Announcing:
LiteMage for Magento v2.2.6
In this release: Security Hardening and Magento 2.4.6 Compatibility, bug fixes, and more!
RELEASE LOG:
[Security] Hardened ESI block and shell purge entry points with signed request tokens; shell purge tokens now expire.
[Security] Added request validation for ESI block names, encoded layout handles, shell purge timestamps, and nonces.
[Security] Stopped trusting client-forwarded LiteMage and debug headers for runtime module enablement and debug IP matching.
[New] Added support for cacheable HTTP 201 responses, including Cloudflare-protected CLI purge responses. Thanks @martinstoehr.
[New] Added an automatic purge-all hook when themes are assigned to stores.
[Improvement] Modernized frontend and shell controllers for current Magento action interfaces and raw result responses.
[Improvement] Switched CLI purge requests to Magento's framework Curl client with signed URLs, explicit batch flushing, host-header support, basic-auth handling, and improved response logging.
[Improvement] Returned explicit success codes from LiteMage CLI commands for Magento 2.4.6+ console compatibility. Thanks @martinstoehr.
[Improvement] Split LiteMage tag headers by value length so large identity-tag sets are emitted across multiple headers instead of being truncated.
[Improvement] Switched custom vary refresh to a GET JSON endpoint with no-store response headers.
[Improvement] Marked generated ESI includes as `no-vary` and skipped custom-vary refresh checks for ESI requests.
[Improvement] Improved admin LiteMage statistics parsing and output escaping.
[Improvement] Preserved required customer login and customer group vary context from bypass configuration.
[Bug fix] Corrected after-order product purge selection for parent and child product cases.
[Bug fix] Flushed final partial CLI purge batches immediately instead of relying on object destruction. Thanks @martinstoehr.
https://litespeedtech.com/products/cache-plugins/magento-acceleration/release-log
Cheers!
LiteMage for Magento v2.2.6
In this release: Security Hardening and Magento 2.4.6 Compatibility, bug fixes, and more!
RELEASE LOG:
[Security] Hardened ESI block and shell purge entry points with signed request tokens; shell purge tokens now expire.
[Security] Added request validation for ESI block names, encoded layout handles, shell purge timestamps, and nonces.
[Security] Stopped trusting client-forwarded LiteMage and debug headers for runtime module enablement and debug IP matching.
[New] Added support for cacheable HTTP 201 responses, including Cloudflare-protected CLI purge responses. Thanks @martinstoehr.
[New] Added an automatic purge-all hook when themes are assigned to stores.
[Improvement] Modernized frontend and shell controllers for current Magento action interfaces and raw result responses.
[Improvement] Switched CLI purge requests to Magento's framework Curl client with signed URLs, explicit batch flushing, host-header support, basic-auth handling, and improved response logging.
[Improvement] Returned explicit success codes from LiteMage CLI commands for Magento 2.4.6+ console compatibility. Thanks @martinstoehr.
[Improvement] Split LiteMage tag headers by value length so large identity-tag sets are emitted across multiple headers instead of being truncated.
[Improvement] Switched custom vary refresh to a GET JSON endpoint with no-store response headers.
[Improvement] Marked generated ESI includes as `no-vary` and skipped custom-vary refresh checks for ESI requests.
[Improvement] Improved admin LiteMage statistics parsing and output escaping.
[Improvement] Preserved required customer login and customer group vary context from bypass configuration.
[Bug fix] Corrected after-order product purge selection for parent and child product cases.
[Bug fix] Flushed final partial CLI purge batches immediately instead of relying on object destruction. Thanks @martinstoehr.
https://litespeedtech.com/products/cache-plugins/magento-acceleration/release-log
Cheers!