Table of Contents & Menu
On this page
Navigation

Upgrading to 1.1.24

This is a small maintenance release.

When upgrading to Hyvä Theme 1.1.24, always update the hyva-themes/magento2-theme-module package to its latest version. It's safe to update the Hyva_Theme module (package hyva-themes/magento2-theme-module) even if you're not updating the Default Theme.

Upgraded npm package

After updating, run the following command in your theme's web/tailwind/ folder to update npm dependencies:

npm install @hyva-themes/[email protected]

Security Fix

This release includes a security fix reported by Aad Mathijssen (IO).

Previously, the contact-us page, when cached in the full-page cache, could expose pre-filled customer data to subsequent visitors if the cache was generated by a logged-in user.

Manual Hotfix

If immediate upgrade is not possible, apply this hotfix to your theme:

Add the cacheable="false" attribute to the contactForm block in Magento_Contact/layout/contact_index_index.xml.

<block class="Magento\Contact\Block\ContactForm" name="contactForm" template="Magento_Contact::form.phtml" cacheable="false">

Better Varnish ESI caching

This update fixes an issue where desktop and mobile top-menu blocks were flushed from the full-page cache more often than necessary in older releases.

The fix is applied to the default theme. If you have overridden Magento_Theme/templates/html/header/menu/desktop.phtml or Magento_Theme/templates/html/header/menu/mobile.phtml in a custom theme, you must apply a one-line change to benefit from this fix. Without this change, the templates will still function, but the caching issue will persist.

Old code:

$viewModelNavigation = $viewModels->require(Navigation::class);

Update to:

$viewModelNavigation = $viewModels->require(Navigation::class, $block);

For more information, please check the view model registry documentation.

Noteworthy changes

Alpine.js has been upgraded from 3.10.4 to 3.12.3. The hyva-themes/magento2-reset-theme version constraint is now >=1.1.4. Refer to the changelog for full details.

Backward incompatible changes

There are no backward incompatible changes in release 1.1.24.

Changelogs

Changelogs are available in the codebase's CHANGELOG.md or via these links:

Tooling

For helpful upgrade information, refer to the Hyvä Theme upgrade documentation.

Known Issues, Resolved in 1.2.5

  • In the template processor plugin a regular expression to match alpine attributes is too loose, and can accidentally match emails in links or HTML comments containing an @ symbol.