Shopware

Appearance

Release notes Shopware 6.7.4.0

4.11.2025

Release notes Shopware 6.7.4.0

Abstract

This minor release provides some interesting improvements under the hood for more stability, performance and software robustness. Additionally, this release comes with at least 148 bug fixes.

System requirements

  • tested on PHP 8.2 and 8.4
  • tested on MySQL 8 and MariaDB 11

Improvements

Add message queue message size limit configuration option #13007

Added shopware.messenger.message_max_kib_size config option to define the maximum size (in KiB) of messages in the message queue. Set to 0 to disable the size check. Defaults to 1024 KiB (1 MiB).

Add save media modal #12146

This implements save media modal. Save media modal can be opened by Admin SDK https://github.com/shopware/meteor/issues/819.

Prevent sending multiple page change events when query parameters change #13203

This change stops dispatching page changed events, if only query parameters changed.

Separate Vimeo video cookies #13096

Vimeo and YouTube videos shared the same cookie consent in Shopware's storefront. When a user accepts the "YouTube video" cookie, both YouTube and Vimeo videos are loaded, violating proper GDPR compliance. Additionally, videos required a page reload to display after accepting cookies, creating a poor user experience.

Users should have granular control over which video platforms they consent to, and videos should load immediately upon consent.

This change introduces separate cookie consent handling for Vimeo and YouTube videos.

  • Videos now load immediately when cookies are accepted (via "Accept all" or cookie configuration offcanvas)
  • No page reload required
  • Each video type independently checks its specific cookie

Add possibility to set fetchpriority high in images #13070

Formerly, there was no way to add the attribute fetchpriority="high" to an image, loaded by the CMS image element. As it always depends on the content this should not be done automatically, but rather configurable.

This change adds a setting to add this attribute to the image. In this case we also do not use the loading="lazy" option.

Apply new screen design to installer #13191

This change applies a new screen design to the installer and cleans up the former behaviour.

Remove datepicker wrapper #12948

Formerly, there was a wrapper around the mt-datepicker to correct styling issues with the meteor component. The component mt-datepicker styling has now been corrected so this wrapper could be removed.

Make product detail review form radio keyboard accessible #13046

The review rating radio buttons were not focusable because they used display: none. We updated the radio buttons to be visually hidden using visually-hidden() instead, making them focusable. Additionally, I added a box-shadow to the star label when its child radio is focused, so keyboard users have a visual indicator. Also, the vertical alignment between the stars and the rating text were improved.

Fix Vite vulnerability in admin #13149

Bumped and pinned vite version due to vulnerability and audit fail: GHSA-93m4-6634-74q7.

This is actually not security relevant for us or Shopware users as the vulnerability is just happening at the dev-server of vite. An attacker would have to have explicit access to the network of the local dev server which is not exposed at any point.

Add sitemap entity query events for products, landing pages, and categories #13082

When changing the products which are shown in the sitemap, formerly it was necessary to decorate the ProductUrlProvider. However, it could be much more efficient, when "modifying" the query directly. This is why we added an event to modify the query builder when fetching products, landing pages and categories.

Please checkout the changelog for more detailed information.

