Release Notes

List of new features and improvements

Platform and OroCRM:

• Disable Local Password Change/Reset for LDAP Users,Administrators can now prevent local password changes and resets for back-office users whose accounts are synchronized from LDAP, avoiding conflicts with centrally managed credentials. When enabled, LDAP users cannot change their own password or request a local password reset, and administrators cannot change or reset passwords for LDAP users through the back-office. Password management behavior for non-LDAP users remains unchanged and continues to follow existing login and SSO configuration settings [BAP-23238]
• Enable MCP Server for Back-Office and Storefront. MCP Server support for both Back-Office and Storefront, providing a unified integration layer to securely connect tools and services, streamline workflows, and improve extensibility across the AI powered platform [BAP-23213]
• OIDC Identity Providers Management for Back-Office Users. Administrators can now manage OpenID Connect (OIDC) identity providers making it easier to configure SSO for back-office users [BAP-23169]
• Users provisioning and deprovisioning via SCIM. OroCommerce now supports SCIM-based user and group provisioning, enabling automatic synchronization with identity providers such as Microsoft Entra ID or Okta. When SCIM is enabled, administrators can define default roles, organization access, and name-handling strategies for newly provisioned users. This simplifies user lifecycle management and ensures that provisioned and deprovisioned accounts stay aligned with your IAM configuration [BAP-23145]
• Add AI Smart Agent Integration API label and description on OpenAPI management page [BAP-23253]
• Add note to API docs when a discount is represented as negative value [BAP-23246]
• Replace "tmpnam" and "sys_get_temp_dir" with "tmpfile". Temporary file handling has been improved by replacing manual use of "tmpnam" and "sys_get_temp_dir" with "tmpfile". This ensures that temporary files, particularly in import and export workflows, are automatically cleaned up when a PHP process terminates, including in the event of unexpected errors or crashes [BAP-23198]
• Confusing messaging for users log in without assigned organization business unit. User login handling has been improved for accounts without assigned organization business units by providing clear, actionable messaging both during authentication and in access settings, explaining that at least one organization business unit is required in order to log in [BAP-12161]

List of fixed issues

Platform and OroCRM:

• DIC building log is not created [BAP-23241]
• Back-office "Remember Me" ignored when 2FA is used. The back-office login flow has been corrected so that the "Remember Me" option is honored when two-factor authentication is enabled. If a user selects "Remember Me" on the initial login screen, the persistent session cookie is now preserved after successful 2FA verification, aligning the behavior with non-2FA logins [BAP-23240]
• Slow DB queries during oro:website-search:reindex [BAP-23190]
• Error/Exception is not logged when DB connection issue [BAP-23009]
• Import fails on unexpected value type in column [BAP-22324]
• Unable to manage entity unique keys [BAP-21649]

Release Notes

List of new features and improvements

Platform and OroCRM:

• Added a flag to integration sync settings to log warnings during sync [BAP-23113]
• Prepare ApiBundle to add API types with own prefix in URL [BAP-23160]
• Add possibility to filter addresses by "customRegion" in API [BAP-23171]
• Support markdown formatting for descriptions of API filters [BAP-23179]
• Support "False" and "True" strings as a values for boolean fields in API [BAP-23180]
• "fields" API filter should affect meta properties [BAP-23181]

List of fixed issues

Platform and OroCRM:

• Adding extended manyToOne relation creates invalid extend metadata [BAP-23075]
• CSRF Header not sent from jquery ajax due to invalid cookie name in https site [BAP-23115]
• Dotdigital campaign summary synchronization fails [BAP-22507]
• Export of 1M+ records fails with memory limit error [BAP-22730]
• Error/Exception is not logged when DB connection issue [BAP-23009]
• Bundle-less API documentation update [BAP-23148]
• Nested object is not validated when it is not provided in API POST request [BAP-23170]

