diff --git a/changelog.txt b/changelog.txt index 08e449d3..443c517b 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,35 @@ == Changelog == += 2.10.0 February 17, 2025 = + +* Enhancements: + + - Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns. + - Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer. + - Updated: We've made improvements to requests for extension updates to boost stability. + - Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0. + - Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`. + - Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`. + - Removed: User Profile hidden inputs on view mode. + - Tweak: WPCS enhancements. + +* Bugfixes: + + - Fixed: Security issue CVE ID: CVE-2024-12276. + - Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`). + - Fixed: Layout for "Download your data" and "Erase of your data" fields. + - Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected. + - Fixed: "Delete account text" settings visibility issue in wp-admin. + - Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `
`) is filtered out by the `wp_kses()` function. + - Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission. + +* Templates required update: + + - gdpr-register.php + - profile.php + +* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade * + = 2.9.2 January 14, 2025 = * Enhancements: diff --git a/readme.txt b/readme.txt index 435f3ed5..3fe25816 100644 --- a/readme.txt +++ b/readme.txt @@ -169,6 +169,33 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI = 2.10.0 2025-02-17 = +**Enhancements** + +* Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns. +* Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer. +* Updated: We've made improvements to requests for extension updates to boost stability. +* Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0. +* Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`. +* Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`. +* Removed: User Profile hidden inputs on view mode. +* Tweak: WPCS enhancements. + +**Bugfixes** + +* Fixed: Security issue CVE ID: CVE-2024-12276. +* Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`). +* Fixed: Layout for "Download your data" and "Erase of your data" fields. +* Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected. +* Fixed: "Delete account text" settings visibility issue in wp-admin. +* Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like ``) is filtered out by the `wp_kses()` function. +* Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission. + +**Templates required update** + +* gdpr-register.php +* profile.php + +**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade** = 2.9.2 2025-01-14 =