7.5.1

Note that this version bumps the WordPress minimum supported version from 5.7 to 6.4.

Changed

• Bump WordPress "tested up to" version 6.6 (props @sudip-md, @jeffpaul, @dkotter via #313, #318).
• Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @jeffpaul, @dkotter via #313, #318).

Security

• Bump tj-actions/changed-files from 32 to 41 (props @dependabot, @iamdharmesh via #297).
• Bump express from 4.18.2 to 4.19.2 (props @dependabot, @Sidsector9 via #312).
• Bump follow-redirects from 1.15.5 to 1.15.6 (props @dependabot, @Sidsector9 via #312).
• Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (props @dependabot, @Sidsector9 via #312).
• Bump braces from 3.0.2 to 3.0.3 (props @dependabot, @iamdharmesh via #319).
• Bump pac-resolver from 7.0.0 to 7.0.1 (props @dependabot, @iamdharmesh via #319).
• Bump socks from 2.7.1 to 2.8.3 (props @dependabot, @iamdharmesh via #319).
• Bump ws from 7.5.9 to 7.5.10 (props @dependabot, @iamdharmesh via #319).

Developer

• Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #303).
• Update CODEOWNERS (props @jeffpaul, @dkotter via #300).
• Disabled auto sync pull requests with target branch (props @iamdharmesh, @jeffpaul via #307).
• Upgrade download-artifact from v3 to v4 (props @iamdharmesh, @jeffpaul via #309).
• Replaced lee-dohm/no-response with actions/stale to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #310).
• Added a "Testing" section in the CONTRIBUTING.md file (props @kmgalanakis, @jeffpaul via #314).
• Removed ip dependency (props @dependabot, @Sidsector9, @iamdharmesh via #312, #319).

---

New Contributors

• @sudip-md made their first contribution in #313

Full Changelog: 7.5.0...7.5.1
View closed items in the milestone.

7.5.0

Note: this release changes the default behavior for new installs in regards to IP detection. This shouldn't impact existing installs but there are two filters that can be used to change this behavior. See the readme for full details.

Fixed

• Update code snippet in the readme (props @dkotter, @jeffpaul via #291).

Security

• For new installs, ensure we only trust the REMOTE_ADDR HTTP header by default. Existing installs will still utilize the old list of approved headers but can modify this (and are recommended to) by using the rsa_trusted_headers filter (props @dkotter, @peterwilsoncc, @dustinrue, @mikhail-net, Darius Sveikauskas via #290).
• Bump axios from 0.25.0 to 1.6.2 and @wordpress/scripts from 23.7.2 to 26.19.0 (props @dependabot, @dkotter via #293).

New Contributors

• @dustinrue made their first contribution in #290
• @mikhail-net made their first contribution in #290
• Darius Sveikauskas made their first contribution in #290

---

Full Changelog: 7.4.1...7.5.0
View closed items in the milestone.

7.4.1

Added

• GitHub Action summary report for Cypress end-to-end tests (props @jayedul, @Sidsector9 via #258).
• Restricted_Site_Access::append_ips() method to add IP addresses programatically (props @Sidsector9, @faisal-alvi via #267).
• Repository Automator GitHub Action (props @iamdharmesh, @Sidsector9 via #273).

Changed

• Bumped WordPress "tested up to" version 6.4 (props @kirtangajjar, @Sidsector9, @qasumitbagthariya, @jeffpaul via #271, #288).
• WordPress compatibility validation library namespace (props @Sidsector9, @dkotter via #278).
• Documentation to clarify what the restricted site access & discourage search engine options do (props @lkraav, @jeffpaul, @helen, @dinhtungdu, @bmarshall511, @Sidsector9 via #262).
• Updates the Dependency Review GitHub Action to check for GPL-compatible licenses (props @jeffpaul, @Sidsector9 via #261).

Fixed

• Issue with autovivification (props @mae829, @Sidsector9 via #281, @turtlepod via #281).

Security

• Add PHP environment compatibility checker (props @vikrampm1, @Sidsector9 via #268).
• Bump word-wrap from 1.2.3 to 1.2.4 (props @Sidsector9 via #266).
• Bump semver from 5.7.1 to 5.7.2 (props @Sidsector9 via #264).
• Bump tough-cookie from 4.1.2 to 4.1.3 (props @Sidsector9 via #270).
• Bump @cypress/request from 2.88.10 to 2.88.12 (props @Sidsector9 via #270).
• Bump postcss from 8.4.18 to 8.4.31 (props @Sidsector9 via #279).
• Bump @babel/traverse from 7.20.0 to 7.23.2 (props @Sidsector9 via #279).
• Bump Cypress version from 10.3.0 to 13.2.0 (props @iamdharmesh, @Sidsector9 via #276).
• Bump @10up/cypress-wp-utils version to 0.2.0 (props @iamdharmesh, @Sidsector9 via #276).
• Bump @wordpress/env version from 5.4.0 to 8.7.0 (props @iamdharmesh, @Sidsector9 via #276).
• Bump @babel/traverse from 7.20.0 to 7.23.2 (props @dependabot, @Sidsector9 via #282).

