HEX
Server: LiteSpeed
System: Linux premium263.web-hosting.com 4.18.0-553.50.1.lve.el8.x86_64 #1 SMP Thu Apr 17 19:10:24 UTC 2025 x86_64
User: eastcjee (525)
PHP: 8.2.31
Disabled: NONE
$ pwd: /proc/self/root/var/softaculous/bagisto/
Upload Files
File: //proc/self/root/var/softaculous/bagisto/changelog.txt
v2.4.7 (24th of June 2026) - Release

    Security fixes.

    "Apply Tax On" setting (Before/After Discount) under Sales → Taxes → Calculation Settings to control whether tax is calculated on the original product price or on the discounted price when a cart-rule/coupon discount is applied, plus an optional per-product tax breakdown in the cart and checkout summary.

    #11344 [fixed] - Fixed incorrect payment amounts for currencies whose ISO 4217 minor units are not two decimals in the Stripe and PayPal gateways. Currencies are now seeded with a decimal value (e.g. 0 for JPY/KRW, 3 for KWD/BHD, 2 by default); Stripe converts amounts to the smallest currency unit using 10 ^ decimal instead of a hardcoded × 100, and PayPal rounds to the currency's decimal places, preventing 100× overcharges on zero-decimal currencies and undercharges on three-decimal currencies.

    #11331 [fixed] - Replaced deprecated Venezuelan Bolivar currency code VEF with VES in seeders and installer configurations, ensuring correct exchange rate synchronization with modern exchange rate APIs.

    #11316 [fixed] - Fixed the rich-text (TinyMCE) sanitizer stripping tables and class/style attributes from product/category descriptions, CMS pages, and email templates on save, so tables and formatting inserted in the editor no longer disappear. The HTMLPurifier allowlist now permits table elements and class/style (with an expanded set of safe CSS properties) while still removing scripts, event handlers, javascript:/data: URLs, and unsafe CSS. Also fixed theme static-content custom CSS being corrupted by the HTML purifier — valid selectors such as the > child combinator were entity-encoded — by sanitizing it against </style> context breakout instead of running it through the HTML purifier.

    #10963 [fixed] - Fixed a required multiselect attribute on the product edit page failing validation on save until the field was manually re-interacted with, because the previously saved values were not registered with the form validator on page load.

2.4.6 (5th of June 2026) - Release

    Help and resources added.

    Security fixes.
	
2.4.5 (2nd of June 2026) - Release

    Added EU Withdrawal feature (Directive (EU) 2023/2673, Article 11a CRD) — customers and guests can withdraw from a contract online via a "Withdraw from contract" button on order pages and a public lookup form, with durable-medium confirmation emails, an admin datagrid + timeline view for managing withdrawals, and a per-channel enable toggle.

    Added PhonePe payment gateway integration.

    Refined Playwright testcases.

    Security fixes.
@ Telegram