Changelog
Check out the latest releases from the WooCommerce project.
Subscribe to all release posts via our RSS feed.
-
We’re announcing an important update regarding Action Scheduler — the scalable job queue for processing large queues of tasks in the background in WordPress. In our ongoing commitment to keeping Action Scheduler reliable and efficient, we are officially adopting an “L-2” dependency version policy.
This policy will be effective starting with the next release of Action Scheduler.
What is the “L-2” Policy?
The “L-2” policy, short for “Latest Minus Two,” means that Action Scheduler will support:
- The latest version of WordPress, the version before that, and the version before that.
- The latter version’s minimum PHP version.
For example, at the time of writing, the latest WordPress version is 6.3. The “minus two” version is WordPress 6.1, which requires PHP 5.6 or later. Action Scheduler would therefore require WordPress 6.1 or later and PHP 5.6 or later. Please also see this overview of which WordPress versions work with what PHP versions.
This policy ensures that Action Scheduler and plugins that depend on it remain compatible with a wide range of WordPress installations while keeping up with the latest advancements in the WordPress and PHP ecosystems.
Why Adopt “L-2”?
By implementing the “L-2” policy, we aim to strike a balance between supporting the latest WordPress features and providing stability for users with slightly older WordPress installations. Here’s why this policy is beneficial:
- Reliability: as Action Scheduler drops support for outdated versions, we can simplify its code and as a result decrease the probability for bugs.
- Modern Features: with the adoption of this policy, Action Scheduler now has a defined path towards being able to use modern APIs provided by both WordPress and PHP.
- Security: Keeping up with updates to WordPress and PHP helps maintain the security of Action Scheduler as well as your site or plugin.
What Action Should I Take?
As a consequence of this new policy, the next version of Action Scheduler will require WordPress 6.2 or later as well as PHP 5.6 or later.
If you are a user of WooCommerce or WordPress, it is always a good idea to update them regularly. The same is true for the PHP version installed on your server and any plugins or extensions you might be using. If you’re following this advice there’s nothing else you need to do to ensure you’ll continue to have access to the latest Action Scheduler features.
If you are the developer of a WordPress plugin that depends on Action Scheduler, we recommend that you adopt a similar policy. This ensures that your plugin will be able to benefit from any and all updates to Action Scheduler. If this is not an option in your specific situation, you are free to continue using the latest version of Action Scheduler that is compatible with your extension. Note that this means your users might miss out on important bug fixes, however.
We understand that every WordPress project is unique, and our goal is to make Action Scheduler as versatile and dependable as possible. For more information, updates, and documentation, please visit our official Action Scheduler repository on GitHub.
If you have any questions or need assistance, feel free to reach out to the friendly WooCommerce community on Slack or leave a comment here.
-
The latest version of WooCommerce Blocks, version 11.3.1, is now available for download on WordPress.org and GitHub.
Notable Changes
We’ve fixed a regression where merchants adding a new “All Products” block would see an error on the frontend page preventing the block from displaying correctly.
Changelog
Bug Fixes
- Revert #10032 so All Products renders in the frontend (https://github.com/woocommerce/woocommerce-blocks/pull/11263)
-
WooCommerce 8.2.1 is now available for download.
What’s new?
- We’ve rolled back a change introduced in 8.2.0 that automatically selected all global attribute terms when adding a global attribute to a product. #40729
You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.
As usual, if you spot issues in WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.
-
The latest version of WooCommerce Blocks, version 11.3.0, is now available for download on WordPress.org and GitHub.
Notable Changes
Replace patterns based on the Products (Beta) block with an equivalent based on the Product Collection block
Merchants using some of the product patterns can now find that they’re updated to reflect the Product Collection (beta) block, have had pagination removed, the image aspect ratio updated to be more suitable and finally these patterns now have titles merchants can update to more accurately represent the patterns usage.
3-Column Product Row
Product Collection 3 Columns
1:1 Image 4-Column Product Row
Product Collection 4 Columns
Minimal 5-Column Product Row
Product Collection 5 Columns
Introducing a new condensed address component on checkout
To improve and streamline the experience for returning customers to the checkout, the address form will now collapse if it is complete. This will apply to returning customers with an account, or someone who has previously checked out as a guest who still has a valid session.
Clicking “edit” will reveal the form and allow changes to the address as normal.
