Changes for the week 2017-10-08

  • v2.0: Fixing an issue in the admin where caching the same template twice might be falsely blocked by the Chrome browser as a XSS request.
  • v2.0: If a value is ever sent to our system, we're replacing it with < script (even though it's already html encoded) to ensure our downstream partners don't accidentally parse that information to allow a XSS attack.
  • v2.0: No longer attempting to strip all html tags out of our text only emial receipts to prevent unintended behavior if html tags were sent as part of the customer data.
  • v2.0: Ensure google analytics is loaded before trying to track a click on paypal or amazon pay.
  • v2.0: Fix an issue when cancelling a subscription with Amazon Pay enabled, sometimes the login button is not visible.
  • v2.0: Improvements to the Google reCaptcha check to avoid situations where you might have to validate more than once.
  • v2.0: Fix for a customer tax_id not showing up as expected in some situations.
  • v2.0: Improvements to how we handle ONESOURCE tax rate calculations where multiple tax rates are involved.
  • v2.0: Fixing an issue introduced on September 26th regarding default live shipping rates for Canada.