Upgrading to 1.1.24
1.1.24 is a small maintenance release.
When updating the Hyvä Theme to version 1.1.24, please note to always update the
hyva-themes/magento2-theme-module to the latest version as well.
Even if not updating the Default Theme to 1.1.24, it should always be safe to update
Hyva_Theme module to the latest version (package
Upgraded npm package
After updating, please also update the npm dependencies by running this command in your themes
This release fixes a security related issue reported by Aad Mathijssen (IO).
The form on the contact-us page is pre-populated for logged-in customers.
However, previously the contact-us page was cached in the full-page cache.
If the cache record happened to be generated by a logged-in customer, the pre-filled values were visible to subsequent visitors.
If you are unable to upgrade immediately, please apply a hot-fix to your theme:
cacheable="false" attribute to the
contactForm block in
Better Varnish ESI caching
In older releases, the desktop and mobile top-menu blocks are flushed from the full-page cache more often than necessary.
This issue is fixed in the default theme after the update, but in case the
Magento_Theme/templates/html/header/menu/mobile.phtml templates are overridden in a custom theme, a one-line change has to be applied to benefit from the fix, too.
Without this change, the templates continue to work, but the issue will continue to be present, too.
The required change is only one line. Previously this code can be found in the template:
$block should now be passed as a second argument to the
require function, like this:
For more information, please check the view mode registry documentation.
This release upgrades Alpine.js from 3.10.4 to 3.12.3.
Also, the hyva-themes/magento2-reset-theme version constraint is raised to
For more details please refer to the changelog.
Backward incompatible changes
There are no backward incompatible changes in release 1.1.24.
Changelogs are available from the CHANGELOG.md in the codebase, or here:
- In the template processor plugin a regular expression to match alpine attributes is too loose, and can accidentally match emails in links or HTML comments containing an @ symbol. See gitlab.hyva.io/hyva-themes/magento2-theme-module/-/issues/291 for more information.