Changelog
Enhancements
- Introduced condensed address components on checkout for customers with an existing address. (11167)
- Update aspect ratio, icons and default text for the Social: Follow us on social media pattern. (11161)
- Add horizontal padding to the Featured Category Triple pattern. (11160)
- Remove the “no results” placeholder and pagination and set aspect ratio on the Product Collection 3 Columns, Product Collection 4 Columns, Product Collection 5 Columns, and Product Gallery patterns. (11145)
- Add group and padding to the Product Collection 3 Columns, Featured Category Triple and the Social: Follow us on social media patterns. (11144)
- New Product Collection Patterns: add the new Product Collection 3 Columns, Product Collection 4 Columns, Product Collection 5 Columns and Product Collection: Featured Products 5 Columns patterns. (11134)
- Add titles and padding to the Product Collection: Featured Products 5 Columns and the Product Gallery patterns. (11131)
- Add default image and fixed height to the Just Arrived Full Hero pattern. (11130)
- Add titles and padding to the Product Collection 4 Columns, Product Collection 5 Columns, and Testimonials 3 Columns patterns. (11129)
- Add Add to Cart button’s product price data attribute. (11117)
- Just Arrived Full Hero pattern: wireframe the content and adjust the pattern width. (11115)
- Remove opinionated styles from the Hero Product 3 Split pattern. (11110)
- Add the Featured Category Cover Image pattern. (11109)
- Add fee ID to parent cart and checkout block. (11054)
- Update: Adjust text of incompatibility sidebar notice and show extensions, that explicitly declared incompatibility with the Cart and Checkout blocks. (10877)
Bug Fixes
- Fix Store Notices block breaks page editors. (11165)
- Ensure the Just Arrived Full Hero pattern can have an AI-selected images assigned to it and add a background dim. (11159)
- Testimonials 3 Columns pattern > Update the width and fix the PHP warnings that could be triggered if the content saved within the wc_blocks_patterns_content option didn’t match the updated patterns dictionary. (11158)
- Pattern: Fetch product ID with JS to prevent unnecesary queries on every page load. (11138)
- Fix checkout state/country field width in the site editor. (11133)
- Fixed PHP notice that would appear if an API endpoint failed to load. (11128)
- Made error icon on checkout match text color. (11127)
- Fix a PHP error that was occurring when the WooCommerce Product Add-ons or the WooCommerce Product Bundles plugins were enabled. (11082)
- Resolved an issue where the Single Product block did not respect the WooCommerce setting for redirecting to the cart page after successful addition. (11151)
-
We are pleased to announce the release of WooCommerce 8.2.0. This release should be backwards compatible with the previous version.
This release contains:
- 622 commits from 55 contributors in WooCommerce Core.
- 107 commits from 28 contributors in WooCommerce Blocks.
As always, we recommend creating a backup of your site and making sure that your theme and any other plugins are compatible before updating. You can check out this update guide for more information.
PHP Requirement Change
WooCommerce 8.2 requires PHP version 7.4 or newer.
Read our announcement post for full details.
What’s new in 8.2.0?
High Performance Order Storage
High-Performance Order Storage (HPOS) also previously known as “Custom Order Tables” is a solution that provides an easy-to-understand and solid database structure – specifically designed for eCommerce needs. It uses the WooCommerce CRUD design to store order data in custom tables – optimized for WooCommerce queries with minimal impact on the store’s performance.
In January 2022, we published the initial plan for the Custom Order Tables feature and since then, we’ve been working hard to bring the High-Performance Order Storage (HPOS) to WooCommerce Core. In May 2022, we invited you to test the order migration process and provide feedback on how our initial work performs on real stores of varied configurations.
High-Performance Order Storage (HPOS) is officially released in 8.2.0 under the stable flag and is enabled by default for new installations.
Bringing High-Performance Order Storage (HPOS) to WooCommerce improves these three essential properties for eCommerce stores.
- Scalability
The rise in the number of customers and customer orders increases the load on your store’s database – making it difficult to handle customer order requests and deliver a seamless user experience.
With High-Performance Order Storage, you get dedicated tables for data like orders and order addresses and thus dedicated indexes which results in fewer read/write operations and fewer busy tables. This feature enables eCommerce stores of all shapes and sizes to scale their business to their maximum potential – without expert intervention.
- Reliability
High-Performance Order Storage makes implementing and restoring targeted data backup easier. You’ll no longer need to worry about losing orders, inventory numbers, or client information with reliable backup in these custom order tables. It’ll also facilitate implementing read/write locks and prevent race conditions.
- Simplicity
You no longer have to go through a single huge database to locate underlying data and WooCommerce entries.
With High-Performance Order Storage, you can easily browse through the separate tables and easy-to-handle entries, independent of the table
_posts
, to find data or understand the table structure. It also lets you easily develop new plugins, implement designs for shops and products, and modify WooCommerce with more flexibility.Please visit the documentation page for more details on the High-Performance Order Storage.
