associations of the same type and to the same entity by @mitelg in https://github.com/shopware/shopware/pull/14215
fix: hide TOS setting by @mstegmeyer in https://github.com/shopware/shopware/pull/15001
fix: optimize unused media deletion process to prevent out-of-memory issues by @DrauzJu in https://github.com/shopware/shopware/pull/14865
fix: restore horizontal scroll in flow builder by @vintagesucks in https://github.com/shopware/shopware/pull/14999
feat: Add support for dev containers in VS Code based IDE by @Phil23 in https://github.com/shopware/shopware/pull/15008
refactor(category): replace magic number with navigation depth constant by @SpiGAndromeda in https://github.com/shopware/shopware/pull/14978
fix: Increase total blocking time assertion limit by @davidtraum in https://github.com/shopware/shopware/pull/15005
fix: streamline product creation and assignment in Lighthouse tests by @frobel in https://github.com/shopware/shopware/pull/15015
fix: redirect after finishing first run wizard by @vintagesucks in https://github.com/shopware/shopware/pull/15003
fix: PHP bench data fixture class detection by @phuoccx in https://github.com/shopware/shopware/pull/14525
fix: mt-colorpicker not working in text selection toolbar by @davidtraum in https://github.com/shopware/shopware/pull/14870
fix(a11y): adjust aria-popover roles to announce correct popover content by @tobiasberge in https://github.com/shopware/shopware/pull/14989
fix: Move migration for oauth_user table creation to Core by @astehlik in https://github.com/shopware/shopware/pull/14977
fix: provide id to redirection route after email template header footer creation by @CR0YD in https://github.com/shopware/shopware/pull/14963
fix: Fix SwTwigFunction memory leak in long-running environments by @mateuszfl in https://github.com/shopware/shopware/pull/14582
fix(cms-sliders): Revert - Adjust image slider/galery styling (#14913) by @marcelbrode in https://github.com/shopware/shopware/pull/15059
fix: Reset mode settings when creating new product by @davidtraum in https://github.com/shopware/shopware/pull/14663
fix: Optimize CleanupCorruptedMediaHandler by @MartinKrzykawski in https://github.com/shopware/shopware/pull/15033
fix(storefront): fix hot mode variant switch by @8mylez-dg in https://github.com/shopware/shopware/pull/14918
fix(magnifier): prevent event registration when zoom container is missing by @BrocksiNet in https://github.com/shopware/shopware/pull/15069
fix: Form validation helper setFieldNotRequired by @Phil23 in https://github.com/shopware/shopware/pull/15089
feat: service requirements by @AydinHassan in https://github.com/shopware/shopware/pull/15026
fix: review rating rounding for screen readers by @vintagesucks in https://github.com/shopware/shopware/pull/15075
feat: Refactor empty usage in Elasticsearch to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14967
fix: log message by @AydinHassan in https://github.com/shopware/shopware/pull/15096
feat: Refactor empty usage in migration, maintenance, etc to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14971
feat: Refactor empty usage in checkout, devops and Framework/Adapter to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/15032
feat: Model Editor capabilities by @feliopterix in https://github.com/shopware/shopware/pull/14620
feat: move config defaults into actual config definition by @shyim in https://github.com/shopware/shopware/pull/15031
fix: preserve customer context on order creation in the Administration area by @Aliaaaam in https://github.com/shopware/shopware/pull/15062
fix: country-state-select vatIdRequired type by @lacknere in https://github.com/shopware/shopware/pull/15037
fix: Enhance navigation ID resolution for landing pages by @BrocksiNet in https://github.com/shopware/shopware/pull/14949
feat: Refactor empty usage in System area to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/14968
feat: Refactor empty usage in Framework to prepare its prohibition by @mitelg in https://github.com/shopware/shopware/pull/15042
fix: index used custom fields in product (backport to 6.7.8.x) by @rittou in https://github.com/shopware/shopware/pull/15166
fix: revert fix for storefront session cookie path (#14599) (backport: 6.7.8.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/15175
fix: resolve npm audit failures across all packages (backport: 6.7.8.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/15181
feat: allow to refresh opensearch during cache clear (backport: 6.7.8.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/15184
fix: analytics test when admin loads longer then 3s (backport: 6.7.8.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/15210

New Contributors

@nsaliu made their first contribution in https://github.com/shopware/shopware/pull/14509
@Aliaaaam made their first contribution in https://github.com/shopware/shopware/pull/14760
@8mylez-dg made their first contribution in https://github.com/shopware/shopware/pull/14918

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.7.1...v6.7.8.0

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.13 Bug fix 3mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.7.1 Bug fix 3mo

Minor fixes and improvements.

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

What's Changed

fix: getAddress inAddressDetailPageLoader (backport: 6.7.7.x) by @shopware-octo-sts-app-2[bot] in https://github.com/shopware/shopware/pull/14736
fix: elasticsearch requirement in core bundle (backport: 6.7.7.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/14725
fix: order edit loading (backport: 6.7.7.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/14746

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.7.0...v6.7.7.1

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.12 Breaking risk 3mo

Notable features

Symfony 7.4 update

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.7.0 Breaking risk 4mo

Breaking changes

Custom fields no longer searchable by default
Product states deprecated in favor of product type field

Notable features

Symfony 7.4 upgrade
Product type field replacing states
Media model 3D viewer in Administration

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Features

Symfony 7.4 update

All symfony packages have been updated to version 7.4.
Take a look at the Symfony 7.4 release post for more information.
Especially note that Symfony now requires php-redis extension v6.1 or higher: https://github.com/symfony/symfony/blob/7.4/UPGRADE-7.4.md#cache.
If you note compatibility issues with the Redis extension please check the installed version php-redis.

Changed maintenance mode redirect

After maintenance ends, users are now redirected back to the page they were on before maintenance.
Previously, users were always redirected to the shop homepage.

Support of media paths with up to 2046 characters

Previously the maximum length for media paths was limited to 255 characters (due to default StringField limit) while the
database field already supported up to 2046 characters. This limitation has now been lifted and media paths can be up to
2046 characters long.

Configurable Custom Field Searchability

Custom fields are now not searchable by default. To make a custom field searchable, you need to enable the "Include in search" option in the custom field detail modal when creating or updating a custom field in Settings > System > Custom fields. This change helps optimize index storage size and improve search performance, especially for stores with many custom fields.

Important: When enabling searchability for an existing product custom field, you must rebuild the search index or update the products manually to include the custom field data in search results.

Media Model Viewer

From now on you are able to inspect your 3D models directly in the Media module in the Administration. Simply select a model file and you will find an interactive 3D viewer in the Preview collapsable in the item sidebar on the right. This new component is called sw-model-viewer.

API

Improved tagged based cache invalidation

Next routes now support cache tagging, enabling automatic invalidation when relevant entities are written:

/store-api/breadcrumb/{id}
/store-api/media
/store-api/product/{productId}/find-variant
/store-api/product/{productId}/cross-selling

Core

Rework of DAL query generation for nested filters groups

The DAL criteria builder has been adjusted to generate EXISTS subqueries instead of LEFT JOINs for nested filter groups.

Previously, each level of nested filters resulted in an additional LEFT JOIN, even when the join was only required to check for the existence of a related entity subject to some filter.
In complex criteria trees with multiple filters on the same entity, this led to an exponential explosion of joins and significant performance degradation (e.g., the same table being joined multiple times only to evaluate existence conditions).

An example of this is a query such as "find orders that have a line item of type A and one of type B and one of type C".
According to aadr/2020-11-19-dal-join-filter.md, this would look like:

$criteria->addFilter(
    new EqualsFilter('lineItems.type', 'product'),
    new EqualsFilter('lineItems.type', 'custom'),
    new EqualsFilter('lineItems.type', 'other'),
);

Previously, the generated query would LEFT JOIN order_line_item multiple times onto order, causing the query to be extremely slow. The new EXISTS checks prevent this, making the query much faster.

Introduce Immutable DAL flag

A new Immutable flag is available for Data Abstraction Layer fields. Fields marked as immutable can be set during entity creation but cannot be updated later. This prevents accidental renames of technical identifiers that other subsystems rely on. Core entities now using the flag include:

custom_field.name
custom_field.type
custom_field_set.name

Trying to update these columns now results in a WriteConstraintViolationException with the message The field foo is immutable and cannot be updated., giving developers clear feedback when attempting to change these values.
If the value is not set in the payload, or the value won't change, no exception is thrown.

Performance Improvement for `ProductCategoryDenormalizer`

The SQL Query inside the ProductCategoryDenormalizer has been optimized to run faster, especially on large catalogues.
Previously MySql needed to perform a full table scan based on the where condition, now the result set is already limited by indexed columns.
This lead to performance improvements from up to 3s for the query down to less than 1ms on large catalogues (3000%).

Deprecation of product states in favor of the new product type

The product.states field is deprecated and will be removed in the next major release.
A new field product.type was introduced to clearly indicate whether a product is digital or physical, or other types registered by third-party developers.

As part of this change, the following deprecations were made:

The order_line_item.states field is deprecated in favor of order_line_item.payload.product_type.
\Shopware\Core\Checkout\Cart\LineItem\LineItem::$states is deprecated in favor of \Shopware\Core\Checkout\Cart\LineItem\LineItem::$payload['productType'].
The LineItemProductStatesRule is deprecated in favor of the new LineItemProductTypeRule.
The StatesUpdater service and its related dispatched events (ProductStatesBeforeChangeEvent, ProductStatesChangedEvent) are deprecated.
A new parameter shopware.product.allowed_types was introduced to allow third-party developers to register additional product types.
For more details, please refer to the 2025-11-14-introduce-product-type-and-deprecate-states.md

If you are using the rule LineItemProductStatesRule, product stream filters, or product listing filters that rely on product.states, you should update them to use the new product.type field instead.
If you create digital products using admin api, you should explicitly set the type field to digital when creating new products instead of relying on backend handling.

New `RequestParamHelper`

Symfony deprecated the "magic" Request::get() method, which was used to retrieve parameters from the request, by checking the attribute, query or request parameter bags.
For easier backward compatibilty we backported the old behaviour in the new RequestParamHelper class, however, it should only be used in explicit cases, where the parameter could be in any of those parameter bags.
The best practice is to check the explicit parameter bag, where you expect the parameter to be.
However, as we have a lot of API routes that support being called by GET and POST methods both, the helper is handy in such cases.

Before:

$parameter = $request->get($parameterName, $default);

After:

$parameter = RequestParameterHelper::get($request, $parameterName, $default);

To provide full backward compatibility, the helper currently also checks the attribute bag for the parameter first.
However, it should be possible to strictly differentiate between request attributes (which are generally controlled and set by the application itself) and input parameters (which are provided by the client, and based on how they are passed are either part of the query bag or the request bag) in the future.
Therefore the check of the attribute bag is deprecated and will be removed in the next major release.
When you need to get a value from the request attributes, you should use the Request::attributes->get() method directly.
In case you used to set request attributes to override specific parameters, you should instead overwrite the parametes in the query or request parameter bags directly.

The `TranslationLoader` class is now decoratable

The TranslationLoader class extends from the new AbstractTranslationLoader class and implements the decoratable pattern. This allows third-party developers to decorate the loader to add custom logic when a translation is loaded.

