In this release, we've introduced exciting enhancements like a new timeline view for cart and product orders, improved agent access controls, and better UX for search pages. We've also tackled several bugs, including fixing password reset issues and enhancing performance for file deletions, all while boosting security with important updates.

Enhancements:

• #23142: KProducts: Timeline view of Cart and ProductOrder items
• #23097: KCommerce2: Restrict agent access to a configured list of stores using the allowedStoreNames attribute
• #23096: KJourneys: Create a Journey Node to Launch an Agent
• #23095: KPromotions: Allow competition list thumbnails to show the entire image instead of a cropped zoom
• #22935: Platform: Audit search page should allow searching by user
• #22748: Platform: Framework for improved UX of search pages

Bug fixes:

• #23158: Platform: Resolve NullPointerException in DebugService that caused automated email generation tasks to fail
• #23157: KPromotions: Fix unresponsive "Remove" button for Manage Points page after search/fragment reload
• #23143: KCommerce2: Prevent race conditions by adding global entity locks to cart and checkout operations (Part 1)
• #23139: KCommerce2: eCommerce Settings save blocked by leftover minimumCartItems validation rule
• #23137: Platform: Users unable to reset passwords — passwordResetComponent renders NullPointerException due to missing org/$rf.branch
• #23129: leadform-lib: Client and Submitter search fields return organisations and profiles outside the user's scope
• #23121: Platform: Admin password reset email missing token in reset link, preventing admins from resetting passwords
• #23117: KPromotions: Handle retrospective reconciliation with negative balances
• #23114: Platform: Exception occurs when uploading deployment item due to missing core apps
• #23111: Whatsapp: Create messaging account with the exact WhatsApp phone number after successful send so user replies reach agents
• #23098: KLeadForms: Exception When Executing ‘findCustomerLeads’ from an AI Agent
• #23079: KAuctions: Auction list displays duplicate images and links for every item
• #23075: Platform: Prevent NullPointerException when saving JS app settings that return null
• #23073: KPromotions: Category Does Not Appear in the 'Create Promotion' Component
• #23069: KAuctions: Fix image repeat and closed-auction end times showing as raw ISO datetime and causing UI overflow
• #23066: KPromotions: Fix featured/unfeatured filter so promotions display correctly
• #23062: KLeadForms: EntityFinder search throws TypeError causing company dropdown to show no results on new lead form
• #23061: Platform: Website-level "Disable Password Reset" setting ignored — users can still reset passwords
• #23060: KPromotions: Fix bug blocking non-standard reason codes when creating points debits through the API
• #23043: Platform: Main Mega-menu Disappears and Does Not Return After Clearing the Search Field
• #23042: Platform: Site Pages Show a Console Error and May Not Load Correctly Due to Missing isThemCheckerPage Function
• #23003: Add organisation with selecting Parent Org not working correctly
• #22963: KGameOfChance: Orders created with address fields set to "undefined" and missing customer name/surname/phone
• #21950: salesDataClaimer: Resolved security violation from hasRole check that caused salesDataImageClaimerForm rendering to fail

Performance:

• #23091: Platform: Batch-delete files in background cleanup jobs to speed up cleanup and reduce method calls
• #23090: Platform: Improve file deletion performance by deleting specified files directly instead of scanning entire directories
• #23080: Platform: Improve performance of audit_item COUNT query

UI/UX Improvements:

• #23133: KJourneys: Launch Agent node — Agents list dropdown should open to the left to avoid being clipped in the right-hand editor
• #23101: Platform: Content editors see broken/missing thumbnails for viewAsset, promotionPhoto and signedDocuments components
• #23064: KPromotions: Activity dropdown misaligned/obscured after adding the Categories panel — restored full width and moved Categories to a second tab
• #23000: KGameOfChance, KRaffle: Base Product image not displayed when SKU has no set images
• #22679: KBlogs: Change image upload success message from "Saved!" to "Saved" (remove exclamation)

Security Updates:

• #23130: Platform: Fix Omni-search security vulnerability
• #23120: Platform: Prevent potential Denial-of-Service from extremely long numbers in async JSON parser (Jackson upgraded to 2.19.4)
• #23119: Platform: Security update - apply Caddy v2.11.2 and Go 1.26.1 to fix reported CVEs and crypto/OS vulnerabilities
• #23093: Platform: Update vulnerable dependencies (minimatch, ajv, webpack) to resolve Dependabot security alerts for keditor-lib and github actions
• #23092: Platform: Fix Path Traversal Vulnerabilities in File Storage Manager
• #22987: Platform: JS Roles not correctly validated against JS App Controllers

Documentation:

• #23132: Add help page to new Launch Agent journey node