Table of Contents & Menu
On this page
Navigation

Upgrading to 1.2.4

Version 1.2.4 includes bug fixes and new features.

When upgrading the Hyvä Theme to 1.2.4, always update the hyva-themes/magento2-theme-module package to its latest version. This is safe to do even if you are not updating the Default Theme to 1.2.4.

Upgraded npm package

After updating, update npm dependencies by running this command in your theme's web/tailwind/ folder:

npm install @hyva-themes/[email protected]

Security Fix

This release addresses a security vulnerability reported by Aad Mathijssen (IO).

Previously, the contact-us page could be cached with pre-filled form data from a logged-in customer. This exposed the pre-filled values to subsequent visitors.

Manual Hotfix

If immediate upgrade is not possible, apply this hotfix to your theme:

Add the cacheable="false" attribute to the contactForm block in Magento_Contact/layout/contact_index_index.xml.

<block class="Magento\Contact\Block\ContactForm" name="contactForm" template="Magento_Contact::form.phtml" cacheable="false">

Better Varnish ESI caching

This update improves Varnish ESI caching for desktop and mobile top-menu blocks, reducing unnecessary cache flushes. While fixed in the default theme, custom themes overriding Magento_Theme/templates/html/header/menu/desktop.phtml or Magento_Theme/templates/html/header/menu/mobile.phtml require a one-line change to benefit from this fix. Without it, the templates will function but the caching issue will persist.

Previously, the code in the template was:

$viewModelNavigation = $viewModels->require(Navigation::class);

Now, pass $block as the second argument to the require function:

$viewModelNavigation = $viewModels->require(Navigation::class, $block);

For more information, check the view model registry documentation.

Noteworthy changes

Key updates include Alpine.js from 3.10.4 to 3.12.3 and raising the hyva-themes/magento2-reset-theme version constraint to >=1.1.4. See the changelog for full details.

Backward incompatible changes

Version 1.2.4 introduces no backward incompatible changes.

Changelogs

Access changelogs in CHANGELOG.md or via these links:

Tooling

For general upgrade guidance, refer to the Hyvä Theme upgrade documentation.

Known Issues (Resolved in 1.2.5)

  • In the theme-module, src\view\frontend\templates\page\js\modal.phtml used an incorrect property name to access the modal Alpine component.
  • The template processor plugin's regular expression for matching Alpine attributes was too loose, potentially matching emails in links or `@` symbols in HTML comments.