6.1.5

New Feature and Improvements

• Disable Username/Password Login [BAP-23058]:
  Added ability to disable login to back-office with the username and password authentication. Such option allows to streamline single sign-on (SSO) configuration so authentication is fully handled by integrated identity provider (Google Workspace, Microsoft 365 or others).
• Advanced search in the back-office API [BAP-23040]:
  Added searchQuery filter that allows to create advanced search requests via API and use granular conditions per entity indexed fields.
• Subresource Integrity Check (SRI) [BAP-22926]:
  Added feature toggle that allows to enable Subresource Integrity (SRI) check for application JS and CSS assets in order to improve security of the application and ensure that the files delivered to the client browser are exactly what the developer intended.
• Add a check to see if the decryption works in oro:check-requirements [BAP-22955]
• Websocket client performance issue [BAP-23044]
• AclHelper: ensure $owners can be json_serialized to an array [BAP-23112]
• Store request data for included and primary entities for "customize_form_data" API processors [BAP-23119]
• Allow to use upper case letters and hyphens for API resource names [BAP-23159]
• Allow to make "meta" filter optional for new API types [BAP-23161]
• Allow to use "fields" filter for API types that do not support inclusions [BAP-23162]
• Allow to make "sort" filter optional for new API types [BAP-23163]
• Handling of taggable entities when "tags" association does not exist in API [BAP-23165]
• Update GrapesJS to latest version [BB-25752]
• Re-enable autocomplete for Behat tests in new PhpStorm versions [BB-26011]

Fixed Issues

• Cleanup of import expired results can lead to out of space [BAP-22947]
• Using 'choice' as name for a form does not work anymore [BAP-23117]
• Unexpected error with 500 status code in API [BAP-23155]
• Grid filters in dev and prod modes have different content [BB-25638]
• Incorrect icon view in error notifications [BB-25883]
• autocomplete.php generation with empty methods [BB-25923]

6.1.4

New Feature and Improvements

• Add support of native PHP enums to API [BAP-23099]
• Add strict comparison for array attributes in API functional tests [BAP-23093]
• Make OAuth 2 login forms functionality the same as common login forms [BAP-23064]
• Add support of multi-file and multi-image relations to the API [BAP-22433]

Fixed Issues

• API forms fail after update to Symfony 6.4.23 [BAP-23096]
• No description for "attachments" association for API subresources [BAP-23091]
• Unable to rebuild cache after upgrading application to 6.1 having custom entity with Select entity field [BAP-23087]
• Escaped HTML tags are visible in renderCollapsibleHtmlProperty blocks [BAP-22792]

Release Notes

List of new features and improvements

Platform and OroCRM:

• Improve app healthchecks [BAP-22853]
• Disable DB prepares emulation. Disabled ATRR_EMULATE_PREPARES to improve application performance [BAP-22995]
• Add validation error when API "validate" operation is requested for included entities [BAP-23030]
• Option to handle Batch API requests synchronously [BAP-23031]
• Update platform dependencies [BAP-23059]

List of fixed issues

Platform and OroCRM:

• Fixed oro:maintenance:unlock messaging when command executed twice [BAP-21744]
• autocomplete.php file generated by extended entity cache includes incorrect method definitions [BAP-22536]
• Improve filter options processing (is_callable handling for string option value) [BAP-23022]
• Data validation is not performed when using PATCH in upsert request [BAP-23025]
• It's impossible to make enum editable over API [BAP-23036]
• Multi-select fields become read-only after upgrade to 6.1 [BAP-23041]
• Attachment/file deletion on local filesystem is slow if directory contains thousands of files [BAP-23049]
• Can’t use custom identifier_field_names in API nested associations [BAP-23054]
• Can’t use NestedAssociationFilter when target entity has custom identifier_field [BAP-23060]

Release Notes

List of new features and improvements

Platform and OroCRM:

• Actualize countries and regions data [BAP-22133]

List of fixed issues

Platform and OroCRM:

• Immutable enum options can be modified by administrators [BAP-23008]

OroPlatform 6.1 LTS is now available

OroCommerce 6.1 LTS has been released.
Check out the release announcement on the website for an overview of what's new.