DomainExceptions don't create \RuntimeException anymore

All factory methods for domain exceptions now return specific exception classes instead of creating a generic \RuntimeException.
Changing the type of the thrown exception from \RuntimeException to a specific domain exception is not considered a breaking change, since all Domain Exceptions extend from \RuntimeException.

This means code like this will stay valid:

try {
    $this->someService->willThrowDomainException();
} catch (\RuntimeException $e) {
    // handle exception
}

Additionally all changed factory methods were marked as deprecated, because the \RuntimeException return type will be removed in the next major release.
This affects the following exception factory methods:

DataAbstractionLayerException::cannotBuildAccessor(...)
DataAbstractionLayerException::onlyStorageAwareFieldsAsTranslated(...)
DataAbstractionLayerException::onlyStorageAwareFieldsInReadCondition(...)
DataAbstractionLayerException::primaryKeyNotStorageAware(...)
DataAbstractionLayerException::missingTranslatedStorageAwareProperty(...)
DataAbstractionLayerException::noTranslationDefinition(...)
DataAbstractionLayerException::missingVersionField(...)
DataAbstractionLayerException::unexpectedFieldType(...)
WebhookException::invalidDataMapping(...)
WebhookException::unknownEventDataType(...)

More fine-grained caching control in `HttpCacheCookieEvent`

A new doNotStore property was added to the HttpCacheCookieEvent to allow fine-grained control over caching behavior.
This new property allows preventing the current response from being stored in the cache.
This behaviour differs from the existing ìsCacheable` property, which will also prevent the following requests from that session being cached.

Logging for invalidated cache tags

Added logging for invalidated cache tags at the info level, with the ability to enable or disable the logging via configuration for debugging and transparency.

Removed `CacheInvalidationSubscriber::getChangedPropertyFilterTags` due to performance issues

The getChangedPropertyFilterTags method has been removed from CacheInvalidationSubscriber due to performance issues where it could cause invalidation storms by selecting all product IDs for popular property options.

Changing a property group or option will no longer automatically invalidate product and product list caches. It's recommended to rely on TTLs for bigger shops. If you experience issues after changing a property group, a manual cache clear may be required.

Administration

Deprecations in mail template components

The mail template index will be split into separate tabs for templates and headers/footers in v6.8.0.0.

The following deprecations apply to sw-mail-template-list and sw-mail-header-footer-list:

searchTerm prop and watcher will be removed in v6.8.0.0
getList() method: searchTerm variable will be replaced with this.term in v6.8.0.0
@page-change handler will change to onPageChange in v6.8.0.0

The following deprecations apply to sw-mail-template-index:

The listing mixin will be removed in v6.8.0.0
term data property will be removed in v6.8.0.0
onChangeLanguage method: the if/else block will be replaced with just the if-branch logic in v6.8.0.0

Storefront

Cookie consent now language-aware

The cookie consent banner now tracks cookie configuration per language. Previously, switching languages would cause the cookie banner to reappear because the configuration hash changed due to translated cookie descriptions. Now, switching back to a previously accepted language will not show the banner again.

The Store API endpoint /store-api/cookie-groups now includes a languageId field in the response.

New `window.activeNavigationPathIdList` variable

A new global JavaScript variable window.activeNavigationPathIdList is now available, containing the IDs of parent categories for the current page. This can be used by plugins or themes to implement custom navigation highlighting.

Improved cookie consent dialog UI and accessibility

The cookie consent dialog now uses toggle switches instead of checkboxes for a more modern look. Additionally, accessibility improvements were made by adding proper ARIA attributes (role="switch", aria-disabled, aria-labelledby) and converting links to semantic buttons where appropriate.

HTTP caching policies update

The following changes are relevant when HTTP caching policies feature is enabled (CACHE_REWORK or v6.8.0.0 feature flag):

HTTP caching policy system now takes into account _noStore route attribute to apply no-store directive in Cache-Control header.
Cache-Control header set by policies is sent to the client for all responses, even when no reverse proxy is enabled. Previously, headers were replaced with no-cache when no reverse proxy was configured. Important: Verify your cache policy configuration is appropriate for client-side caching, as browser caches cannot be invalidated on-demand unlike reverse proxies that use tag-based invalidation.

First tap on iOS Safari did not trigger call-to-action buttons on product detail page

Fixes an issue on iOS Safari where the first tap does not trigger the desired action on the product detail page after scrolling over the image gallery.
The touchmove event listener was removed from zoom-modal.plugin.js because it stopped the tap/click event.
A regular click event is used instead to open the Zoom-Modal. The browser itself can determine via the click event if the user is still scrolling or clicking/taping.

Google Analytics 4 Integration Update

The Google Analytics integration has been updated to align with GA4 standards, enhancing e-commerce tracking capabilities.

The event parameters for add_to_cart, begin_checkout, purchase, view_item, and remove_from_cart have been enriched with additional data such as currency, value, item_brand, and a hierarchical item_category structure.
Furthermore, new events for add_to_wishlist, remove_from_wishlist, view_cart, add_shipping_info, and add_payment_info have been implemented to provide a more comprehensive view of user interactions.
The checkout funnel now tracks shipping and payment method selections, including when users change their selections.
The view_item_list and add_to_cart events now fire when users navigate through product listings via pagination or apply filters, not just on initial page load.

New Configuration: Track Offcanvas Cart

A new configuration option Track offcanvas cart has been added to the Sales Channel Analytics settings. When enabled, the view_cart GA4 event will fire whenever the offcanvas cart is opened or its content is updated (e.g., quantity changes, product removals, promotions).

New Configuration: Open Offcanvas Cart After Add to Cart

A new configuration option Open offcanvas cart after adding a product has been added to the Cart settings (Settings → Shop → Cart). This setting is enabled by default. When disabled:

The offcanvas cart will not open automatically after adding items to the cart
A success message will be shown instead
The cart widget in the header will still update to show the new item count

Recommended for accurate funnel tracking: Disable "Open offcanvas cart after adding a product" and enable "Track offcanvas cart". This ensures view_cart events only fire when users intentionally click the cart button, providing accurate funnel metrics.

Critical Fixes

Flash messages are not cached anymore

As soon as a flash message is displayed, the response won't be stored in the HTTP cache anymore, thus preventing the message from being displayed to other users.
Additionally, the cache will be passed as soon as there is a flash message that still needs to be displayed. This ensures that flash messages are always displayed on the next request, and not only on the next request to an uncached page.

