Marcin Gębala
Jul 12 · 3 min read

Welcome to the June 2019 release of Saleor! Read on to learn about the newest changes!

Avalara Integration

Saleor has, to date, only supported tax calculations for the EU with Vatlayer. To support taxes in other countries, we’re integrating the popular Avalara tool with Saleor in this release! With Avalara enabled and configured, you’ll get proper tax calculations during the checkout process. Your orders will also be accessible in the Avalara admin panel.

Storing Credit Cards

We’ve improved the internal payment gateway interface, which now allows for storage and reuse of customers’ payment sources, such as credit cards, if the gateway supports it. Additionally, we’ve implemented support in the Braintree gateway module and plan to add Stripe very soon.

Improved Vouchers Section

Good user experience is always one of our top priorities. We are constantly testing Saleor and decided that the Vouchers section was quite challenging to use, so we set about designing an interface that would make it easier for you to quickly create attractive sales offers for your customers. We have now gathered common settings into visual cards, which makes for a clean and intuitive UI.

Refreshed Vouchers section in Dashboard 2.0

CSRF Vulnerability Fix

This release fixes a security issue that was introduced in version 2.7.0. In that release, we made customizations to the Django middleware in order to disable some elements that were unnecessary for requests coming to the GraphQL API. Unfortunately, we inadvertently disabled CSRF protection for all POST requests coming to static Django views in Storefront 1.0 and Dashboard 1.0. An attacker could therefore send a request without the valid CSRF token, and the server would accept it. In this release, to close this loophole, we’ve reverted to the original middleware configuration. We felt that the performance gain was minimal and it wasn’t a crucial feature for the system, so the original solution is acceptable.

The issue was introduced on 16 May, 2019. Affected versions: 2.7.0

All users of the affected version are encouraged to upgrade Saleor immediately.

These are the highlights of the release. For the full changelog, go to the Github release page.

Thank You

This month we need to give 5,000 thanks 🙏 to all contributors, stargazers, and supporters of Saleor! We’ve just hit that landmark number of GitHub stars.

It’s not all about the numbers, but it is nice to track how far Saleor has come with your constant support. Here’s a little GIF we made to celebrate the occasion.

Contributing

For those of you who are interested in contributing to the project, we prepared a bunch of issues labeled as help wanted. Don’t worry if you don’t fully understand the problem — our team will try to guide you and answer all your questions. Remember to check our channels on Gitter and Spectrum; they serve best if you have quick questions that don’t require opening an issue on GitHub.

Saleor

An open source storefront platform for perfectionists. Written in Python. Best served as a bespoke, high-performance e-commerce solution. Built by Mirumee Software.

Marcin Gębala

Written by

Full stack engineer at @mirumeelabs. Development lead of @getsaleor.

Saleor

Saleor

An open source storefront platform for perfectionists. Written in Python. Best served as a bespoke, high-performance e-commerce solution. Built by Mirumee Software.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade