2026-06-18 – Version 7.2.8
Fix: ANTIFRAUD-221 – Prevent PHP 8.4 undefined variable warnings in whitelist settings rendering
Fix: ANTIFRAUD-222 – [SECURITY] Anti-Fraud trust bypass via spoofable signals (email domain + Referer-based Store API detection)
Fix: ANTIFRAUD-235 – Fatal error in HPOS helper when processing PayPal callbacks with invalid order object
Update: ANTIFRAUD-237 – The “Card Attacks” tab is showing a red status with “Enable Checkout Protection: Not Active”, even though CAPTCHA is enabled on the site.
Fix: ANTIFRAUD-238 – Turnstile checkout protection not rendering correctly and “Checkout Protection is not active” warning shown incorrectly
Fix: ANTIFRAUD-249 – [SECURITY] Unauthenticated AJAX Endpoint Allows Fraud Blacklist Manipulation. (PATCHSTACK)