What's Changed

fix: cannot disable inheritance of mt-switch field by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14106
fix: added missing get/caching support for LandingPageRoute by @h1k3r in https://github.com/shopware/shopware/pull/14124
feat: add maxPortnumber fallback to support dockware admin watcher port by @crayssnlabs in https://github.com/shopware/shopware/pull/13521
fix: mark translation association as required in attribute entities by @keulinho in https://github.com/shopware/shopware/pull/14145
feat: Allow searching while quicksearch is still loading by @amenk in https://github.com/shopware/shopware/pull/13727
fix: canonical link on paginated pages by @lacknere in https://github.com/shopware/shopware/pull/13568
fix: Allow deletion of primary keys without primary key named id by @JoshuaBehrens in https://github.com/shopware/shopware/pull/13034
feat: introduce immutable flag by @vienthuong in https://github.com/shopware/shopware/pull/13957
fix: adjust StringField length of media path to 2048 by @jenskueper in https://github.com/shopware/shopware/pull/14153
feat: Allow Configuration of Custom Fields to be Searchable by @tamvt in https://github.com/shopware/shopware/pull/14161
fix: Fixes username placeholder text in sw-settings-mailer/.../en.json according to de.json by @JannisMCMXCV in https://github.com/shopware/shopware/pull/14163
fix: Ensure product is included in search keywords by @vanWittlaer in https://github.com/shopware/shopware/pull/13947
fix: Add release information for version 6.7.5.0 by @alvarothomas in https://github.com/shopware/shopware/pull/14016
fix: Mailer SMTP port input field allows floats by @pt1602 in https://github.com/shopware/shopware/pull/14152
fix: shows a full response on error registration by @shyim in https://github.com/shopware/shopware/pull/14140
feat: apply OpenAPI descriptions for Definitions by @bojanrajh in https://github.com/shopware/shopware/pull/13581
fix: rename criteria property in Admin API sync definition by @astehlik in https://github.com/shopware/shopware/pull/14171
fix(snippets): Minor ellipsis fix by @marcelbrode in https://github.com/shopware/shopware/pull/14185
fix: Allow dynamic properties on test struct by @mitelg in https://github.com/shopware/shopware/pull/14177
fix: Update composer to ensure safe version by @mitelg in https://github.com/shopware/shopware/pull/14188
fix: Misleading redis connection configuration by @aragon999 in https://github.com/shopware/shopware/pull/14181
feat: introduce product type by @vienthuong in https://github.com/shopware/shopware/pull/13554
feat: add loading screen to admin (#13902) by @vienthuong in https://github.com/shopware/shopware/pull/14204
fix: remove hard-code path from vite config by @shyim in https://github.com/shopware/shopware/pull/14191
feat: Always create base snippet set by @dgrothaus-sw in https://github.com/shopware/shopware/pull/14097
refactor: split mail template index into tabs by @vintagesucks in https://github.com/shopware/shopware/pull/13908
feat: enhance cookie configuration UI, primary CTAs by @BrocksiNet in https://github.com/shopware/shopware/pull/14076
refactor: flow builder meteor tokens by @larskemper in https://github.com/shopware/shopware/pull/14170
refactor: import export meteor tokens by @larskemper in https://github.com/shopware/shopware/pull/14193
fix: checkPromotion query param in AccountEditOrderPageLoader by @gecolay in https://github.com/shopware/shopware/pull/14195
fix: improve collection phpstan types by @cyl3x in https://github.com/shopware/shopware/pull/13818
fix: accessble payment and shipping method selections on checkout confirm by @cyl3x in https://github.com/shopware/shopware/pull/14095
fix(snippets): Add german snippets by @marcelbrode in https://github.com/shopware/shopware/pull/14223
fix: delete restrict notification message by @nguyenytran in https://github.com/shopware/shopware/pull/14235
fix: Run command in non interactive env by @alexdumea in https://github.com/shopware/shopware/pull/14194
fix(cms-slots): Replace v-show with v-if by @marcelbrode in https://github.com/shopware/shopware/pull/14228
fix: Add release information for version 6.7.6.0 and 6.7.7.0 by @flegarjur in https://github.com/shopware/shopware/pull/14236
feat(google-analytics): Enhance GA4 integration by @BrocksiNet in https://github.com/shopware/shopware/pull/13662
feat: add tag based invalidation to StoreAPI routes by @h1k3r in https://github.com/shopware/shopware/pull/14166
fix(captcha): For loop issue by @BrocksiNet in https://github.com/shopware/shopware/pull/14254
feat: add default address bool to customer address by @mstegmeyer in https://github.com/shopware/shopware/pull/14255
fix: remove settings card border by @larskemper in https://github.com/shopware/shopware/pull/14284
fix: update deprecation message by @En0Ma1259 in https://github.com/shopware/shopware/pull/14278
fix: return selected main variant when displayParent is active by @Alex--C in https://github.com/shopware/shopware/pull/13208
fix: pass resizeWidth property to deprecated sw-popover component by @davidtraum in https://github.com/shopware/shopware/pull/14227
fix: accept inactive customer to customer groups by @FlorianKe in https://github.com/shopware/shopware/pull/14052
fix: add submit button functionality for password recovery by @jleifeld in https://github.com/shopware/shopware/pull/14240
fix: product boxes background color by @pt1602 in https://github.com/shopware/shopware/pull/14162
fix(phpstan): Add iterable types to import/export module by @aragon999 in https://github.com/shopware/shopware/pull/14200
feat(consent): hide-header and remove close on click by @SebastianFranze in https://github.com/shopware/shopware/pull/14309
fix: update i18n snippet handling to ensure reactivity on locale mess… by @jleifeld in https://github.com/shopware/shopware/pull/14212
fix(a11y): remove unnecessary labelledby attribute by @bschulzebaek in https://github.com/shopware/shopware/pull/14281
fix: generate EXISTS conditions instead of left joins for nested filter groups in DAL criteria builder by @timtheisinger in https://github.com/shopware/shopware/pull/14216
feat: Add 3D viewer to Media item sidebar by @ffrank913 in https://github.com/shopware/shopware/pull/14270
fix: Inherited attribute now correctly adds Inherited flag to fields by @matthias-nijland in https://github.com/shopware/shopware/pull/14285
feat: implement cache control headers for administration responses by @jleifeld in https://github.com/shopware/shopware/pull/14222
fix: Improve error handling for plugin config loading by @BrocksiNet in https://github.com/shopware/shopware/pull/14269
fix: include transaction on recalculation by @En0Ma1259 in https://github.com/shopware/shopware/pull/14022
fix: cached pathIdList for active state in main navigation by @BrocksiNet in https://github.com/shopware/shopware/pull/14305
perf: Optimize ArrayFacade reset() and remove() methods by @xndrdev in https://github.com/shopware/shopware/pull/14316
fix: set requestedGroupId to null on change customer group flow action by @dithom in https://github.com/shopware/shopware/pull/14304
fix: Login by review log in form after filtering reviews by @DennisGarding in https://github.com/shopware/shopware/pull/14214
fix: #14332 Filter by id and product_id first in ProductCategoryDenormalizer by @runelaenen in https://github.com/shopware/shopware/pull/14333
fix: update rule updated_at on condition change by @vintagesucks in https://github.com/shopware/shopware/pull/14233
feat: upgrade axios dependency to v1.x with opt-in forward compatibility by @jleifeld in https://github.com/shopware/shopware/pull/14096
fix!: replace StateMachineEntity with StateMachineStateEntity in OrderTransactionCapture by @wexoag in https://github.com/shopware/shopware/pull/14342
fix: LineItemProductType constructor should accept null parameter by @vienthuong in https://github.com/shopware/shopware/pull/14369
fix: flyout navigation correctly closes on mouseleave by @bschulzebaek in https://github.com/shopware/shopware/pull/14351
feat: make find best variant feature as opt-in by @vienthuong in https://github.com/shopware/shopware/pull/13952
fix: visual bugs in after sales by @larskemper in https://github.com/shopware/shopware/pull/14293
fix: Critical dive canvas resize bug. by @ffrank913 in https://github.com/shopware/shopware/pull/14380
feat: add expand button and modal to model-viewer. by @ffrank913 in https://github.com/shopware/shopware/pull/14359
fix: Allow filter zero and negative value for stock by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14365
fix: allow bulk edit stock with negative value by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14371
fix: add watcher to sw-time-ago to update when props change by @communicode-sw-dev in https://github.com/shopware/shopware/pull/14357
fix: theme_runtime_config contains duplicate entries after theme install/uninstall by @h1k3r in https://github.com/shopware/shopware/pull/14318
feat(cookie-consent): Implement per-language cookie consent tracking by @BrocksiNet in https://github.com/shopware/shopware/pull/14264
fix: double slash in path for migration by @shyim in https://github.com/shopware/shopware/pull/14403
feat: use abstract class to make TranslationLoader decoratable by @dgrothaus-sw in https://github.com/shopware/shopware/pull/14398
fix(cookie-consent): remove primary notice, reverted that change by @BrocksiNet in https://github.com/shopware/shopware/pull/14426
fix: TypeError when _httpCache route attribute contains string by @h1k3r in https://github.com/shopware/shopware/pull/14416
feat: add support for ReverseInherited flag in attributed entities by @nickygerritsen in https://github.com/shopware/shopware/pull/14427
fix: Never load unfiltered many-to-many by @keulinho in https://github.com/shopware/shopware/pull/14409
fix: keep mail attachments across flow actions by @vintagesucks in https://github.com/shopware/shopware/pull/14411
fix: transitive dependency for phpseclib/phpseclib by @shyim in https://github.com/shopware/shopware/pull/14452
fix: Do not cache flash messages by @keulinho in https://github.com/shopware/shopware/pull/13983
fix: add missing foreign key name by @shyim in https://github.com/shopware/shopware/pull/14431
feat: Log cache invalidations by @umutdogan4291 in https://github.com/shopware/shopware/pull/14253
feat: only validate immutable fields if value has changed by @vienthuong in https://github.com/shopware/shopware/pull/14422
fix: attribute entities missing with auto configuration by @shyim in https://github.com/shopware/shopware/pull/14401
fix: Improve error handling and validation in plugin:create command by @umutdogan4291 in https://github.com/shopware/shopware/pull/14407
feat: Changed MaintenanceResolver to set current path for the user being redirected afterwards by @tinect in https://github.com/shopware/shopware/pull/14175
fix: Media manager improvements based on feedback by @MartinKrzykawski in https://github.com/shopware/shopware/pull/14273
fix: restore muted tests for NotificationController by @nfortier-shopware in https://github.com/shopware/shopware/pull/14339
fix: attribute fallback for RequestParamHelper by @keulinho in https://github.com/shopware/shopware/pull/14466
fix(SeoUrl): allow filtering for isCanonical or isDeleted by @BrocksiNet in https://github.com/shopware/shopware/pull/14437
fix: use click event in zoom-modal to fix ios safari click issue by @tobiasberge in https://github.com/shopware/shopware/pull/14352
feat: add upload playwright traces to s3 workflow by @frobel in https://github.com/shopware/shopware/pull/14420
fix: caches invalidation performance issues on property changes by @h1k3r in https://github.com/shopware/shopware/pull/14512
fix: helptext and label is shown twice in theme config by @gweiermann in https://github.com/shopware/shopware/pull/14004

New Contributors

@crayssnlabs made their first contribution in https://github.com/shopware/shopware/pull/13521
@jenskueper made their first contribution in https://github.com/shopware/shopware/pull/14153
@JannisMCMXCV made their first contribution in https://github.com/shopware/shopware/pull/14163
@pt1602 made their first contribution in https://github.com/shopware/shopware/pull/14152
@bojanrajh made their first contribution in https://github.com/shopware/shopware/pull/13581
@flegarjur made their first contribution in https://github.com/shopware/shopware/pull/14236
@Alex--C made their first contribution in https://github.com/shopware/shopware/pull/13208
@davidtraum made their first contribution in https://github.com/shopware/shopware/pull/14227
@timtheisinger made their first contribution in https://github.com/shopware/shopware/pull/14216
@matthias-nijland made their first contribution in https://github.com/shopware/shopware/pull/14285
@xndrdev made their first contribution in https://github.com/shopware/shopware/pull/14316
@wexoag made their first contribution in https://github.com/shopware/shopware/pull/14342
@communicode-sw-dev made their first contribution in https://github.com/shopware/shopware/pull/14357
@umutdogan4291 made their first contribution in https://github.com/shopware/shopware/pull/14253

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.6.2...v6.7.7.0

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.7.6.2 Bug fix 4mo

Minor fixes and improvements.

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

What's Changed

fix: update i18n snippet handling to ensure reactivity on locale message changes (backport: 6.7.6.x) by @jleifeld in https://github.com/shopware/shopware/pull/14396
fix: TypeError when _httpCache route attribute contains string (backport: 6.7.6.x) by @h1k3r in https://github.com/shopware/shopware/pull/14430

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.6.0...v6.7.6.2

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.11 Maintenance 4mo

Notable features

Category denormalizer performance improvement
Nested filter group EXISTS subqueries reduce join overhead

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.6.1 Security relevant 4mo

Security fixes

GHSA-7cw6-7h3h-v8pf - map in security extension for array callables

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

What's Changed

GHSA-7cw6-7h3h-v8pf - fix: map in security extension for array callables

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.6.0...v6.7.6.1

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.7.6.0 Breaking risk 4mo

Breaking changes

sw-states and sw-currency handling deprecated; feature flags required for new behavior

Notable features

HTTP caching policies with StoreAPI route support
Email notification on customer password change
Video cover management API endpoint

Full changelog

System requirements

tested on PHP 8.2, 8.4 and 8.5
tested on MySQL 8 and MariaDB 11

Features

HTTP caching rework

Support for HTTP caching policies was added. It allows defining HTTP cache behavior per area (storefront, store_api)
and per route using configuration. The feature is experimental and can be enabled with the CACHE_REWORK feature flag
together with other HTTP caching improvements.
Selected Store API routes were marked as cacheable and now support HTTP caching with Cache-Control headers.

Send email on customer password change

A new flow has been introduced which sends a confirmation email whenever a customer changes their password. This helps to identify any suspicious account activity more quickly.

API

Video cover management `/api/_action/media/{mediaId}/video-cover`

Added endpoint to assign or remove cover images for video media files. Requires media.editor ACL permission.
Accepts coverMediaId (string or null) in request body.
Cover image reference is stored in metaData.video.coverMediaId.
When a cover image is deleted, all video references are automatically cleaned up via VideoCoverCleanupSubscriber.

StoreAPI HTTP caching support

HTTP caching support was added for the following Store API endpoints:

/store-api/breadcrumb/{id}
/store-api/category
/store-api/category/{navigationId}
/store-api/navigation/{activeId}/{rootId}
/store-api/cms/{id}
/store-api/product
/store-api/seo-url
/store-api/country
/store-api/country-state/{countryId}
/store-api/currency
/store-api/language
/store-api/salutation

GET methods and HTTP caching support were added for the following Store API endpoints:

/store-api/media
/store-api/product/{productId}/cross-selling
/store-api/product/{productId}
/store-api/product/{productId}/find-variant
/store-api/product-listing/{categoryId}
/store-api/product/{productId}/reviews
/store-api/search
/store-api/search-suggest

It's intended to work with the new HTTP caching policy system, and should increase performance for cacheable Store API requests.

Store API: compressed criteria parameter support

Criteria can be passed in the GET requests as single query parameter, encoded as JSON -> gzip -> base64url. This allows
sending complex criteria without hitting URL length limits. Also, ProductListingCriteria fields are supported.
Please note that this is a temporary workaround intended to be used until QUERY request method is standardized and supported.
Check the ADR for more details.

Document download `/store-api/document/download/`

The endpoint now selects the document file type based on the Accept header.
When no Accept header is set or with */*, PDF will be returned. (PR #12944)

Core

PHP 8.5 support

Shopware is now fully compatible with PHP 8.5.

