####################################
#   v8.2.6 - (2026-04-16)
####################################

- Back Office
  - Improvement:
    - GHSA-w9f3-qc75-qgx9 Prevent xss exploitation via unprotected variables in customer threads (found by Savio from Doyensec in collaboration with Anthropic Research)

####################################
#   v8.2.5 - (2026-03-13)
####################################

- Front Office
  - Improvement:
    - GHSA-35pf-37c6-jxjv Prevent xss exploitation via unprotected variables in template
    - GHSA-283w-xf3q-788v Fix improper use of validation framework

####################################

####################################
#   v8.2.4 - (2026-02-03)
####################################

- Front Office
  - Improvement:
    - GHSA-67v7-3g49-mxh2 Protect users from time based email enumeration attacks (by @matthieu-rolland, vulnerability reported by Lam Yiu Tung)

8.2.3

Back Office:
	Improvement:
		#39321: Update Distribution API Client to include the new wall of fame (by @jolelievre)
		GHSA-8xx5-h6m3-jr33: Fix email enumeration vulnerability on password reset page (by @M0rgan01 & @matthieu-rolland, vulnerability reported by Maxime Morel-Bailly)
	Bug fix:
		#38622: Fix new product catalog not loading images in multi-store (by @Codencode)
		#39208: Fix Carrier search not working when editing order's carrier (by @Codencode)
		#39274: Added closure of the 'deleteCategoriesForm' form (by @Codencode)
		#39337: Fix newline in textarea on product page (by @Codencode)
		#39430: Fix quantity in delivery slip if we have a refunded product (by @Touxten)
Front Office:
	Bug fix:
		#39191: Fix cart recovery: use updateCustomer for restoring customer session (by @Codencode)