Skip to content
Log in

Website v20.0.41 - 24 March 2026

On this page

This patch resolves bugs affecting checkout error messaging, product category menu ordering, and price filtering on product collection pages. It also includes critical security dependency updates and a performance improvement to data sync processing.

Enhancements

Faster data sync processing. Internal data synchronization queries have been optimized to reduce the time taken to process large volumes of record changes. Bulk insert and update operations now run approximately 35% faster, improving how quickly Salesforce data updates are reflected in your storefront during high-volume sync activity.

Security dependency updates. This release includes updates to several dependencies to address high-severity security vulnerabilities:

  • rack — updated to address a multipart parser denial-of-service vulnerability and a regular expression denial-of-service issue.
  • nokogiri — updated to address a SAML signature bypass vulnerability (CVE-2025-30206) and multiple vulnerabilities in bundled libxml2 and libxslt libraries.
  • rollup — updated to address a critical path traversal vulnerability (CVE-2026-27606, CVSS 9.8) that could allow arbitrary file writes.
  • vite — updated to address a development server file disclosure vulnerability.
  • Rails — bumped to 7.2.3 as required for compatibility with the updated rack version.

These updates are applied automatically with this release and require no action from store administrators.

Fixed bugs

Checkout: clearer messaging when payment status is uncertain. When a network timeout or server error occurred during checkout, customers previously saw a generic error message that gave no indication of whether their payment had gone through. This could lead to customers submitting duplicate payments. Customers in this situation are now shown a specific message advising them to check their confirmation email or Orders page before retrying, and the Pay button remains disabled to prevent accidental repeat submissions. For definite payment failures — where the outcome is known — the Pay button is re-enabled so customers can try again.

Product category menus were displaying child categories in the wrong order. Child product categories were not always appearing in the configured order in navigation menus when using Menu Ordering. This was caused by how the database query was constructed — the sort order was applied to a subquery where it had no guaranteed effect on the outer result. The query has been rewritten to apply ordering correctly, so categories now appear in the position you have set.

Price range filter not working on product collection pages. Adjusting the price slider on product collection and search pages had no effect — products outside the selected price range continued to be displayed. The slider also failed to restore its last position on page reload. The root cause was a malformed input name in the price range template and an incorrect parameter name being submitted to the server. Both issues have been fixed, and price filtering now works as expected.

Was this article helpful?

Was this article helpful?