Improve WooCommerce blocks performance for classic themes
We made some changes that will split out the styles for our blocks into individual CSS files when the site uses a classic theme. This has been the case for some time with block themes, and now classic themes can benefit from faster load times and lower resource usage when displaying WooCommerce blocks.
More patterns in the Product Collection block
Two new Product Collection patterns, Rows and Simple Grid, are now available. They offer vertical and horizontal layouts to better showcase products.
New Product Collection block
Product Collection is the newest addition to our block library.
Like the Products block, you can choose what criteria affect the list of blocks displayed to shoppers and control the product layout in the list/grid by the various element blocks.
Unlike the Products block, which is a Query loop block variation, this block is a standalone block, enabling us to tailor the block further to better meet the merchant’s needs.
Existing templates with Product blocks will remain unchanged as we haven’t replaced them with Product Collection blocks yet.
It’s labeled beta because we’re still polishing it. And we look forward to any feedback you have on this block.
Other changes
For a complete list of the changes included in this release, please see the changelog in the readme for this release.
Much 💜 to all the contributors
Finally a big thanks to everyone in the community who has contributed via issue reports, fixes, translation, testing, supporting other users, or simply spreading the word.
WooCommerce Core
ActionScheduler
WooCommerce Blocks
-
Release Candidate 2 for the October 10 release of WooCommerce is now available for testing! You can either download it directly from WordPress.org or install our WooCommerce Beta Tester Plugin.
Highlights
Since the release of 8.2.0-rc.1, the following changes have been made:
- Fix: HPOS keeping disabled when the database tables were created via enabling the setting #40466
For the complete list, view the changelog in the readme for this release.
PHP Requirement Change
WooCommerce 8.2 requires PHP version 7.4 or newer.
Read our announcement post for full details.
Release Schedule
We’re on track for our planned October 10 release.
Testing
If you’d like to dive in and help test this new release, our handy WooCommerce Beta Tester plugin allows you to switch between beta versions and release candidates. You can also download the release from WordPress.org.
We’ve posted a helpful writeup on beta testing to help get you started.
If you discover any bugs during the testing process, please let us know by logging a report in GitHub.
-
Release Candidate 1 for the October 10 release of WooCommerce is now available for testing! You can either download it directly from WordPress.org or install our WooCommerce Beta Tester Plugin.
Highlights
Since the release of 8.2.0-beta.1, the following changes have been made:
- Fixed an issue with the Marketplace header becoming invisible after visiting other pages. #40562
- Fixed a backwards-compatibility issue with
wc_get_orders()
when High Performance Order Storage is enabled. #40551 - Fixed an issue where
created_via
wasn’t properly set when HPOS was enabled for orders created manually via the admin. #40469 - Update WooCommerce Blocks to 11.1.2. #40475
For the complete list, view the changelog in the readme for this release.
PHP Requirement Change
WooCommerce 8.2 requires PHP version 7.4 or newer.
Read our announcement post for full details.
Release Schedule
We’re on track for our planned October 10 release.
Testing
If you’d like to dive in and help test this new release, our handy WooCommerce Beta Tester plugin allows you to switch between beta versions and release candidates. You can also download the release from WordPress.org.
We’ve posted a helpful writeup on beta testing to help get you started.
If you discover any bugs during the testing process, please let us know by logging a report in GitHub.
-
The latest version of WooCommerce Blocks, version 11.2.0, is now available for download on WordPress.org and GitHub.
Notable Changes
Blockified Order Confirmation
Merchants using a block-based theme will now see a new editable template in the site editor called “Order Confirmation”. This template will allow them to customize the order confirmation page that is displayed after checkout.
Product Collection: Patterns
Merchants that uses the Product Collection block can see a new feature to use pre-defined patterns using the pattern chooser.
New Store API Order endpoints
Store API now has 2 new endpoints, one for fetching existing unpaid orders, and one to place/buy for those unpaid orders.
Previously, it was not possible to resume an existing order with Store API unless you hacked your way through the session data, now you can do that safely:
Fetch an existing order
Using the new endpoint
GET /wc/store/v1/order/{ORDER_NUMBER}/?key={ORDER_KEY}&billing_email={BILLING_EMAIL}
which will return a similar schema to what you get when callingGET /checkout
endpoint.This only works for unpaid orders, and you will get an error if the email is invalid, the key is invalid, or the order is unpaid.
Logged-in users can only fetch their own orders, guest customers can fetch guest orders. Both require the order number, key, and billing email.
