No breaking-change keywords detected in release notes.
v2.17.0
2026-06-24
⚠ Potential breaking changes
🚧 Breaking change
🚧 Breaking change
This is a breaking change:
A database migration replaces the `auth_verification_token` table with a new `auth_verification` table. Run `npx medusa db:migrate` after upgrading; any pending (unconfirmed) verifications are discarded.
fix: Remove unused actor type in auth module by [@sradevski](https://github.com/sradevski) in [#15761](https://github.com/medusajs/medusa/pull/15761)
fix(dashboard): prevent URL param collision breaking pagination in price list add products modal by [@Tusharkhadde](https://github.com/Tusharkhadde) in [#15704](https://github.com/medusajs/medusa/pull/15704)
chore(medusa): remove emojis from migration script by [@shahednasser](https://github.com/shahednasser) in [#15740](https://github.com/medusajs/medusa/pull/15740)
v2.16.0
2026-06-18
⚠ Potential breaking changes
Investigate this project and produce a migration plan to upgrade it from its current Medusa version to v2.16.0, then present the plan for the user's approval before making any edits.
The breaking changes in scope:
3. **`react-router-dom` bumped to `6.30.4`** (defensive security update). Admin customizations may break if not updated.
5. **Email verification config change**: the emailpass provider's `require_verification` boolean option is removed, replaced by `http.authVerificationsPerActor`.
9. **Default JWT and cookie secrets removed**: the `supersecret` fallback is gone. In production, the app throws and fails to start if `http.jwtSecret` / `http.cookieSecret` are not set.
6. **Plan email verification config migration (backend).** Only if the project uses email verification.
Remove the `require_verification` option from the emailpass provider configuration.
token` is renamed to **`code`** — use `code` to build the verification link.
provider` is renamed to **`code_provider`** (defaults to `"token"`).
actor_type` is **removed**. Replace the `actor_type !== "customer"` guard with an `entity_type` check, e.g. `if (entity_type !== "email") return`.
v2.15.5
2026-06-01
⚠ Potential breaking changes
docs: migrate main docs to cloudflare by [@shahednasser](https://github.com/shahednasser) in [#15498](https://github.com/medusajs/medusa/pull/15498)
doc: migrate to cloudflare + medusa cloud by [@shahednasser](https://github.com/shahednasser) in [#15446](https://github.com/medusajs/medusa/pull/15446)
v2.15.3
2026-05-21
⚠ Potential breaking changes
docs: revert Cloudflare migration by [@shahednasser](https://github.com/shahednasser) in [#15438](https://github.com/medusajs/medusa/pull/15438)
docs: migrate to cloudflare by [@shahednasser](https://github.com/shahednasser) in [#15388](https://github.com/medusajs/medusa/pull/15388)
v2.15.2
2026-05-13
⚠ Potential breaking changes
Fix Migrations Regressions
After updating, please inspect the `migrations/.snapshot.**.json` files in your custom modules and:
Look in each module's `migrations/` directory for snapshot files named after your database rather than the module. These are incorrectly generated files and should be deleted.
Step 4: Review the regenerated migration
Open the newly created migration file and check its contents. If it contains `DROP TABLE` or unexpected `ALTER TABLE` statements for tables that belong to other modules:
1. **Do not run this migration.
2. Delete the migration file.
3. The snapshot has now been regenerated correctly — subsequent runs of `db:generate` will produce accurate migrations.
fix(utils): disable generating snapshots on running migrations by [@shahednasser](https://github.com/shahednasser) in [#15382](https://github.com/medusajs/medusa/pull/15382)
v2.15.1
2026-05-11
No breaking-change keywords detected in release notes.
v2.15.0
2026-05-11
⚠ Potential breaking changes
🚧 Breaking change
fix(run-scripts): load WorkflowLoader during db:migrate so workflow hooks are registered by [@AKIB473](https://github.com/AKIB473) in [#15260](https://github.com/medusajs/medusa/pull/15260)