Deprecation of `sw-states` and `sw-currency` handling and new way to disable caching

The sw-states and sw-currency handling is deprecated, which means by default the HTTP-Cache will also be active for logged in customers or when the cart is filled in the next major version.
You can opt in to the new behaviour by activating either the v6.8.0.0 (all upcoming breaking changes), PERFORMANCE_TWEAKS (all performance related breaks) or CACHE_REWORK (only the HTTP-Cache related breaks) feature flag.

Due to the rework of the contained rules in the cache hash, this becomes efficiently possible. The complete caching behaviour is now controlled by the sw-cache-hash cookie.

You should rework you extensions to also work with enabled cache for logged in customers and when the cart is filled.
To modify the default behaviour there are several extension points you can hook into, for a detailed explanation please take a look at the caching docs.

The following classes and constants were deprecated as they will not be used anymore:

\Shopware\Core\Framework\Adapter\Cache\Http\CacheStateValidator
\Shopware\Core\Framework\Adapter\Cache\CacheStateSubscriber
\Shopware\Core\Framework\Adapter\Cache\Http\HttpCacheKeyGenerator::SYSTEM_STATE_COOKIE
\Shopware\Core\Framework\Adapter\Cache\Http\HttpCacheKeyGenerator::INVALIDATION_STATES_HEADER
\Shopware\Core\Framework\Adapter\Cache\Http\HttpCacheKeyGenerator::CURRENCY_COOKIE
\Shopware\Core\Framework\Adapter\Cache\CacheStateSubscriber::STATE_LOGGED_IN
\Shopware\Core\Framework\Adapter\Cache\CacheStateSubscriber::STATE_CART_FILLED

Additionally, the following configuration was deprecated:

shopware.cache.invalidation.http_cache

HTTP Caching Policies

Added support for caching policies to define HTTP cache behavior via configuration.

You can now configure named caching policies that define how the Cache-Control header is formed. These policies can be assigned per area (storefront, store_api) and per route. The header controls how caches (browser, reverse proxy, CDN, Symfony cache layer) should cache the response.

The feature is enabled using the CACHE_REWORK feature flag. For more details see the caching policies documentation.

Add recursive assign method to AssignArrayTrait

A new method assignRecursive has been added to Shopware\Core\Framework\Struct\AssignArrayTrait. Along with it, the new Shopware\Core\Framework\Struct\AssignArrayInterface has been introduced.
To make full use of assignRecursive, every class using AssignArrayTrait must also implement the new AssignArrayInterface.
The assignRecursive method enables deeply nested, JSON-serialized data structures - for example, a fully serialized ProductEntity including associations such as properties - to be converted back into a fully populated ProductEntity instance, including all nested Struct and Collection objects.

Note: assignRecursive uses reflection and creates nested struct instances, so it is noticeably slower than the classic shallow assign and is intended for import/export and (re-)hydration scenarios rather than tight, performance-critical loops.

Performance improvements for generating category SEO-Urls

We don't synchronously fetch and generate the SEO-Urls for all child categories anymore.
Instead, we rely on the CategoryIndexer to trigger the re-index of children asynchronously.
This prevents cases where SEO-Urls were generated multiple times for the same category, and thus it considerably improves the performance of category indexing.

Administration

Loading indicator for whole page

When the initial page takes more than two seconds to load, a loading indicator appears instead of a blank page.

Search filter for settings module

In the settings module, there is now a search bar in the top right. It can be used to filter settings based on a search term to quickly find what you need.

Storefront

The email validation supports IDN email addresses

The domain part of email addresses may now contain internationalized domain names (IDN). The Storefront validation will properly check these domains. The form validation in PHP may still deny IDN emails addresses, but the default Shopware forms already allow them.

App System

App Script caching control

As before, app developers can control caching via in app scripts using syntax {% do response.cache.<directive> %}, which map to ResponseCacheConfiguration methods.
Next changes were made to ResponseCacheConfiguration methods:

added sharedMaxAge(seconds) - set shared (reverse proxy/CDN) cache TTL, equivalent to s-maxage cache control directive.
added clientMaxAge(seconds) - set client-side (browser) cache TTL, equivalent to max-age cache control directive. Has effect only if CACHE_REWORK feature flag is enabled.
deprecated maxAge(seconds) - use sharedMaxAge() instead.

Admins can override policies per script using route_policies with route#hook pattern in configuration (see HTTP caching policies description in the Core section).

Hosting & Configuration

Control language analyzer usage in Elasticsearch search queries

A new environment variable SHOPWARE_ES_USE_LANGUAGE_ANALYZER has been added to control whether language-specific analyzers (like sw_english_analyzer, sw_german_analyzer) are used for search queries.

By default (SHOPWARE_ES_USE_LANGUAGE_ANALYZER=1), search queries use the same analyzer as the indexed field, which includes language-specific features like stopword filtering and stemming. This provides broader, more fuzzy search results.

When set to 0 (SHOPWARE_ES_USE_LANGUAGE_ANALYZER=0), search queries use sw_whitespace_analyzer instead, providing less fuzzy search results with fewer matches.

Note: This setting only affects search queries, not indexing. Indexed data continues to use language analyzers for proper tokenization.

Possibility to disable extensions when setting up staging mode

A new config option shopware.staging.extensions.disable was added to allow configuring extensions that should be automatically disabled when the staging mode gets activated via system:setup:staging command.

shopware:
    staging:
        extensions:
            disable: ["TheExtensionName", "AnotherExtensionName"]

Deprecated HTTP cache configuration

SHOPWARE_HTTP_DEFAULT_TTL environment variable.
shopware.http.cache.default_ttl parameter.
shopware.http_cache.stale_while_revalidate parameter.
shopware.http_cache.stale_if_error parameter.

Deprecated parameters will have no effect when CACHE_REWORK feature flag is enabled, and will be removed in 6.8.0.0.