Store API continues to be an unauthenticated API, limited to the current user only.
Pay for an existing order
Alongside the first endpoint, we also expanded the
wc/store/v1/checkout
endpoint to support paying for existing orders, by callingPOST /wc/store/v1/checkout/{ORDER_NUMBER}/?key={ORDER_KEY}&billing_email={BILLING_EMAIL}
you can place an existing order.The body shape for this endpoint is the same for
POST /wc/store/v1/checkout
but will resume an order instead of creating a new one.Changelog
Enhancements
- Remove order and checkout order endpoints experimental flag. (11022)
- Ensure the content of the patterns is also AI-generated. (10997)
- Product Collection: Transfer layout options from Toolbar to Inspector controls. (10922)
- Add pattern chooser in Product Collection. (10876)
- Product Gallery: Lock the Sale Badge and the Next/Prev Buttons. (10869)
- Refactor Cart and Checkout Page Templates. (10773)
- Blockified Order Confirmation. (10056)
Bug Fixes
- Product Gallery: Fix the Product Gallery Thumbnails on click. (11032)
- WooExpress: Fix Checkout and Cart Blocks Editor Crash. (11024)
- Product Gallery: Fix zoom animation on large Image. (11023)
- Fix: Password Protection not respected on single product template. (10999)
- Product Gallery Pager: Remove the Pager markup if there’s only one image. (10998)
- Related Products: Hide the block outside of Single Product Template and Single Product block. (10978)
- Single Product: Fix the Align setting. (10977)
- Hide unexpected bullet point in Product Collection on Storefront. (10945)
- Add custom regex for validating Nicaraguan postal codes. (10928)
- Update
postcode-validator
to 3.8.15 to validate “new” Taiwanese postcodes. (10924) - BlockTemplatesController: Check that $attributes[‘theme’] value isset before operating on it. (10879)
- Product Gallery: CSS styling tightening up. (10867)
- Checkout Block: Prevent changes in the selected shipping method when new rates are added or removed. (10457)
-
Beta 1 for the October 10 release of WooCommerce is now available for testing! You can either download it directly from WordPress.org or install our WooCommerce Beta Tester Plugin.
Highlights
Since the release of 8.1.0, the following changes have been made:
- WooCommerce Blocks has been updated to 11.1.1. See the release notes for 11.1.0 for changes. #40300
- WooCommerce now requires at least PHP version 7.4. #39820
- High Performance Order Storage is now enabled by default for new installs. #40296
For the complete list, view the changelog in the readme for this release.
PHP Requirement Change
WooCommerce 8.2 requires PHP version 7.4 or newer.
Read our announcement post for full details.
Release Schedule
We’re on track for our planned October 10 release.
Version Release Release Candidate October 3, 2023 Final Release October 10, 2023 Testing
If you’d like to dive in and help test this new release, our handy WooCommerce Beta Tester plugin allows you to switch between beta versions and release candidates. You can also download the release from WordPress.org.
We’ve posted a helpful writeup on beta testing to help get you started.
If you discover any bugs during the testing process, please let us know by logging a report in GitHub.
-
Background
Last year we were alerted to a security issue (thanks to David Anderson) that would potentially allow users with specific capabilities (and, by default, this would include the Shop Manager role) to view user data for all users. This has the possibility of exposing sensitive information. Generally, and within WooCommerce, the information stored as user metadata is not sensitive, however it is possible for other plugins to store sensitive data should they elect to. We are not aware of any cases in which this would pose a risk in WooCommerce on its own.
We identified the issue and released a fix in version 7.0.1. However, this patch did not make its way into 7.2 so the vulnerability was re-introduced with that version and has been present up until now.
We have deployed a fix for the vulnerability in version 8.1.1 that is now available.
These vulnerabilities were identified as part of our ongoing HackerOne responsible disclosure program. At this time, we have no evidence of the vulnerability being exploited in the wild.
What do I need to do?
Update your WooCommerce version to the latest version (8.1.1) as soon as possible.
Is WooCommerce still safe to use?
Yes. While identifying new vulnerabilities is difficult, we work hard to do so proactively by partnering with HackerOne researchers to continually improve the safety of WooCommerce. Of course, finding vulnerabilities is just the first step.
Afterward, we work to track and patch any vulnerabilities as quickly as possible. And we strive to keep our merchants and customers updated on a proactive basis about the continual steps we are taking to improve the platform.
I have other questions. If anyone has further concerns or questions regarding the patches, our team of Happiness Engineers is on hand to help — please open a support ticket.