Update Ultimate Member to version 2.10.0.

changelog.txt

@@ -1,5 +1,35 @@
 == Changelog ==
 
+= 2.10.0 February 17, 2025 =
+
+* Enhancements:
+
+  - Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns.
+  - Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer.
+  - Updated: We've made improvements to requests for extension updates to boost stability.
+  - Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0.
+  - Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`.
+  - Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`.
+  - Removed: User Profile hidden inputs on view mode.
+  - Tweak: WPCS enhancements.
+
+* Bugfixes:
+
+  - Fixed: Security issue CVE ID: CVE-2024-12276.
+  - Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`).
+  - Fixed: Layout for "Download your data" and "Erase of your data" fields.
+  - Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected.
+  - Fixed: "Delete account text" settings visibility issue in wp-admin.
+  - Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `<form>`) is filtered out by the `wp_kses()` function.
+  - Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission.
+
+* Templates required update:
+
+  - gdpr-register.php
+  - profile.php
+
+* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *
+
 = 2.9.2 January 14, 2025 =
 
 * Enhancements:

readme.txt

@@ -169,6 +169,33 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 
 = 2.10.0 2025-02-17 =
 
+**Enhancements**
+
+* Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns.
+* Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer.
+* Updated: We've made improvements to requests for extension updates to boost stability.
+* Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0.
+* Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`.
+* Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`.
+* Removed: User Profile hidden inputs on view mode.
+* Tweak: WPCS enhancements.
+
+**Bugfixes**
+
+* Fixed: Security issue CVE ID: CVE-2024-12276.
+* Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`).
+* Fixed: Layout for "Download your data" and "Erase of your data" fields.
+* Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected.
+* Fixed: "Delete account text" settings visibility issue in wp-admin.
+* Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `<form>`) is filtered out by the `wp_kses()` function.
+* Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission.
+
+**Templates required update**
+
+* gdpr-register.php
+* profile.php
+
+**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
 
 = 2.9.2 2025-01-14 =