Website v20.0.32 - 9 December 2025
On this page
This patch release includes improvements to Apple Pay domain verification, subscription address handling, and payment gateway integrations. A security fix for the Site Builder has been included. Performance improvements have been made to the subscription charging job to handle merchants with large subscription volumes. Several bug fixes address bundle filters, sync reliability, and payment response handling across multiple gateways.
Enhancements
Apple Pay Domain Verification Without Activating the Provider Merchants setting up Apple Pay can now complete the required domain verification process before their payment provider is set to active. Previously, the verification endpoint was only accessible for active providers, forcing merchants to activate a provider before completing setup. This allows a cleaner, safer onboarding workflow.
Subscription Charging: Batch Processing for Large Volumes The subscription charging job has been updated to process subscriptions in batches rather than loading all subscriptions into memory at once. This prevents out-of-memory errors for merchants with large numbers of subscriptions (for example, 15,000+), making subscription renewals more reliable at scale.
Subscriptions Use Original Order for Billing and Shipping Addresses Subscription renewal orders now correctly use the billing and shipping address recorded on the original order, rather than pulling the address from the account. This ensures that address changes to an account do not unexpectedly alter the delivery details for existing subscriptions.
Tyro Google Pay: Merchant ID and Name Passed Through Tyro Google Pay transactions now correctly pass the merchant ID and merchant name through to Google, which is required for Google Pay to function in production with Tyro.
Improved Payment Response Text Several payment gateways — Tyro, Windcave, and SquareWallet — were not returning a human-readable response description alongside payment results. Payment response text is now consistently populated across these gateways, making it easier to understand the outcome of a transaction in the admin and when debugging.
Deprecated Fields
No deprecated fields in this release.
Fixed Bugs
Site Builder: Security Fix for CSRF Token Mismatch Inline actions in the Site Builder were using a CSRF token scoped to the store, which did not match requests made outside the store scope. This has been fixed by using the correct CSRF token for editor actions.
Bundle Filters Not Working with Multiple Feature Selections When a product bundle contained multiple features that each required a modal to select an option, the bundle filters were not applying correctly. Bundle option filters now work as expected regardless of how many features require modal selection.
Sync: Missing Parent Relationships on Initial Import During an initial data import, some records were missing their parent relationships — for example, order items could be imported without being linked to their parent order. This occurred because the conflict detection logic for parent relationships was not triggered for the initial refresh events. The fix ensures parent relationships are correctly established during initial imports.
Sync: Carts Created from Salesforce Missing Default Field Values
When carts were deleted locally and re-synced from Salesforce, certain fields (such as shipping) were being set to null instead of their database default values. The sync procedure has been updated to apply default values correctly during insert operations.