Fixed bugs

  • 12994 fix: cache cookie handling to prevent cache poisioning
  • 13079 fix: session locks issue
  • 12936 fix: Clearance sale (stock handling) is ignored as soon as a product is in the cart
Click to see more fixed bugs
  • 10486 Subscriptions: Allow single purchases and subscriptions in one cart
  • 13033 fix(phpstan): Add array/iterable types to Shopware\Core\System
  • 13054 fix(ADR): Revert changes and supersede ADR instead
  • 13046 fix: make product detail review form radio keyboard accessible
  • 12672 fix: Change error output of app loader while running in CI env
  • 12790 fix: fix custom fields configuration property for select
  • 12831 fix: Proper display of the administrator switch in the integration create modal
  • 12808 feat: add gitignore to plugin create command
  • 12764 feat: add typescript-eslint/no-misused-spread
  • 12834 fix: add missing .md extension to changelog
  • 12860 chore: merge back v6.7.3.0
  • 12798 chore(admin-snippets): Add auth-filter for fallback (backport: 6.7.3.x)
  • 12833 fix: proper display of the administrator switch in the user create
  • 12835 refactor: replace the latest sw-switch-field component with a bool input
  • 12864 fix: entity listing in log events
  • 12837 feat: add new twig blocks for product box
  • 13187 chore: Add compatibility with node 25
  • 12948 feat: remove datepicker wrapper
  • 12924 refactor: cleanup after-sales styles
  • 13108 fix: Add check for supported types
  • 12971 feat: Update PHPStan and its plugins (10-2025)
  • 12820 fix: tax free config
  • 13158 fix: respect errorRoute parameter in captcha failure handler
  • 13037 fix: improve select result list sometimes not loading the next page when scrolling to the bottom
  • 13070 feat: Add possibility to set fetchpriority high in images
  • 13082 feat: Add sitemap entity query events for products, landing pages and categories
  • 13076 fix: verify what phpstan is doing with its cache result
  • 13032 refactor: Use lists where we know that it is a list
  • 13038 fix: Hide shopware.yaml danger warning on config-schema.json change
  • 12755 refactor: Do not use the Symfony validator to validate the honeypot captcha
  • 13007 feat: Add message queue message size limit config option
  • 13083 fix: Typos in storefront.de.json
  • 12979 feat: compatibility with OpenSearch 3.x
  • 13065 fix: Use bordered switches in the sw-product-deliverability-form for a consistent look
  • 13109 feat: Make sure only removals are made to the PHPStan baseline
  • 13091 refactor: Change to correct native return type of CmsPageLoadedEvent
  • 13087 fix: IAP decoding with old OpenSSL versions
  • 12923 fix: Use agnostic language layer functionality when loading snippets
  • 13119 fix: change light intensity in 3D viewer
  • 12742 chore: revert fix: Fix base_url validation
  • 12744 chore: revert fix: Fix base_url validation (backport: 6.7.3.x)
  • 12776 ci: enable currents for install ats
  • 12779 fix: missing empty state description
  • 12767 test: remove skipping for rule test (backport: 6.7.3.x)
  • 12760 test: remove skipping for rule test
  • 12809 feat: add Mailpit configuration and HTTPS error handling for Playwrig…
  • 12822 fix: package annotation affiliate tracking
  • 12796 chore(admin-snippets): Add auth-filter for fallback
  • 12795 chore(ci): update acceptance test snapshots
  • 12791 fix: Add specific cms state page property to watcher
  • 12939 chore(ci): update acceptance test snapshots
  • 12937 fix: currency name instead of isoCode
  • 12928 fix: import/export profile save (backport: 6.7.3.x)
  • 12908 ci: fix milestone version detection (backport: 6.7.3.x)
  • 12821 fix: installer fixes
  • 12931 docs: Change wording of Symfony feature ADR to make its purpose clearer
  • 12865 feat: Add aria-label to CMS image link
  • 12887 fix: address manager create form
  • 12836 fix: SalesChannelContext::state to reset to previous state
  • 12898 fix: include /Test/ directories in classmap
  • 12889 ci: fix milestone version detection
  • 12578 feat(product analytics): Initial commit
  • 12868 chore(filename-lint): Adjustments after exploratory testing
  • 12909 fix: update event binding for multi-select switch and add related tests
  • 12892 fix: Improve error handling for sales channel deletion
  • 12941 chore: Skip bc checker optional parameters
  • 12949 fix: skip-optional-construct-parameters.patch
  • 12951 chore(administration): ignore new axios audit issue due to no ability to upgrade (backport: 6.7.3.x)
  • 12940 test: add missing dir to integration batch
  • 12876 chore(administration): ignore new axios audit issue due to no ability to upgrade
  • 12754 chore(product-analytics): Add amplitude/sdk
  • 12861 chore: refactor rate limit exception for domain exceptions