Full list of changes

fix: missing block address_item by @mstegmeyer in https://github.com/shopware/shopware/pull/13640
fix: ManyToMany association of inherited associations by @keulinho in https://github.com/shopware/shopware/pull/13636
fix(snippets): Adjust snippets by @marcelbrode in https://github.com/shopware/shopware/pull/13652
fix: timezone field date range rule by @larskemper in https://github.com/shopware/shopware/pull/13517
feat: Disable configured extensions in the staging mode by @aragon999 in https://github.com/shopware/shopware/pull/12378
feat: Enhance max limit handling in product listing processor by @lx-wnk in https://github.com/shopware/shopware/pull/13399
fix: change native type of usageKey in PromotionDiscountEntity by @schneider-felix in https://github.com/shopware/shopware/pull/13633
fix(media-upload): Fix drag&drop reordering with more than 5 items by @marcelbrode in https://github.com/shopware/shopware/pull/13673
fix: replaced blocking lock in the CacheClearer with throwing exception by @h1k3r in https://github.com/shopware/shopware/pull/13115
fix: reindex product when conflicted mapper introduced by @vienthuong in https://github.com/shopware/shopware/pull/13454
feat(product-analytics): Add sw-settings-usage-data-consent-modal by @SebastianFranze in https://github.com/shopware/shopware/pull/13524
fix: Search keyword input wrong in admin if more keywords added by @nguyenquocdaile in https://github.com/shopware/shopware/pull/13698
fix(storefront): npm audit issue with glob by @patzick in https://github.com/shopware/shopware/pull/13706
refactor: Improve admin performance by @jleifeld in https://github.com/shopware/shopware/pull/13600
feat: add select by row click data-grid option by @larskemper in https://github.com/shopware/shopware/pull/13587
fix: resolve double HTML encoding issue in product descriptions by @BrocksiNet in https://github.com/shopware/shopware/pull/13628
feat: Allow IDN for email addresses by @dgrothaus-sw in https://github.com/shopware/shopware/pull/13615
feat(product-analytics): Hide usage data consent banner if product an… by @SebastianFranze in https://github.com/shopware/shopware/pull/13677
fix: mt-empty-state alignment issues by @alastair-simon in https://github.com/shopware/shopware/pull/13703
fix: Fix product slider with variants in closeout by @lukasrump in https://github.com/shopware/shopware/pull/13653
feat: add warning to order state change flow action by @larskemper in https://github.com/shopware/shopware/pull/13728
fix(security): address axios and node-forge vulnerabilities by @patzick in https://github.com/shopware/shopware/pull/13734
fix: Make doctrine/dbal version narrower by @mitelg in https://github.com/shopware/shopware/pull/13753
fix: Role detail page gets stuck in loading state when sw-verify-user-modal is closed by @SebastianFranze in https://github.com/shopware/shopware/pull/13717
feat: Add indexer queuer for plugin migrations by @mdanierov in https://github.com/shopware/shopware/pull/13646
fix: add missing alt attribute to order mail product images by @vintagesucks in https://github.com/shopware/shopware/pull/13768
fix: custom price fields in rules by @vintagesucks in https://github.com/shopware/shopware/pull/13744
fix: Update ATS for new web installer button name by @dgrothaus-sw in https://github.com/shopware/shopware/pull/13773
feat: elasticsearch tunning by @vienthuong in https://github.com/shopware/shopware/pull/12452
fix: add missing stateMachineState association by @damian-pastorini in https://github.com/shopware/shopware/pull/13667
fix: theme manager tabs not shown in 6.7 by @tobiasberge in https://github.com/shopware/shopware/pull/13767
feat: add action button file type filtering. by @ffrank913 in https://github.com/shopware/shopware/pull/13685
refactor(product-analytics): Create subcomponents out of sw-settings-… by @SebastianFranze in https://github.com/shopware/shopware/pull/13735
fix: require cache hash when cache cookies are set by @keulinho in https://github.com/shopware/shopware/pull/13704
fix: typo in date range rule timezone field css class by @vintagesucks in https://github.com/shopware/shopware/pull/13772
fix: alternative shipping address salutation by @cyl3x in https://github.com/shopware/shopware/pull/13731
fix: improve RedisInvalidatorStorage by @BrocksiNet in https://github.com/shopware/shopware/pull/13669
fix: domain assignment of StorefrontControllers by @mstegmeyer in https://github.com/shopware/shopware/pull/13748
feat: add BeforeSalesChannelContextAssembledEvent by @mstegmeyer in https://github.com/shopware/shopware/pull/13795
fix: date range rule json serialization format by @vintagesucks in https://github.com/shopware/shopware/pull/13791
feat: add delete cart endpoint for storefront by @shyim in https://github.com/shopware/shopware/pull/13701
fix: address empty state by @FlorianKe in https://github.com/shopware/shopware/pull/13676
fix: add missing transactions state machine state association by @damian-pastorini in https://github.com/shopware/shopware/pull/13740
fix: only api aware fields should be selectable in import export prof… by @DennisGarding in https://github.com/shopware/shopware/pull/13660
feat: add new mt-snackbar for media upload status displays by @bschulzebaek in https://github.com/shopware/shopware/pull/13689
feat: Add PHP 8.5 support by @pweyck in https://github.com/shopware/shopware/pull/12709
feat(product-analytics): Hide store data consent if user has no permit by @SebastianFranze in https://github.com/shopware/shopware/pull/13693
feat: Allow node 25 by @aragon999 in https://github.com/shopware/shopware/pull/13665
fix: google product comparison template by @lacknere in https://github.com/shopware/shopware/pull/13619
feat: center empty states in admin by @alastair-simon in https://github.com/shopware/shopware/pull/13836
fix: MariaDB syntax in DELETE statement in ProductSubscriber by @hanneswernery in https://github.com/shopware/shopware/pull/13809
fix: Ensure consistent order of methods and properties in generated documentation by @mitelg in https://github.com/shopware/shopware/pull/13879
feat: apply ngram search for long term by @vienthuong in https://github.com/shopware/shopware/pull/13874
fix: Reset calculated LineItemGroupBuilder results by @En0Ma1259 in https://github.com/shopware/shopware/pull/13865
fix: DownloadResponseGenerator::getResponse in case of using external storage by @flkasper in https://github.com/shopware/shopware/pull/13695
fix: Fix EntityResolverContext code completion for cms extensions by @MartinKrzykawski in https://github.com/shopware/shopware/pull/13774
fix: unskip skipped tests by @frobel in https://github.com/shopware/shopware/pull/13687
fix: Cms element enrichment by @nexxome in https://github.com/shopware/shopware/pull/13871
fix: preserve PDO driverOptions from DSN parameters by @blakesaunders in https://github.com/shopware/shopware/pull/13623
fix: Remove usage of deprecated PDO constants by @mitelg in https://github.com/shopware/shopware/pull/13870
feat: add warning if Dynamic Product Group indexing disable in product stream detail page by @nguyenquocdaile in https://github.com/shopware/shopware/pull/13626
refactor: convert images to webp by @gweiermann in https://github.com/shopware/shopware/pull/13837
fix: Display divergent delivery address in invoice by @DennisGarding in https://github.com/shopware/shopware/pull/13862
fix: limit admin notifications (worker side) by @nfortier-shopware in https://github.com/shopware/shopware/pull/13813
fix(snippets): Adjust quotations + global.default use by @marcelbrode in https://github.com/shopware/shopware/pull/13919
perf: don't fetch child categories in seo url updater by @keulinho in https://github.com/shopware/shopware/pull/13934
fix: Thumbnail "sizes" on PDP can be too small by @Mugentoki in https://github.com/shopware/shopware/pull/13578
fix(sales-channel-products): Exchange sw-empty-state with mt-empty-state by @marcelbrode in https://github.com/shopware/shopware/pull/13938
fix: variant inheritance for release date field by @nguyenquocdaile in https://github.com/shopware/shopware/pull/13944
fix: Do not use newest PHP features in TestBootstrapper by @mitelg in https://github.com/shopware/shopware/pull/13948
fix: flag major changed by @En0Ma1259 in https://github.com/shopware/shopware/pull/13904
fix: Elasticsearch Admin search does not find search terms with more … by @tamvt in https://github.com/shopware/shopware/pull/13819
fix: multiple change rounding error in the sales unit by @vienthuong in https://github.com/shopware/shopware/pull/13932
feat: recursive assign by @En0Ma1259 in https://github.com/shopware/shopware/pull/13551
fix: add filetype param to store api document download by @ennasus4sun in https://github.com/shopware/shopware/pull/12944
fix: convert array to collection by @En0Ma1259 in https://github.com/shopware/shopware/pull/13964
fix(sw-snippet-field): Add input field spacing for icon to not overlap with content by @marcelbrode in https://github.com/shopware/shopware/pull/13935
feat(product-analytics): Add new consent card on usage data page by @SebastianFranze in https://github.com/shopware/shopware/pull/13868
feat(product-analytics): Add user data consent to profile page by @SebastianFranze in https://github.com/shopware/shopware/pull/13863
fix: scroll to checkbox if validation failed by @FlorianKe in https://github.com/shopware/shopware/pull/13341
feat: enable store api routes caching by @h1k3r in https://github.com/shopware/shopware/pull/12370
fix: add asset-css-postprocess-plugin to rewrite asset URLs in CSS by @jleifeld in https://github.com/shopware/shopware/pull/13994
fix: product exports may get stuck permanently by @nguyenytran in https://github.com/shopware/shopware/pull/12977
feat: Add cover image for videos by @alexdumea in https://github.com/shopware/shopware/pull/13718
fix(snippets): Fix honorific prefixes by @marcelbrode in https://github.com/shopware/shopware/pull/13990
fix: add a11y document support to order confirmation emails by @vintagesucks in https://github.com/shopware/shopware/pull/13869
fix: document template inheritance for duplicated themes and headless by @vintagesucks in https://github.com/shopware/shopware/pull/13847
refactor: improve admin loading performance by @jleifeld in https://github.com/shopware/shopware/pull/13798
feat: Add support for compressed _criteria GET parameter by @h1k3r in https://github.com/shopware/shopware/pull/12476
feat: add get method support to non mutating storeapi endpoints by @h1k3r in https://github.com/shopware/shopware/pull/12633
feat: add support of ProductListingCriteria to compressed criteria parameter by @h1k3r in https://github.com/shopware/shopware/pull/13643
fix: infinite loading spinner on quantity change by @FlorianKe in https://github.com/shopware/shopware/pull/13930
fix(eslint): Allow nested feature declarations by @SebastianFranze in https://github.com/shopware/shopware/pull/13984
feat: send email after password change by @FlorianKe in https://github.com/shopware/shopware/pull/13553
feat: Allow disable search language analyzer via env variable by @tamvt in https://github.com/shopware/shopware/pull/13940
fix: adding missing slot setting services by @quando1910 in https://github.com/shopware/shopware/pull/14035
feat: hide tos checkbox optional by @FlorianKe in https://github.com/shopware/shopware/pull/13823
fix: allow selecting read-only properties in import/export profiles by @vintagesucks in https://github.com/shopware/shopware/pull/14069
feat: upgrade dive version. by @ffrank913 in https://github.com/shopware/shopware/pull/14088
feat: add search bar to settings in admin by @gweiermann in https://github.com/shopware/shopware/pull/13927
fix: fix mt-floating-ui visual bugs with major flag by @jleifeld in https://github.com/shopware/shopware/pull/13460
fix: update tests with ChangeStorefrontCurrency() to accommodate 6.6 without ACCESSIBILITY_TWEAKS flag by @ravenokko in https://github.com/shopware/shopware/pull/14078
fix: Fixed media upload in the cms image slider by @MartinKrzykawski in https://github.com/shopware/shopware/pull/14025
fix: allow CalculatedPrice fields in order exports by @vintagesucks in https://github.com/shopware/shopware/pull/14081
fix: migrate the correct delivery to primary_order_delivery_id by @schneider-felix in https://github.com/shopware/shopware/pull/14059
fix: products with no purchase price by @DennisGarding in https://github.com/shopware/shopware/pull/14107
feat: remove light intensity setting. by @ffrank913 in https://github.com/shopware/shopware/pull/14111
feat: add loading screen to admin by @gweiermann in https://github.com/shopware/shopware/pull/13902
fix: list bullet points and numbering invisible in wysiwyg editor by @nguyenquocdaile in https://github.com/shopware/shopware/pull/14090
refactor: confirm term snippet by @FlorianKe in https://github.com/shopware/shopware/pull/14117
fix: remove superfluous entity count validation in breadcrumb builder by @lacknere in https://github.com/shopware/shopware/pull/14093
fix: Use correct collection for state machine state translation entities by @nickygerritsen in https://github.com/shopware/shopware/pull/14066
fix: accessable shipping method label in offcanvas by @cyl3x in https://github.com/shopware/shopware/pull/14094
fix: remove hard-code path from vite config (backport: 6.7.6.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/14210

New Contributors

@mdanierov made their first contribution in https://github.com/shopware/shopware/pull/13646
@blakesaunders made their first contribution in https://github.com/shopware/shopware/pull/13623
@gweiermann made their first contribution in https://github.com/shopware/shopware/pull/13837
@Mugentoki made their first contribution in https://github.com/shopware/shopware/pull/13578

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.5.1...v6.7.6.0

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there ;)

View release on GitHub

v6.6.10.10 Security relevant 5mo

Security fixes

GHSA-6w82-v552-wjw2 - input validation of request parameters in account login page

Full changelog

See the UPGRADE.md for all important technical changes.

GHSA-6w82-v552-wjw2 - fix: input validation of request paramteres in account login page

View release on GitHub

v6.7.5.1 Security relevant 5mo

Security fixes

GHSA-6w82-v552-wjw2 - input validation of request parameters in account login page

Full changelog

What's Changed

GHSA-6w82-v552-wjw2 - fix: input validation of request paramteres in account login page
fix: theme manager tabs not shown in 6.7 (backport: 6.7.5.x) by @shopware-octo-sts-app[bot] in https://github.com/shopware/shopware/pull/13786

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.5.0...v6.7.5.1

View release on GitHub

v6.7.5.0 Breaking risk 6mo

Breaking changes

Removed Shopware\Core\Framework\Changelog namespace - adjust RELEASE_INFO and UPGRADE files manually

Notable features

Tax-free detection now handles B2B and B2C customers separately
Robots.txt rendering with custom User-agent blocks and full standard support
Multiple payment finalize calls via REPEATED_PAYMENT_FINALIZE feature flag

Full changelog

Features

Tax Calculation Logic

The tax-free detection logic if the cart changed to handle B2B and B2C customers separately.
Previously, enabling "Tax-free for B2C" in the country settings also affected B2B customers.
Now, tax rules are applied correctly based on the customer type.

Robots.txt configuration

The rendering of the robots.txt file has been changed to support custom User-agent blocks and the full robots.txt standard.
For a detailed guide on how to use the new features and extend the functionality, please refer to our documentation guide Extend robots.txt configuration.

Scheduled Task for cleaning up corrupted media entries

A new scheduled task media.cleanup_corrupted_media has been introduced.
It detects and removes corrupted media records, such as entries created by interrupted or failed file uploads that have no corresponding file on the filesystem.

API

Add the possibility to specify indexer in context

When you want to specify which indexer should run, you can add the EntityIndexerRegistry::EXTENSION_INDEXER_ONLY extension to the context as follows:

$context->addExtension(EntityIndexerRegistry::EXTENSION_INDEXER_ONLY,
    new ArrayEntity([
        ProductIndexer::STOCK_UPDATER // Only execute STOCK_UPDATER.
    ]),
);

When making a call to the Sync API, specify the required indexer in the header:

curl -X POST "http://localhost:8000/api/_action/sync" \
-H "indexing-only: product.stock" \
#...

Core

Improved Store API OpenAPI documentation with field descriptions

The OpenAPI schema generator for Store API endpoints now includes descriptions for entity fields, making it easier for developers to understand the available fields and their purposes.

Additionally, available associations for each entity are now automatically listed in the OpenAPI operation descriptions, showing developers which relationships can be loaded.

To add descriptions to fields in your custom entity definitions, use the setDescription() method:

(new ManyToOneAssociationField('group', 'customer_group_id',
    CustomerGroupDefinition::class, 'id', false))
    ->addFlags(new ApiAware())
    ->setDescription('Customer group determining pricing and permissions')

Allow overwriting Doctrine wrapperClass on Primary/Replica setups

It's now possible to overwrite the wrapperClass of the Doctrine\DBAL\Connection instance.
This is useful if you want to use e.g. Doctrine MySQL Comeback to automatically reconnect if the MySQL connection is lost.

composer require facile-it/doctrine-mysql-come-back ^3.0

Then specify the wrapperClass in the .env file:

DATABASE_URL=mysql://root:root@database/shopware?driverOptions[x_reconnect_attempts]=5&wrapperClass=Facile\DoctrineMySQLComeBack\Doctrine\DBAL\Connection

Robots.txt parsing

A new Shopware\Storefront\Page\Robots\Parser\RobotsDirectiveParser has been introduced to parse robots.txt files. This new service provides improved error tracking and adds new events for better extensibility.
As part of this change, the constructor for Shopware\Storefront\Page\Robots\Struct\DomainRuleStruct is now deprecated for string parameters. You should use the new parser to create a ParsedRobots object to pass to the constructor instead.

new JWT helper

Added new Shopware\Core\Framework\JWT\SalesChannel\JWTGenerator and Shopware\Core\Framework\JWT\Struct\JWTStruct to build general structure for encoding and decoding JWT.