New Contributors

• @mikegibbons4 made their first contribution via #221
• @mae829 made their first contribution via #281
• @turtlepod made their first contribution via #281
• @qasumitbagthariya made their first contribution via #288

---

Full Changelog: 7.4.0...7.4.1
View closed items in the milestone.

7.4.0

Added

• Support for application passwords (props @kirtangajjar, @peterwilsoncc, @Sidsector9 via #247).
• Support for custom header based allow-listing (props @mikelking, @ravinderk, @dkotter, @jeffpaul via #242).

Changed

• Support Level from Active to Stable (props @jeffpaul, @Sidsector9 via #244).
• Bump WordPress "tested up to" version 6.2 (props @jayedul, @Sidsector9 via 251).
• Improve Github actions workflow (props @Sidsector9, @dkotter via #227, #253).

Fixed

• Plugin settings header UX (props @barryceelen, @Sidsector9 via #236).
• Issue that caused redirect loop (props @Sidsector9, @cadic, @peterwilsoncc) via #221.

Security

• Run E2E tests on the final ZIP build (props @iamdharmesh, @jayedul via #249).
• Bump json5 from 1.0.1 to 1.0.2 (props @Sidsector9 via #241).
• Bump simple-git from 3.15.0 to 3.16.0 (props @Sidsector9 via #243).
• Bump http-cache-semantics from 4.1.0 to 4.1.1 (props @Sidsector9 via #245).
• Bump @sideway/formula from 3.0.0 to 3.0.1 (props @Sidsector9 via #246).
• Bump webpack from 5.74.0 to 5.76.1 (props @Sidsector9 via #248).

New Contributors

• @barryceelen made their first contribution in #236.
• @kirtangajjar made their first contribution in #247.
• @mikelking made their first contribution in #242.
• @ravinderk made their first contribution in #242.
• @jayedul made their first contribution in #251, #249.
• @mikegibbons4 made their first contribution in #221.

---

Full Changelog: 7.3.5...7.4.0
View closed items in the milestone.

7.3.5

Added

• Show an admin notice if our autoloader doesn't exist (props @dkotter, @pablojmarti, @shahzaib10up, @peterwilsoncc via #231).

Fixed

• Ensure we load our autoloader from the root of our plugin directory (props @dkotter, @pablojmarti, @shahzaib10up, @peterwilsoncc via #231).

Changed

• Improved performance of our E2E tests (props @Sidsector9, @iamdharmesh via #218).
• Release instructions and release ZIP building via GitHub Action (props @dkotter, @faisal-alvi via #232).

Security

• Bump loader-utils from 2.0.3 to 2.0.4 (props @dependabot via #226).
• Bump simple-git from 3.6.0 to 3.15.0 (props @dependabot via #230).

New Contributors

• @pablojmarti made their first contribution in #231
• @shahzaib10up made their first contribution in #231

---

Full Changelog: 7.3.4...7.3.5
View closed items in the milestone.

7.3.4

Fixed

• Fatal error due to missing vendor directory (props @Sidsector9 via #223).

View everything closed on this milestone

7.3.3

Added

• Support for IPv6 addresses (props @jeffpaul, @Sidsector9, @cadic via #217).
• Support for subnet range and pattern formats for IPv4 and IPv6 addresses (props @jeffpaul, @Sidsector9, @cadic via #217).
• WP VIP Coding Standards (props @peterwilsoncc, @faisal-alvi, @eflorea via #212).

Changed

• Improved adding IP user experience via settings (props @ankitguptaindia, @dhanendran, @Sidsector9, @dinhtungdu via #205).
• Replace Grunt with Webpack (props @cadic, @Sidsector9 via #202).

Fixed

• Missing textdomains to translatable strings (props @pedro-mendonca, @Sidsector9 via #214).

New Contributors

• Eduard Florea (@eflorea) made their first contribution in #212
• Dhanendran Rajagopal (@dhanendran) made their first contribution in #205

View everything closed on this milestone

7.3.2

Note: this release contains two new filters that we recommend using to further secure your site. See the readme for full details.

---

Added

• New filter - rsa_get_client_ip_address_filter_flags to modify the range of accepted IP addresses (props @dsXLII, @dinhtungdu, @Sidsector9 via #113).

Changed

• Avoid disjointed plugin settings (props @helen, @peterwilsoncc, @Sidsector9 via #200).
• Bump minimum WordPress version from 5.0 to 5.7 (props @vikrampm1, @Sidsector9, @faisal-alvi via #207).
• Bump minimum PHP version from 5.6 to 7.4 (props @vikrampm1, @Sidsector9, @faisal-alvi via #207).

