v2.13.46

• Performance improvement: fixed probably threads locking due to incorrect AsyncLock implementation. Replaced custom implementation to AsynLock from Nito.AsyncEx project.

v2.13.45

• Got rid of memory leak caused by ApplicationInsights version 2.8.0. #1579
• Different platform instances could use one Redis instance by specifying "VirtoCommerce:Cache:Redis:ChannelName" setting in web.config. #1582
• Boolean readonly property is shown disabled now. #1572
• Fixed platform admin tool javascript errors on IE 11. #1574

v2.13.44

• Added platform setting which specifies number of decimal digits for money amounts - 2 or 4. #1562
  
• Fixed problem with broken urls for assets when using Azure Blob storage. #1551
• Fixed bug when login error were not shown if user exists, but does not belongs to Manager or Account types. #1534
• Fixed bug with asset uploading with "spaces" in its file name. #1565
• Fixed bug with Order permission scopes blade duplication. #1543
• Paged search ordering revision. #1560

v2.13.43

• Dynamic properties save optimization. (#1541)
• Logout fix. (#1531)
• Changed OperationLogEntity.Detail field maximum length up to 2048. (#1539)
• Fixed licence file download. (#1535)

v2.13.42

• Added Twilio and ASPSMS SMS providers support for sending notifications. Added notification type for change phone number operation. #1526
  web.config

...
        <!-- Supported sms gateways: Twilio and ASPSMS. "Default" means non-implemented gateway. -->
        <add key="VirtoCommerce:Notifications:SmsGateway" value="ASPSMS" />
        <add key="VirtoCommerce:Notifications:SmsGateway:AccountId" value="AccountId" />
        <add key="VirtoCommerce:Notifications:SmsGateway:AccountPassword" value="AccountPassword"/>
        <add key="VirtoCommerce:Notifications:SmsGateway:Sender" value="SenderPhone" />
        <!-- This setting could change ASPSMS REST Json API endpoint -->
        <add key="VirtoCommerce:Notifications:SmsGateway:ASPSMS:JsonApiUri" value="https://json.aspsms.com/SendSimpleTextSMS" />
...

• Added ability to search users modified since specified date.
• Microsoft.AspNet.* libraries updated to the latest 5.2.7 versions. #1520
• Notification templates were moved to separate html files from project resources for easier management. #1506
• Now after installing/updating module, modal dialog with Restart button is shown. #1513

v2.13.41

• Simplify the platform configuration to working with Redis cache server #1507 (#1508)
  Now it is enough to configure the connection string RedisConnectionString to switch the platform in the mode of using the Redis server as a synchronization server for the local caches of multiple platform instances.
  web.config

...
  <connectionStrings>
     <!--Redis Connection String -->
     <add name="RedisConnectionString" connectionString="SECRET" />
 </connectionStrings>
...

• Fixed a bug with invalid absolute links to blob resource when AzureBlobStorage is used as the primary blob provider and the CDN URL is configured in the platform web.config #1509 (#1510)

v2.13.40

• Fixed bug with unavailability of authorization in swagger-ui
  

v2.13.39

• Replaced cookie based authentication with a token barrier authorization for the manager application (OAuth2 password grant flow). The main goal of this migration is to prevent CSRF attacks to the platform API. #1476

Added three new application settings in web.config:

<!-- The access token life time -->
<add key="VirtoCommerce:Authentication:BearerTokens.AccessTokenExpireTimeSpan" value="00:30:00" />
<!-- The refresh-token life time read more about https://oauth.net/2/grant-types/refresh-token/ -->
<add key="VirtoCommerce:Authentication:BearerTokens.RefreshTokenExpireTimeSpan" value="30:00:00:00" />
  <!--The list of permissions that will be granted to the user by cookies when bearer token authentication is enabled.
 This can help to authorize the user for direct (non-AJAX) GET requests to the VC platform API and/or to use  some 3rd-party web applications for the VC platform (like Hangfire dashboard). -->
<add key="VirtoCommerce:Authentication:BearerTokens.LimitedCookiePermissions" value="security:call_api;platform:asset:read;platform:export;background_jobs:manage;content:read;platform:asset:create" />

• Updated swagger UI to v3.20.01
  
• Upgraded Application Insights SDK to the latest version #1485
• Allow to change the shortcut icon for platform application #1467
• Fixed time zone handling in DatetimePicker #1327

v2.13.38

• Fixed the Swagger validation errors like $ref values must be RFC3986-compliant percent-encoded URIs
• Fixed bug when SignalR is stopped working with active Redis configuration. #1462
• Added favicon.ico for Platform manager application
• Fixed JS errors on the new API account blade #1472
• Minor platform performance improvements:
  • XmlExpressionSerializer is now used the static instance of ExpressionSerializer this should significantly reduce memory usage for some cases.
  • Fixed the performance issue with the caching of authorization logic

v2.13.37

• Added Azure Active Directory authentification (SSO) #1388
  https://virtocommerce.com/docs/vc2devguide/authentication-with-azure-ad
• Reworked the action of the change the user password in the platform manager #1433
  • Added possibility for users to change their password when they sign in for the first time
  • Checking new passwords based on the password strength policy defined in the system
    
• Added workaround allows to use the timeout values of EF commands taken from the database connection string #1117