Added PHP 8.5 polyfill

The new dependency symfony/polyfill-php85 was added, to make it possible to already use PHP 8.5 features, like array_first and array_last

Removal of old `changelog` handling

As we changed how we process and generate changelogs the "old" changelog files are no longer needed.
Therefore, we removed all the internal code used to generate and validate them.
The whole Shopware\Core\Framework\Changelog namespace was removed.
The code is not needed anymore, you should adjust the RELEASE_INFO and UPGRADE files manually instead.

Deprecated the `\Shopware\Core\Framework\Test\TestCaseHelper\ReflectionHelper`

Refection has significantly improved in particular since PHP 8.1, therefore the Shopware\Core\Framework\Test\TestCaseHelper\ReflectionHelper was deprecated and will be removed in the next major release.
See below for the explicit replacements:

- $property = ReflectionHelper->getProperty(MyClass::class, 'myProperty');
+ $property = \ReflectionProperty(MyClass::class, 'myProperty');

- $method = ReflectionHelper->getMethod(MyClass::class, 'myMethod');
+ $method = \ReflectionMethod(MyClass::class, 'myMethod');

- $propertyValue = ReflectionHelper->getPropertyValue($object, 'myProperty');
+ $propertyValue = \ReflectionProperty(MyClass::class, 'myProperty')->getValue($object);

- $fileName = ReflectionHelper->getFileName(MyClass::class);
+ $fileName = \ReflectionClass(MyClass::class)->getFileName();

New constraint to check for existing routes

The new constraint \Shopware\Core\Framework\Routing\Validation\Constraint\RouteNotBlocked checks if a route is available or already taken by another part of the application.

Multiple payment finalize calls allowed

With the feature flag REPEATED_PAYMENT_FINALIZE, the /payment-finalize endpoint can now be called multiple times using the same payment token.
This behaviour will be the default in the next major release.
If the token has already been consumed, the user will be redirected directly to the finish page instead of triggering a PaymentException.
To support this behavior, a new consumed flag has been added to the payment token struct, which indicates if the token has already been processed.
Payment tokens are no longer deleted immediately after use. A new scheduled task automatically removes expired tokens to keep the payment_token table clean.

Added sanitized HTML tag support for app snippets

Added sanitized HTML tag support for app snippets. App developers can now use HTML tags for better formatting within their snippets. The sanitizing uses the basic set of allowed HTML tags from the html_sanitizer config, ensuring that security-related tags such as script are automatically removed.

App custom entity association handling

The behaviour creating associations with custom entities in apps changed.
Now an exception will be thrown if the referenced table does not exist, instead of creating a reference to the non-existing table.

To allow the schema updater to skip creating associations if the referenced table does not exist, improving flexibility and robustness during schema updates, a new optional attribute ignore-missing-reference was added to association types (one-to-one, one-to-many, many-to-one, many-to-many).

Example usage:

<one-to-many name="custom_entity" reference="quote_comment" ignore-missing-reference="true" store-api-aware="false" on-delete="set-null" />

Translatable product manufacturer links

The link property of the product manufacturer entity is now translatable.

Administration

URL restrictions for product and category SEO URLs

When creating a SEO URL for a product or category, the URL is now checked for availability. Before it was possible to override existing URLs like account or maintenance with SEO URLs. Existing URLs are now blocked to be used as SEO URLs.

Refactor filters for the newsletter recipients list.

We now use the <mt-select> instead administration/src/module/sw-newsletter-recipient/component/sw-newsletter-recipient-filter-switch.
Because of that, we deprecate these twig blocks:

sw_newsletter_recipient_list_sidebar_filter_status_not_set
sw_newsletter_recipient_list_sidebar_filter_status_direct
sw_newsletter_recipient_list_sidebar_filter_status_opt_in
sw_newsletter_recipient_list_sidebar_filter_status_opt_out

These blocks will be removed in v6.8.0.0 without replacement. Use the parent blocks instead.
We also deprecate
administration/src/module/sw-newsletter-recipient/component/sw-newsletter-recipient-filter-switch which will be removed with v6.8.0.0 and
administration/src/module/sw-newsletter-recipient/page/sw-newsletter-recipient-list/index.js which will be private in v6.8.0.0.

Storefront

Language selector twig blocks

New extensible Twig blocks layout_header_actions_language_widget_content_inner and layout_header_actions_languages_widget_form_items_flag_inner have been added to the language selector to allow custom flag implementations.

`context.token` is no longer available in twig rendering context

The context.token variable is no longer available in twig rendering context to prevent potential security vulnerabilities. If you need to access the token, consider using alternative methods that do not expose it in the rendered HTML.
Usually inside the Twig storefront there is no need to handle the context token manually, as it is handled automatically via the session handling in the Storefront.

Added specific `add-product-by-number` template

The page_checkout_cart_add_product* blocks inside @Storefront/storefront/page/checkout/cart/index.html.twig are deprecated and a new template @Storefront/storefront/component/checkout/add-product-by-number.html.twig was added.

Instead of overwriting any of the page_checkout_cart_add_product* blocks inside @Storefront/storefront/page/checkout/cart/index.html.twig,
extend the new @Storefront/storefront/component/checkout/add-product-by-number.html.twig file using the same blocks.

Change:

{% sw_extends '@Storefront/storefront/page/checkout/_page.html.twig' %}

{% block page_checkout_cart_add_product %}
    {# Your content #}
{% endblock %}

to:

{% sw_extends '@Storefront/storefront/component/checkout/add-product-by-number.html.twig' %}

{% block page_checkout_cart_add_product %}
    {# Your content #}
{% endblock %}

Hosting & Configuration

Sales Channel Replace URL Command

A new sales-channel:replace:url command was added to replace the url of a sales channel.

bin/console sales-channel:replace:url <previous_url> <new_url>

Changed `CACHE_CONTEXT_HASH_RULES_OPTIMIZATION` feature flag to `CACHE_REWORK`

The CACHE_CONTEXT_HASH_RULES_OPTIMIZATION feature flag was renamed to CACHE_REWORK to better reflect its purpose, as more changes will be toggled by that flag, to enable the new cache behaviour.

To enable the new cache behaviour, set the CACHE_REWORK feature flag to 1 in your .env file:
Before:

CACHE_CONTEXT_HASH_RULES_OPTIMIZATION=1

Now:

CACHE_REWORK=1

To not break plugins that might check for the old flag unnecessarily, the old flag will be kept until the next major release, however, the flag has no effect anymore.

Staging configuration

The disabled delivery check in MailSender now checks for the Staging Mode core.staging, the shopware.staging.mailing.disable_delivery configuration and the config setting shopware.mailing.disable_delivery.
Regardless of mode the config setting shopware.mailing.disable_delivery always allows disabling mail delivery.

Critical fixes

Product weight precision

The database column product.weight now uses DECIMAL(15,6) instead of DECIMAL(10,3) to keep gram-based measurements accurate when values are stored in kilograms.