Security

• New filters - rsa_trusted_proxies and rsa_trusted_headers have been added to help prevent IP spoofing attacks (props @dkotter, @peterwilsoncc, @marcS0H, @DanielRuf, @Sidsector9 via #198).

New Contributors

• Vikram Moparthy (@vikrampm1) made their first contribution in #207.
• Marc-Alexandre Montpas (@marcS0H) made their first contribution in #198.
• Daniel Ruf (@DanielRuf) made their first contribution in #198.
• David E. Smith (@dsXLII) made their first contribution in #113.

View everything closed on this milestone

7.3.1

Added

• PHP8 compatibility check GitHub Action (props @Sidsector9, @dkotter via #183).
• Dependency security scanning GitHub Action (props @jeffpaul via #188).

Changed

• Admin settings HTML semantics for easier testing (props @Sidsector9, @faisal-alvi via #193).
• Bump WordPress "tested up to" version 6.0 (props @peterwilsoncc, @faisal-alvi, @cadic, @jeffpaul via #194, #196).
• Documentation, asset, and e2e test updates (props @Sidsector9, @iamdharmesh via #180, #201).

Fixed

• Check netmask range before IP is added (props @Sidsector9, @PypWalters via #178).

Security

• Bump minimist from 1.2.5 to 1.2.6 (props @dependabot via #185).
• Bump grunt from 1.4.1 to 1.5.3 (props @dependabot via #189, #199).
• Bump async from 2.6.3 to 2.6.4 (props @dependabot via #190).

New Contributors

• Stephanie Walters (@PypWalters) made their first contribution in #178
• Peter Wilson (@peterwilsoncc) made their first contribution in #194
• Dharmesh Patel (@iamdharmesh) made their first contribution in #180

View everything closed on this milestone

7.3.0

Added

• Ability to add, remove, and set IPs programatically (props @ivankruchkoff, @helen, @paulschreiber via #104).
• Cloudflare IP detection compatibility (props @eightam, @dinhtungdu via #110).
• WP-CLI option to modify and retrieve IP entry labels (props @Sidsector9, @dinhtungdu, @mikelking via #152).
• Acceptance and end-to-end tests (props @dinhtungdu, @helen, @jeffpaul, @Sidsector9, @cadic via #121, #132, #155, #169, #175).
• Issue management automation, JavaScript linting, and PHPUnit testing via GitHub Actions (props @jeffpaul, @Sidsector9, @dinhtungdu, @mitogh via #154, #161, #171, #177).

Changed

• Update WP-CLI code to use new API for add/remove/set IPs (props @paulschreiber, @dinhtungdu via #130).
• Bump WordPress "tested up to" version 5.9 (props @dinhtungdu, @jeffpaul, @ankitguptaindia, @BBerg10up, @sudip-10up via #120, #122, #141, #149).
• Improved Composer configuration and support (props @kopepasah, @dinhtungdu via #128).
• Improved documentation (props @jeffpaul, @dinhtungdu, @helen via #146).
• The default constant WP_TESTS_DOMAIN is replaced by a new constant PHP_UNIT_TESTS_ENV to allow testing correct redirections for restricted users by Cypress end-to-end tests (props @faisal-alvi, @Sidsector9, @dkotter via #159).

Fixed

• Issue with allowed IPs and associated comments being offset (props @adamsilverstein, @helen, @ivankruchkoff via #106).
• Prevents new users from getting WordPress setup email, new user flow in multisite installations now work as expected (props @dinhtungdu, @wkw, @jeffpaul, @ivanlopez via #116).
• Ensure assets are enqueued on correct screen only (props @kopepasah, @dinhtungdu, @paulschreiber, @n8dnx via #123, #131).
• Use correct variable for screen reader text (props @dinhtungdu, @lkraav via #126).
• Set the correct filter option value to site_public if RSA_FORBID_RESTRICTION is defined (props @pabamato, @dinhtungdu via #139).
• Prevent redirect loops when Redirect URL set on the same domain with or without Redirect to same path enabled (props @Sidsector9, @faisal-alvi, @cadic via #158).
• Undefined key "url" warning (props @Sidsector9 via #163).
• Redirect to same path setting screen-reader-text (props @pedro-mendonca via #168).
• No loading of JS admin scripts on the network admin page (props @Sidsector9, @dinhtungdu via #175).

Security

• Bump websocket-extensions from 0.1.3 to 0.1.4 (props @dependabot via #129, #166).
• Bump lodash from 4.17.15 to 4.17.21 (props @dependabot via #133, #145, #165).
• Bump rmccue/requests from 1.7.0 to 1.8.0 (props @dependabot via #143).
• Bump grunt from 1.0.4 to 1.3.0 (props @dependabot via #144).
• Bump path-parse from 1.0.6 to 1.0.7 (props @dependabot via #151).

View everything closed on this milestone