3.10.1

Security Update to version 3.10.0

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.2

Security Update

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.2 RC.1

Security Update

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.1

Bug fixes

• Fix PHP Type error in CLI (in #1475) props @Soean
• Fix Uncaught ValueError in Gravity Forms and WordPress SEO connectors (in #1508) props @krokodok
• Fix dynamic callback method detection for custom connectors (in #1469) props @shadyvb
• Fix PHP warning in PHP 8 by adjusting exclude rules filtering to avoid passing null to strlen() (in #1513) props @ocean90
• Fix adding multiple columns to the stream table using filters only displays the last column correctly (in #1519) props @thefrosty
• Fix offset warning in Slack alert when there is no custom logo (in #1522) props @benerd
• Fix BuddyPress Connector, check for BuddyPress dependencies before using (in #1517) props @dd32
• Fix [Security] Update select2 to 4.0.13 (in #1495)

Development

• Update local development environment to use Docker (in #1423)
• Update wp-coding-standards/wpcs and fix all linting issues
• Require PHP ≥ 7.0 and WordPress ≥ 4.6
• Allow switching between PHP 7.4 and PHP 8.2
• Document Connectors (in #1518)
• Update dependencies
  • eslint to ^8.57.0 (in #1480)
  • @babel/traverse from 7.20.10 to 7.23.2 (in #1463)
  • braces from 3.0.2 to 3.0.3 (in #1487)
  • composer/composer from 2.2.21 to 2.2.24 (in #1488)
  • @wordpress/eslint-plugin to v19 (in #1452)
  • @wordpress/eslint-plugin to ^19.2.0 (in #1490)

Deprecations

• Deprecate PHP 5.6 (in #1499)
• Deprecate wp_stream_register_column_defaults filter (in #1519)

Full Changelog: 4.0.0...v4.0.1

4.0.1 RC1

Bug fixes

• Fix PHP Type error in CLI (in #1475) props @Soean
• Fix Uncaught ValueError in Gravity Forms and WordPress SEO connectors (in #1508) props @krokodok
• Fix dynamic callback method detection for custom connectors (in #1469) props @shadyvb
• Fix PHP warning in PHP 8 by adjusting exclude rules filtering to avoid passing null to strlen() (in #1513) props @ocean90
• Fix adding multiple columns to the stream table using filters only displays the last column correctly (in #1519) props @thefrosty
• Fix offset warning in Slack alert when there is no custom logo (in #1522) props @benerd
• Fix BuddyPress Connector, check for BuddyPress dependencies before using (in #1517) props @dd32
• Fix [Security] Update select2 to 4.0.13 (in #1495)

Development

• Update local development environment to use Docker (in #1423)
• Update wp-coding-standards/wpcs and fix all linting issues
• Require PHP ≥ 7.0 and WordPress ≥ 4.6
• Allow switching between PHP 7.4 and PHP 8.2
• Document Connectors (in #1518)
• Update dependencies
  • eslint to ^8.57.0 (in #1480)
  • @babel/traverse from 7.20.10 to 7.23.2 (in #1463)
  • braces from 3.0.2 to 3.0.3 (in #1487)
  • composer/composer from 2.2.21 to 2.2.24 (in #1488)
  • @wordpress/eslint-plugin to v19 (in #1452)
  • @wordpress/eslint-plugin to ^19.2.0 (in #1490)

Deprecations

• Deprecate PHP 5.6 (in #1499)
• Deprecate wp_stream_register_column_defaults filter (in #1519)

Full Changelog: 4.0.0...v4.0.1-rc.1

Release 4.0.0

• Fix: Use only $_SERVER['REMOTE_ADDR'] as the reliable client IP address for event logs. This might cause incorrectly reported event log IP addresses on environments where PHP is behind a proxy server or CDN. Use the wp_stream_client_ip_address filter to set the correct client IP address (see readme.txt for instructions) or configure the hosting environment to report the correct IP address in $_SERVER['REMOTE_ADDR'] (issue #1456, props @calvinalkan).
• Tweak: fix typos in message strings and code comments (fixed in #1461 by @szepeviktor).
• Development: use Composer v2 during CI runs (fixed in #1465 by @szepeviktor).

Full change-log 3.10.0...4.0.0

Version 3.10.0

• Fix: Improve PHP 8.1 compatibility by updating filter_*() calls referencing FILTER_SANITIZE_STRING (issue #1422).
• Fix: prevent PHP deprecation warning when checking for the Stream settings page requests (issue #1440).
• Fix: Add the associated post title to comment events (issue #1430).
• Fix: Use the user associated with a comment instead of the current logged-in user when logging comments (issue #1429).
• Fix: Prevent PHP warnings when no Lead ID present for a Gravity Forms submission (issue #1447).
• Fix: Remove support for legacy WordPress VIP user attribute helpers get_user_attributes(), delete_user_attributes() and update_user_attributes() (issue #1425).
• Development: Document the process for reporting security vulnerabilities (issue #1433).
• Development: Mark as tested with WordPress version 6.3.

Full change log 3.9.3...3.10.0

Version 3.9.3

What's Changed

• Fix: [Security] CVE-2022-43450: Check for capabilities in 'wp_ajax_load_alerts_settings' AJAX action before loading alert settings, props @Lucisu via Patchstack. 1432
• Fix: [Security] CVE-2022-43490: Temporarily remove uninstall flow to avoid inadvertent uninstallation of the plugin, props @Lucisu via Patchstack. #1435
• Development: Mark as tested with the latest version 6.2 of WordPress. #1436

Full Changelog: 3.9.2...3.9.3

Version 3.9.2

• Fix: Check authorization on 'save_new_alert' AJAX action #1391, props marcS0H (WPScan)
• Development: Mark as tested with the latest version 6.1 of WordPress.
• Development: Update development dependencies.

Version 3.9.1

• Fix: PHP 8 compatibility for widget connector #1294, props @ParhamG
• Development: Mark as tested with the latest version 6.0 of WordPress.
• Development: Update development dependencies.