Full list of changes

refactor: Deprecate the Shopware\Core\Framework\Test\TestCaseHelper\ReflectionHelper by @aragon999 in https://github.com/shopware/shopware/pull/13063
fix: Remove unnecessary PHPStan Symfony command feature by @mitelg in https://github.com/shopware/shopware/pull/13192
fix(theme): ensure theme config directory is created by @BrocksiNet in https://github.com/shopware/shopware/pull/13181
fix: respect errorRoute parameter in captcha failure handler by @BrocksiNet in https://github.com/shopware/shopware/pull/13158
fix: improve select result list sometimes not loading the next page when scrolling to the bottom by @janpetto in https://github.com/shopware/shopware/pull/13037
fix: search in import/export profile mapping modal by @vintagesucks in https://github.com/shopware/shopware/pull/13069
feat: remove datepicker wrapper by @alastair-simon in https://github.com/shopware/shopware/pull/12948
refactor: cleanup after-sales styles by @larskemper in https://github.com/shopware/shopware/pull/12924
fix: #12525 improve url assembling in listing.plugin by @ROBJkE in https://github.com/shopware/shopware/pull/12553
fix: tax free config by @FlorianKe in https://github.com/shopware/shopware/pull/12820
fix: Apply default indentation for composer.json by @mitelg in https://github.com/shopware/shopware/pull/13213
fix: update dive with depth buffer fix. by @ffrank913 in https://github.com/shopware/shopware/pull/13209
fix: Improve PHPStan bootstrapping by @mitelg in https://github.com/shopware/shopware/pull/13202
fix: Add check for supported types by @alexdumea in https://github.com/shopware/shopware/pull/13108
feat: Update PHPStan and its plugins (10-2025) by @mitelg in https://github.com/shopware/shopware/pull/12971
feat: Apply new screen design by @dgrothaus-sw in https://github.com/shopware/shopware/pull/13191
fix: Fix document generation error messages by @lacknere in https://github.com/shopware/shopware/pull/13214
feat(product-analytics): Don't send multiple page change events when query parameters change by @SebastianFranze in https://github.com/shopware/shopware/pull/13203
fix: invalid wording in sw-order-general-info component by @gecolay in https://github.com/shopware/shopware/pull/13239
fix: List/price percentage ratio dynamic product groups not working by @nguyenytran in https://github.com/shopware/shopware/pull/13012
feat: Add save media modal by @quynhnguyen68 in https://github.com/shopware/shopware/pull/12146
fix: Increase precision of product weights by @nguyenytran in https://github.com/shopware/shopware/pull/13245
refactor(tests): simplify cache clearing, retry for needed cookies by @BrocksiNet in https://github.com/shopware/shopware/pull/13174
fix: mark product number as required field by @wannevancamp in https://github.com/shopware/shopware/pull/13269
test: admin sales channel visual test by @ocavli in https://github.com/shopware/shopware/pull/13252
test: update acceptace test readme by @ocavli in https://github.com/shopware/shopware/pull/13264
fix: Remove wrong assert assumption and optimize array types by @mitelg in https://github.com/shopware/shopware/pull/13253
style: adjust sw-grid styles to use meteor tokens by @larskemper in https://github.com/shopware/shopware/pull/13276
fix: clarify demo data command error message by @tripleelectric in https://github.com/shopware/shopware/pull/13221
fix: Special Characters "/" in Search Not Working Even When Added as … by @tamvt in https://github.com/shopware/shopware/pull/13188
fix: Add addtional information to probably breaking change by @mitelg in https://github.com/shopware/shopware/pull/13288
feat: Add generate blocks command to composer.json by @M-arcus in https://github.com/shopware/shopware/pull/13281
refactor: Various PHP code improvements by @aragon999 in https://github.com/shopware/shopware/pull/13286
feat: cms content override indicator by @bschulzebaek in https://github.com/shopware/shopware/pull/12688
feat: allow transaction finalize called multiple times by @FlorianKe in https://github.com/shopware/shopware/pull/13014
feat: Display username in the import/export table by @M-arcus in https://github.com/shopware/shopware/pull/13279
Update cms-element-product-description-reviews.html.twig by @cramytech in https://github.com/shopware/shopware/pull/6487
feat: acceptance test for product analytics by @frobel in https://github.com/shopware/shopware/pull/12992
fix: Cheapest price of variant product applies across sales channels by @tamvt in https://github.com/shopware/shopware/pull/13206
fix: Reset canonical product id on product clone through the administration by @M-arcus in https://github.com/shopware/shopware/pull/13292
feat: Sort sales channel selection options by name in administration by @M-arcus in https://github.com/shopware/shopware/pull/13293
fix: Use specific staging config check for mail delivery by @M-arcus in https://github.com/shopware/shopware/pull/13280
style: convert first run wizard to meteor tokens by @larskemper in https://github.com/shopware/shopware/pull/13291
fix: improve missing entity error message in update-only imports by @vintagesucks in https://github.com/shopware/shopware/pull/13297
fix: increase precision of kg unit to match database schema by @vienthuong in https://github.com/shopware/shopware/pull/13314
feat: add a unique user ID to product analytics by @adrianles in https://github.com/shopware/shopware/pull/12913
build: bump the 12.0.0 ats version by @hienha-sw in https://github.com/shopware/shopware/pull/13243
fix: Always overwrite currency id based on header by @keulinho in https://github.com/shopware/shopware/pull/13304
fix: positioning of partial review stars by @vintagesucks in https://github.com/shopware/shopware/pull/13325
feat: Add new console command to replace the URL of a sales channel by @M-arcus in https://github.com/shopware/shopware/pull/13282
feat: custom fingerprint compare by @AydinHassan in https://github.com/shopware/shopware/pull/13271
feat: Empty Cart product add by @seggewiss in https://github.com/shopware/shopware/pull/13300
build: bump ats version to 12.0.1 by @hienha-sw in https://github.com/shopware/shopware/pull/13344
build: bump ats version to 12.0.1 by @hienha-sw in https://github.com/shopware/shopware/pull/13342
fix: deprecate recurring data struct properties by @cyl3x in https://github.com/shopware/shopware/pull/13326
fix: change sidebars min width by @dfrancos-hub in https://github.com/shopware/shopware/pull/13301
fix: fix measurement system migration test by @vienthuong in https://github.com/shopware/shopware/pull/13375
feat: Allow selecting pack unit for essential characteristics of products by @nguyenquocdaile in https://github.com/shopware/shopware/pull/13382
fix: guest checkout change default address by @FlorianKe in https://github.com/shopware/shopware/pull/13345
fix: review rating stars voiceover by @jozsefdamokos in https://github.com/shopware/shopware/pull/13390
fix: Modify import statements and use raw suffix by @alexdumea in https://github.com/shopware/shopware/pull/13317
feat: Add v6.7.30 and v6.7.4.0 releases by @kermie in https://github.com/shopware/shopware/pull/13354
fix: storefront missing system services (Storefront Analytics / Google Analytics) by @gecolay in https://github.com/shopware/shopware/pull/13401
fix: releases.json was not a valid JSON by @tinect in https://github.com/shopware/shopware/pull/13405
fix: Introduce generic ID structure type to reduce ID checks by @mitelg in https://github.com/shopware/shopware/pull/13334
fix: import export profile search by technical name by @jozsefdamokos in https://github.com/shopware/shopware/pull/13383
feat: convert to Meteor components in dynamic field renderer by @jleifeld in https://github.com/shopware/shopware/pull/13185
refactor: replace imitation token with JWT by @mstegmeyer in https://github.com/shopware/shopware/pull/12828
fix(admin): settings storefront icon size by @FlorianKe in https://github.com/shopware/shopware/pull/13400
feat: remove flag icons by @BrocksiNet in https://github.com/shopware/shopware/pull/13313
fix: Storefront route usage in Core by @mstegmeyer in https://github.com/shopware/shopware/pull/13379
test: update currency-price assertion with formatPrice() function by @ravenokko in https://github.com/shopware/shopware/pull/13356
fix: correct favicon path for administration module by @jleifeld in https://github.com/shopware/shopware/pull/13392
test: unit test ContextGatewayControllerTest is flaky by @nfortier-shopware in https://github.com/shopware/shopware/pull/13442
fix: error messages when removing cms sections by @taltholtmann in https://github.com/shopware/shopware/pull/13428
fix: Allow html tags in app snippets by @MartinKrzykawski in https://github.com/shopware/shopware/pull/13436
fix: guest behavior for address edit by @mstegmeyer in https://github.com/shopware/shopware/pull/13395
fix: blocked shipping method not switched by @FlorianKe in https://github.com/shopware/shopware/pull/13435
feat: Allow specific indexers in EntityIndexerRegistry by @NielDuysters in https://github.com/shopware/shopware/pull/8929
fix: app lifecycle with entity association by @rittou in https://github.com/shopware/shopware/pull/13357
feat: enable Meteor text editor with feature flag in administration by @jleifeld in https://github.com/shopware/shopware/pull/13102
fix: fix wrong display type of svgs by @jleifeld in https://github.com/shopware/shopware/pull/13471
fix: Fix theme manager detail page in 6.8 by @lukasrump in https://github.com/shopware/shopware/pull/13316
feat: robots directive, full robots tag support by @BrocksiNet in https://github.com/shopware/shopware/pull/12998
fix: Remove superfluous service injections by @aragon999 in https://github.com/shopware/shopware/pull/13463
fix: center empty state icon in cross selling page by @nguyenquocdaile in https://github.com/shopware/shopware/pull/13468
fix: Cleanup release info file by @mitelg in https://github.com/shopware/shopware/pull/13437
test: add RuleBuilderCreate test by @GitEvil in https://github.com/shopware/shopware/pull/6803
fix: german mail snippets by @lacknere in https://github.com/shopware/shopware/pull/13480
fix: dont expose context token in twig by @keulinho in https://github.com/shopware/shopware/pull/13272
fix: bump ats to 12.1.3 by @yusufttur in https://github.com/shopware/shopware/pull/13506
fix: bump ats to 12.1.4 by @yusufttur in https://github.com/shopware/shopware/pull/13538
fix: remove deprecated method ignore from GoogleStorageFactory by @shyim in https://github.com/shopware/shopware/pull/13544
fix: Trim spaces from promotion codes by @aragon999 in https://github.com/shopware/shopware/pull/13508
fix: Add missing tooltip on product images in category listing by @diyaa97daoud in https://github.com/shopware/shopware/pull/13425
feat: add a service to check for reserved router URLs by @dgrothaus-sw in https://github.com/shopware/shopware/pull/13309
fix: bump ats to 12.1.5 by @vanpham-sw in https://github.com/shopware/shopware/pull/13557
fix: rule area updater updates many to many associations by @keulinho in https://github.com/shopware/shopware/pull/13533
fix: aria-controls attribute for shipping cost collapse by @quisse in https://github.com/shopware/shopware/pull/13547
fix: Add mt-popover-deprecated wrapper to ignored path by @alexdumea in https://github.com/shopware/shopware/pull/13477
fix: FormFieldToggle plugin breaking with value="false" by @damian-pastorini in https://github.com/shopware/shopware/pull/13520
fix(navbar): Navbar won't hide when passing an item without children by @marcelbrode in https://github.com/shopware/shopware/pull/13525
feat: Added corrupted media cleanup scheduled task by @MartinKrzykawski in https://github.com/shopware/shopware/pull/13535
fix: attribute-value for data-magnifier-options by @digitalgopnik in https://github.com/shopware/shopware/pull/13427
test: flow validation test by @GitEvil in https://github.com/shopware/shopware/pull/8784
fix: Add streamIds field to Elasticsearch product mapping by @timeo-schmidt in https://github.com/shopware/shopware/pull/13153
fix: prevent parameter parsing in criteria titles by @astehlik in https://github.com/shopware/shopware/pull/13573
feat: improve associations documentation in OpenAPI Schema | store-api context by @mkucmus in https://github.com/shopware/shopware/pull/13514
fix: audit issue with glob and js-yaml by @patzick in https://github.com/shopware/shopware/pull/13580
fix: context token in twig by @keulinho in https://github.com/shopware/shopware/pull/13502
fix(cross-selling): Fix transition speed of cross-selling element and make it configurable by @marcelbrode in https://github.com/shopware/shopware/pull/13575
fix: fix multiple sw-single-select issue by @jleifeld in https://github.com/shopware/shopware/pull/13488
feat: add media schema type to LineItem cover property by @mdanilowicz in https://github.com/shopware/shopware/pull/13484
fix: salutation autocomplete (a11y) by @mstegmeyer in https://github.com/shopware/shopware/pull/13576
fix: Adjust EOL because of skipped major release by @keulinho in https://github.com/shopware/shopware/pull/13585
fix: condition list of restricted rules by @mstegmeyer in https://github.com/shopware/shopware/pull/13572
refactor: payment tokens to new JWT structure by @mstegmeyer in https://github.com/shopware/shopware/pull/13519
feat: Change manufacturer link to LongTextField and make translatable by @flkasper in https://github.com/shopware/shopware/pull/13542
feat: ADRs for updated http caching strategy by @h1k3r in https://github.com/shopware/shopware/pull/12541
fix: failing AppAsyncPaymentHandlerTest after JWT refactoring by @mstegmeyer in https://github.com/shopware/shopware/pull/13602
fix: Fix issue that deleting variants in the variant overview does not consider its entries in product_configurator_setting by @tamvt in https://github.com/shopware/shopware/pull/13495
refactor: Replace email recipients filters with mt select by @DennisGarding in https://github.com/shopware/shopware/pull/13536
fix: Allow boolean field types in SCSS validation by @Phil23 in https://github.com/shopware/shopware/pull/13584
fix: expectException instead of catch by @mstegmeyer in https://github.com/shopware/shopware/pull/13608
fix: remove html from plain text mail templates by @DennisGarding in https://github.com/shopware/shopware/pull/13589
feat: allow overwriting wrapperClass on primary/replica mode by @shyim in https://github.com/shopware/shopware/pull/13410
fix: robots.txt on storefront domains by @keulinho in https://github.com/shopware/shopware/pull/13606
fix: document search on order details page by @jozsefdamokos in https://github.com/shopware/shopware/pull/13485
test: add product review visual test by @yusufttur in https://github.com/shopware/shopware/pull/13607
feat: handle description for $ref schemas by @mkucmus in https://github.com/shopware/shopware/pull/13617
feat: add filters to product review module by @shyim in https://github.com/shopware/shopware/pull/13595
fix: Changed default sorting for export to autoIncrement and createdAt if available by @JoshuaBehrens in https://github.com/shopware/shopware/pull/12846
fix: composer removal on uninstall with deactivate by @mstegmeyer in https://github.com/shopware/shopware/pull/13624
fix: number field in individual promotion code generation modal by @mstegmeyer in https://github.com/shopware/shopware/pull/13592

New Contributors

@janpetto made their first contribution in https://github.com/shopware/shopware/pull/13037
@ROBJkE made their first contribution in https://github.com/shopware/shopware/pull/12553
@tripleelectric made their first contribution in https://github.com/shopware/shopware/pull/13221
@cramytech made their first contribution in https://github.com/shopware/shopware/pull/6487
@hienha-sw made their first contribution in https://github.com/shopware/shopware/pull/13243
@kermie made their first contribution in https://github.com/shopware/shopware/pull/13354
@NielDuysters made their first contribution in https://github.com/shopware/shopware/pull/8929
@diyaa97daoud made their first contribution in https://github.com/shopware/shopware/pull/13425
@quisse made their first contribution in https://github.com/shopware/shopware/pull/13547
@digitalgopnik made their first contribution in https://github.com/shopware/shopware/pull/13427
@timeo-schmidt made their first contribution in https://github.com/shopware/shopware/pull/13153
@flkasper made their first contribution in https://github.com/shopware/shopware/pull/13542

Full Changelog: https://github.com/shopware/shopware/compare/v6.7.4.2...v6.7.5.0

View release on GitHub

v6.7.4.2 Bug fix 6mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.4.1 Security relevant 6mo

Security fixes

Password recovery tokens not expiring on email change (GHSA-2w46-vq8h-98vh)

Full changelog

See the UPGRADE.md for all important technical changes.

