File: //var/softaculous/presta8/changelog.txt
####################################
# v8.2.6 - (2026-04-16)
####################################
- Back Office
- Improvement:
- GHSA-w9f3-qc75-qgx9 Prevent xss exploitation via unprotected variables in customer threads (found by Savio from Doyensec in collaboration with Anthropic Research)
####################################
# v8.2.5 - (2026-03-13)
####################################
- Front Office
- Improvement:
- GHSA-35pf-37c6-jxjv Prevent xss exploitation via unprotected variables in template
- GHSA-283w-xf3q-788v Fix improper use of validation framework
####################################
####################################
# v8.2.4 - (2026-02-03)
####################################
- Front Office
- Improvement:
- GHSA-67v7-3g49-mxh2 Protect users from time based email enumeration attacks (by @matthieu-rolland, vulnerability reported by Lam Yiu Tung)
8.2.3
Back Office:
Improvement:
#39321: Update Distribution API Client to include the new wall of fame (by @jolelievre)
GHSA-8xx5-h6m3-jr33: Fix email enumeration vulnerability on password reset page (by @M0rgan01 & @matthieu-rolland, vulnerability reported by Maxime Morel-Bailly)
Bug fix:
#38622: Fix new product catalog not loading images in multi-store (by @Codencode)
#39208: Fix Carrier search not working when editing order's carrier (by @Codencode)
#39274: Added closure of the 'deleteCategoriesForm' form (by @Codencode)
#39337: Fix newline in textarea on product page (by @Codencode)
#39430: Fix quantity in delivery slip if we have a refunded product (by @Touxten)
Front Office:
Bug fix:
#39191: Fix cart recovery: use updateCustomer for restoring customer session (by @Codencode)