Release Notes

List of new features and improvements

Platform and OroCRM:

• Multiple LDAP integration configurations support. Improved LDAP integration now merges attributes when a user appears in multiple LDAP queries, ensuring that business units and roles are consolidated rather than overwritten. Users will now be assigned to all relevant business units and have a combined set of roles for accurate access management [BAP-22452 ]
• Replace EventDispatcher with EventDispatcherInterface where it is possible [BAP-22784 ]
• Update checksum when line item entities are changed in API [BAP-22856]
• Add possibility to customize request data normalization for API subresources [BAP-22864]
• Prevent loading all parent entity fields in custom association subresource [BAP-22866]

List of fixed issues

Platform and OroCRM:

• Scheduled email campaigns repeatedly send emails and never stop [CRM-9337]
• Some form field values with special characters are unnecessarily truncated on save. Some form fields were excessively sanitized, resulting in the removal of special characters from user input after submission [BAP-22722]
• Impossible to download email attachments not downloaded by automated sync. The email UI did not display attachment links for attachments that were skipped during the automated email sync due to configuration settings [BAP-22847]
• Fix input data and error handling for API subresources [BAP-22863]
• Fix API request data validation for resources without ID [BAP-22876]
• Action send_email_template ignores workflow variables for recipients parameter [BAP-22897]
• Error in processes.yml of ImapBundle breaks installation [BAP-22915]

Release Notes

List of new features and improvements

Platform and OroCRM:

• Update Symfony to v6.4.15 [BAP-22826]
• Actualize countries and regions data [BAP-22133]
• Refactor building configs for loading custom association data in API [BAP-22812]
• Update entity normalization for "create" API action response [BAP-22818]
• Allow to use entity based models in API relationships [BAP-22828]
• Allow to exclude "get_subresource" API action for custom subresources [BAP-22839]
• Allow to configure request data class for API subresources [BAP-22843]
• Allow to use "include" and "fields" filters for API subresources [BAP-22844]
• Allow to disable parent entity access validation in API [BAP-22849]

List of fixed issues

Platform and OroCRM:

• Allowed memory size exhausted error after composer update [BAP-22817]
• Synchronous Batch API failed for emails when several emails are located in the same folder [BAP-22813]
• Fix merging parent resource config in API [BAP-22829]
• Unrecognized option "title_field" error when editing entity fields after upgrade from versions older than 5.0.1 [BAP-22747]
• platform:upgrade command fails upgrading from version 5.1 to 6.0.2 if there are custom user-created entities [BAP-22800]

Release Notes

List of new features and improvements

Platform and OroCRM:

• Implement full stacktrace for Doctrine\ORM\NonUniqueResultException [BAP-21948]
• SessionNotFoundException when running cache:clear CLI command [BAP-22268]
• Create Datagrids Profiler in a Symfony Toolbar. Added datagrids profiler to the Symfony debug toolbar to help developers customize, debug and optimize datagrids [BAP-22741]
• Remove unneeded UPDATE queries in RemoveNoteConfigurationScopeQuery [BAP-22765]
• Add "include" and "fields" filters to POST and PATCH API resources [BAP-22787]
• Add "disable_paging" option for API configuration [BAP-22794]
• Add "emailThreadContextItemId" to update email API response [BAP-22801]

List of fixed issues

Platform and OroCRM:

• Emails removed after disabling IMAP sync remain in search index and break back-office search suggestions [BAP-22269]
• Broken upgrade from 5.0.3 to 5.0.18 [BAP-22715]
• Documentation Resource definition in the bundle-less applications [BAP-22727]
• Export of 1M+ records fails with memory limit error [BAP-22730]
• Existing email origins cannot be syncked via Sync Emails button after update to reconnect account functionality [BAP-22758]
• Schema Update fails with enabled multi-host [BAP-22767]
• Order shipping tracking and discounts can be changed via API when no permissions to edit the order [BAP-22793]
• Fix API description for read-only createdAt and updatedAt fields [BAP-22797]
• FilesystemCacheInstantiatorTest should not leave artefacts after work [BAP-22807]