GHSA-2w46-vq8h-98vh - fix: password recovery not expiring on email change

View release on GitHub

v6.6.10.9 Security relevant 6mo

Security fixes

Password recovery tokens not expiring on email change (GHSA-2w46-vq8h-98vh)

Full changelog

See the UPGRADE.md for all important technical changes.

GHSA-2w46-vq8h-98vh - fix: password recovery not expiring on email change

View release on GitHub

v6.7.4.0 Bug fix 7mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.6.10.8 Bug fix 7mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.3.1 Security relevant 7mo

Security fixes

Media visibility restriction bypass (GHSA-m895-2hj3-8cg9)
CSV export sensitive data exposure (GHSA-27c9-vp3w-6ww8)
Order invoice SSRF (GHSA-3cpp-fv95-mpr5)

Full changelog

See the UPGRADE.md for all important technical changes.

GHSA-m895-2hj3-8cg9 - fix: Reading media entities by aggregating fields individually bypasses MediaVisibilityRestrictionSubscriber
GHSA-27c9-vp3w-6ww8 - fix: Exposure of sensitive user information via CSV export mapping
GHSA-3cpp-fv95-mpr5 - fix: Server-Side Request Forgery (SSRF) - order invoice
GHSA-6wh5-mw9h-5c3w - fix: Path traversal via Plugin upload
GHSA-r2vg-hvjm-fg38 - fix: Customer Orders can be canceled, even if refunds are disabled
shopware/shopware#12576 - getAllCodes returns only string array
shopware/shopware#12075 - Admin es search for "document number" doesn't return any results
shopware/shopware#12363 - missing product rule filter
shopware/shopware#12472 - cast XML config values for Length constraint to int to prevent type errors
shopware/shopware#12489 - deletion of active customer address
shopware/shopware#12979 - compatibility with OpenSearch 3.x

View release on GitHub

v6.6.10.7 Security relevant 7mo

Security fixes

Media visibility restriction bypass (GHSA-m895-2hj3-8cg9)
CSV export sensitive data exposure (GHSA-27c9-vp3w-6ww8)
Order invoice SSRF (GHSA-3cpp-fv95-mpr5)

Full changelog

See the UPGRADE.md for all important technical changes.

GHSA-m895-2hj3-8cg9 - fix: Reading media entities by aggregating fields individually bypasses MediaVisibilityRestrictionSubscriber
GHSA-27c9-vp3w-6ww8 - fix: Exposure of sensitive user information via CSV export mapping
GHSA-3cpp-fv95-mpr5 - fix: Server-Side Request Forgery (SSRF) - order invoice
GHSA-6wh5-mw9h-5c3w - fix: Path traversal via Plugin upload
GHSA-r2vg-hvjm-fg38 - fix: Customer Orders can be canceled, even if refunds are disabled
#6912 - fix: require with minimum-stability stable (fixes: #6912) (#6914)
#6960 - ci: skip downstreams in case of no write perms (fixes: #6960) (#6985)
#9031 - ci: reenable 6.6.0.0 update (fixes #9031)[6.6.x] (#9248)
#9851 - feat: implement event on Sitemap Generation, closes #9851 [6.6.x] (#9968)

View release on GitHub

v6.7.3.0 Mixed 8mo

Notable features

Commands to schedule and disable scheduled tasks
Design tokens in smart bar and review module
Dark mode support for sidebar and select components

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.2.2 Bug fix 8mo

Minor fixes and improvements.

Full changelog

We've fixed the following issues

View release on GitHub

v6.7.2.1 Security relevant 8mo

Security fixes

Properly escape active route params (GHSA-9v82-vcjx-m76j)

Full changelog

This security release fixes one security issue of severity high and one regular issue

View release on GitHub

v6.7.2.0 Breaking risk 9mo

Notable features

Command to download and install translations
Storefront routes without prefix support
Soft purge HTTP cache functionality

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.1.2 Bug fix 10mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.1.1 Bug fix 10mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.1.0 Breaking risk 10mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.6.10.6 Bug fix 10mo

Minor fixes and improvements.

Full changelog

View release on GitHub

v6.7.0.1 Bug fix 11mo

Minor fixes and improvements.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

v6.7.0.0 Breaking risk 11mo

Breaking changes

Vue 2 compatibility removed
Webpack replaced with Vite build system
Store-API route caching removed; ESI introduced

Notable features

Vue 3 full support with Pinia state management
Meteor Component Library adoption
Cache system rework

Full changelog

Shopware 6.7.0.0

This major release introduces significant technical improvements, cleanup of deprecated features, upgraded accessibility changes and impactful changes for long-term platform stability. After a RC validation period in different phases, the 6.7 release is now production-ready for self-hosted environments.

Highlights

Vue 3 is now fully supported in the administration. The compatibility layer has been removed, and Pinia replaces Vuex for state management.
Webpack has been replaced with Vite for the administration build process, improving performance and DX.
Storefront and Admin templates have been migrated to the Meteor Component Library. Several legacy components have been deprecated or removed.
The cache system has been reworked. Store-API route caching has been removed, and ESI was introduced for more precise cache control.
Native type declarations have been added to PHP class properties across the platform.
Multiple core libraries were upgraded: DBAL 4.x, PHPUnit 11.x, Dompdf 3.x, oauth2-server 9.x.
The OAuth token request flow is now spec-compliant. The /api/oauth/authorize endpoint has been removed.
Accessibility improvements have been made across the admin UI in preparation for the European Accessibility Act (EAA).

Deprecation Cleanup

6.7 finalizes the deprecation removals that were scheduled during the 6.6 lifecycle. Please refer to the Upgrade Guide for detailed migration instructions.

Upgrade Considerations

Plugin and app developers should test compatibility, particularly with the Vue 3 and Vite changes.
Private apps and themes may require additional review due to internal API and caching adjustments.
Redis configuration and Varnish now rely on updated modules. See the hosting section in the upgrade guide.

Additional Resources

Upgrade Guide

Developer Changelog

The changes introduced between RC5 and the final release were limited to bug fixes and minor adjustments. No additional breaking changes were introduced after RC5.

View release on GitHub

v6.6.10.5 Bug fix 11mo

Fixed 29 bugs across search, checkout, analytics, and storefront.

Full changelog

See the UPGRADE.md for all important technical changes.

View release on GitHub

All releases

System requirements

Features

[Experimental] Agentic Commerce sales channel

API

Per-user and per-IP rate limiters for login and OAuth

Price schemas now describe percentage and reference price fields

Core

Product display_group values use SHA-256

"Find best variant setting" is now applied for storefront filtering

Deprecation of permisionsLocked property of SalesChannelContext

Salutation ordering

Deprecated non-used MAIL_TEMPLATE_SALES_CHANNEL_*_EVENT constants

JSONL product export format

[Experimental] Agentic Commerce product export provider abstraction

Administration

[Internal] Twig to Native Block Runtime Adapter

Fixed mixin-based route guards for lazy-loaded administration routes

Re-render iframe integrations when location changes

Internal comments visible in the order list

[Experimental] Agentic Commerce sales channel views and tracking entities

Storefront

Order cancellation only shown for open orders

Earlier focus for cookie bar

Live purchase limits for closeout products on the product detail page

GLTF Animations

Show child line items if available

App System

App requirements validation

Hosting & Configuration

Possibility to disable product search keyword indexing

What's Changed

New Contributors

Get in touch

System requirements

What's Changed

Get in touch

System requirements

Features

Default CMS page ID now persisted for categories

New internal comment for state machine state history entries

Use JSON-LD format for Structured Data

Extending the schema templates

[Experimental] Use OpenSearch for Admin API searches

Online revocation request form

External media thumbnail support

Support of long-running MySQL connections

System config overrides in staging mode

API

Minimum value constraints added to quantity fields in ProductPriceDefinition

Deprecation of newsletter route methods

OpenAPI enums via DAL Choice flag

Deprecated /api/_action/mail-template/validate route

Core

Changed behaviour of default fields in EntityDefinition

Product stream deletion is blocked while product exports exist

Reduced HTTP cache invalidation on system config changes

Scheduled cleanup of expired customer recovery records

New attribute field types for entity definitions

Inheritance added to product main categories

CategoryIndexer doesn't dispatch IndexingMetaEvent when only index irrelevant data changes

Existing cart recalculations no longer recreate deleted carts

Deprecation of unused TemplateGroup class

New criteria events for product slider CMS element

Allow custom HTTP client injection for S3 client creation

Administration

CMS data mapping source for media custom fields

Storefront

Block renaming

Disabled runtime error overlay in webpack dev server

HEAD-requests do not trigger the registration double-opt-in

App System

Hosting & Configuration

Critical Fixes

What's Changed

New Contributors

Get in touch

System requirements

Critical Fixes

Webhook for order state change

`Price` schemas now describe percentage and reference price fields

Product `display_group` values use SHA-256

Deprecation of `permisionsLocked` property of `SalesChannelContext`

Deprecated non-used `MAIL_TEMPLATE_SALES_CHANNEL_*_EVENT` constants

OpenAPI enums via DAL `Choice` flag

Deprecated `/api/_action/mail-template/validate` route

Deprecation of unused `TemplateGroup` class

`HEAD`-requests do not trigger the registration double-opt-in

Deprecation of helper methods in `\Shopware\Core\Framework\DataAbstractionLayer\Dbal\EntityDefinitionQueryHelper`

Updated `doctrine/dbal` dependency

Primary key validation in `dal:validate` command

Deprecation of default value for `serializer` in `#[Serialized]` field attribute

Product detail variants: `configSettingGroups` as computed and deprecations

Deprecation of `items` prop in `sw-entity-listing` component

`sw-select-base` clearable button default behavior changed

Performance Improvement for `ProductCategoryDenormalizer`

New `RequestParamHelper`

The `TranslationLoader` class is now decoratable

More fine-grained caching control in `HttpCacheCookieEvent`

Removed `CacheInvalidationSubscriber::getChangedPropertyFilterTags` due to performance issues