  • 12830 fix: Allow vtt files
  • 12800 feat: optimize dynamic imports for login and error handling modules
  • 12874 fix: node 24 warnings
  • 12858 fix(image-slider): Fix broken snippet key
  • 12910 fix: Customer group decline sets now correct group
  • 12729 fix: import/export profile save
  • 12839 feat: Change auto form submission to use requestSubmit
  • 12943 fix: Invalid spelling of modelValue / model-value
  • 12925 feat: Add product available sorting criteria option
  • 12917 fix: parse plugin config default values based on input field type
  • 12914 feat(product-analytics): Add appUrl to analytics events
  • 12989 chore(ci): update acceptance test snapshots
  • 12904 fix: Preserve createCustomerAccount checkbox if form is submitted
  • 12987 feat: compatibility with OpenSearch 3.x (backport: 6.7.3.x)
  • 12962 fix: Promotion setgroup can't be deleted (#12842) & Poor TAG readabil…
  • 12933 feat(product-analytics): Use EventBus for event propagation
  • 13006 fix: Allow more options for RGB and HSL color functions
  • 12869 fix: Improve shipping and payment cart blocking errors
  • 12993 fix: customer registration alert
  • 12778 test: storefront account visual test
  • 13027 fix: Encoding of Context Gateway Endpoint (backport: 6.7.2.x)
  • 13036 feat: bump acceptance test suite version to 11.35.0
  • 13040 fix: flaky DeleteExpiredFilesServiceTest
  • 12770 fix: Fix snippet validate command
  • 13045 fix: increase tolerance for data types in AnnotatePackageProcessor
  • 13005 chore: change discovery codeowner paths
  • 12961 chore(ci): add support for non-blocking codeownership
  • 12897 fix: make use of meteor token in rule builder & fix ui smells
  • 13008 fix: flaky testRespondToAccessTokenRequest in ShopwareGrantTypeTest
  • 12973 fix: Encoding of Context Gateway Endpoint
  • 12938 feat: pre-test of new ats version 11-34-1
  • 12932 refactor(discount): Only consider filterable price definitions
  • 13010 test: search result page visual test
  • 13018 test: storefront product detail visual test
  • 13025 fix: Oauth grant open api specs
  • 13011 feat: admin notification transformers
  • 13024 fix(PHPStan): Add missing Storefront route prefix, fix typo and clean up configuration files
  • 13048 chore(ci): update acceptance test snapshots
  • 13113 fix: adjust z-index for color picker popover in modal windows
  • 13125 chore(ci): update acceptance test snapshots
  • 13107 fix(link-category): Enable offcanvas behaviour for category links
  • 13146 fix: webhook event cleanup for queued logs
  • 13149 fix: vite vulnerability in admin - GHSA-93m4-6634-74q7
  • 13144 build: bump ATS version to 11.37.0
  • 13114 fix: added cleaned directory name to lock key in CacheClearer
  • 13123 fix: admin plugins with bundle suffix
  • 13075 fix: vat id origin
  • 13041 fix: Change Update an existing Shopware instance acceptance test
  • 13122 fix: cart summary tax colon
  • 13135 fix(analytics): Update consent v2 handling for Google
  • 13064 test: storefront shopping cart visual
  • 13096 feat: vimeo video cookie separation
  • 13062 ci: add StoreAPI schema snapshot action
  • 13177 fix: display only last date for search index
  • 13182 refactor(tests): simplify cache clearing wishlist tests for saas
  • 13178 chore: Do not reassign promoted property variables
  • 13063 refactor: Deprecate the Shopware\Core\Framework\Test\TestCaseHelper\ReflectionHelper
  • 13162 fix(cookie-offcanvas): external navigation links were not working
  • 13161 fix: Use the ComposerPluginLoader when enabled in the bin/{console/shopware} command
  • 13184 ci: fix currents in nightly
  • 12146 feat: Add save media modal
  • 12806 ci: fix downstream rufus workflow name
  • 13266 refactor(tests): simplify cache clearing, retry for needed cookies (#…
  • 12773 docs: rename platform.sh to Upsun
  • 12784 fix: Search result should include products when parent product number matches
  • 12946 fix: Fix preview seo url template function
  • 13100 chore: merge back 6.7.3.1
  • 12992 feat: acceptance test for product analytics
  • 13310 chore: prepare 6.7.4.0
  • 13188 fix: Special Characters "/" in Search Not Working Even When Added as …
  • 12913 feat: add a unique user ID to product analytics
  • 13314 fix: increase precision of kg unit to match database schema
  • 13304 fix: Always overwrite currency id based on header

Credits

Thanks to all diligent friends for helping us make Shopware better and better with each pull request!

@JoshuaBehrens
Joshua Behrens
@wannevancamp
Wanne Van Camp
@aragon999
Max
@gecolay
Benjamin Wittwer
@lacknere
Elias Lackner

More resources

Get in touch

Discuss about decisions, bugs you might stumble upon, etc in our community discord. See you there 😉

Newsletter
Copyright © shopware AG - All rights reserved