4.1.0 RC.2

Bug fixes

• Update the release event types (in #1678)

4.1.0 RC.1

New features & Enhancements

• Add object ID and user ID to exports (in #1532)
• Include timezone in logs for clarity (in #1534)
• Display feature request notice on Settings screen (in #1542)
• Improve connector registration logic (in #1546)
• Add filter to allow more records in exports (in #1558)
• Add Two Factor connector (in #1567)
• Feature: allow defining of settings capability for more granular access control (in #1599), props to @spenserhale

Bug fixes

• Remove duplicate logs when saving posts (in #1530)
• Allow commas in CSV exporter fields (in #1531)
• Use scheduled action for resetting large record and meta tables (in #1543)
• Fix BuddyPress Action links (in #1557)
• Fix broken assets' paths on multisite setup (in #1595)
• Use Yoast deprecated method conditionally (in #1603)
• Fix saving inline alerts (in #1620)
• Fix Yoast connector test (in #1625)
• Fix Allow only safe URLs for Slack alerts (in #1652) - thanks @francescocarlucci for reporting this
• Fix Use Woo built in method \WC_Tax::get_rate_label() to get the tax label (in #1654)
• Fix Improve Yoast SEO logs reliability (in #1655)
• Fix Use preferred WC_Order_Factory to get the order ID (in #1656)
• Fix Theme files changes are tracked as expected (in #1658)
• Update the Test_WP_Stream_Connector_Editor::test_log_changes test case to reflect the recent changes (in #1676)

Documentation

• Add documentation to wp_stream_log_data filter (in #1559)
• Update documentation, separate out full changelog (in #1568)

Development

• Add Playwright testing framework and initial tests (in #1529)
• Add port so we can see the database (in #1533)
• Add files to generate and remove test data (in #1538)
• Replace Grunt with @wordpress/scripts (in #1541)
• Fix local environment path (in #1547)
• Remove duplicate ports added in merge from master (in #1566)
• Reintroduce deployment to packagist.org (in #1587)
• Update required Node.js version to ^20.18.0 (in #1596)
• Update composer.lock with Two Factor plugin entry (in #1604)
• Remove ESLint on the project level, use the one from @wordpress/scripts (in #1616)
• Add new dependency eslint-plugin-react-hooks (in #1616)
• Dependencies:
  • body-parser to 1.20.3 (in #1579)
  • serve-static to 1.16.2 (in #1580)
  • send to 0.19.0 (in #1580)
  • uuid to 11.0.4 (in #1672)
  • symfony/process to 5.4.46 (in #1628)
  • node.js to 22.12.0 (in #1641)
  • eslint-plugin-react-hooks to 5.1.0 (in #1642)
  • @playwright/test to 1.49.1 (in #1643)
  • @types/node to 22.10.2 (in #1644)
  • @wordpress/eslint-plugin to 22.1.1 (in #1671)
  • npm-run-all2 to 7.0.2 (in #1647)
  • express to 4.21.2 (in #1648)
  • cookie to 0.7.1 (in #1648)
  • @wordpress/e2e-test-utils-playwright to 1.15.0 (in #1671)
  • @wordpress/scripts to 30.8.1 (in #1671)
  • @types/node to 22.10.6 (in #1675)

Contributors:

• @tharsheblows
• @delawski
• @spenserhale
• @pereirinha
• @marcinkrzeminski
• @bartoszgadomski

3.10.1

Security Update to version 3.10.0

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.2

Security Update

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.2 RC.1

Security Update

• Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to @sybrew for responsibly disclosing this issue.

4.0.1

Bug fixes

• Fix PHP Type error in CLI (in #1475) props @Soean
• Fix Uncaught ValueError in Gravity Forms and WordPress SEO connectors (in #1508) props @krokodok
• Fix dynamic callback method detection for custom connectors (in #1469) props @shadyvb
• Fix PHP warning in PHP 8 by adjusting exclude rules filtering to avoid passing null to strlen() (in #1513) props @ocean90
• Fix adding multiple columns to the stream table using filters only displays the last column correctly (in #1519) props @thefrosty
• Fix offset warning in Slack alert when there is no custom logo (in #1522) props @benerd
• Fix BuddyPress Connector, check for BuddyPress dependencies before using (in #1517) props @dd32
• Fix [Security] Update select2 to 4.0.13 (in #1495)

Development

• Update local development environment to use Docker (in #1423)
• Update wp-coding-standards/wpcs and fix all linting issues
• Require PHP ≥ 7.0 and WordPress ≥ 4.6
• Allow switching between PHP 7.4 and PHP 8.2
• Document Connectors (in #1518)
• Update dependencies
  • eslint to ^8.57.0 (in #1480)
  • @babel/traverse from 7.20.10 to 7.23.2 (in #1463)
  • braces from 3.0.2 to 3.0.3 (in #1487)
  • composer/composer from 2.2.21 to 2.2.24 (in #1488)
  • @wordpress/eslint-plugin to v19 (in #1452)
  • @wordpress/eslint-plugin to ^19.2.0 (in #1490)

Deprecations

• Deprecate PHP 5.6 (in #1499)
• Deprecate wp_stream_register_column_defaults filter (in #1519)

Full Changelog: 4.0.0...v4.0.1

4.0.1 RC1

Bug fixes

• Fix PHP Type error in CLI (in #1475) props @Soean
• Fix Uncaught ValueError in Gravity Forms and WordPress SEO connectors (in #1508) props @krokodok
• Fix dynamic callback method detection for custom connectors (in #1469) props @shadyvb
• Fix PHP warning in PHP 8 by adjusting exclude rules filtering to avoid passing null to strlen() (in #1513) props @ocean90
• Fix adding multiple columns to the stream table using filters only displays the last column correctly (in #1519) props @thefrosty
• Fix offset warning in Slack alert when there is no custom logo (in #1522) props @benerd
• Fix BuddyPress Connector, check for BuddyPress dependencies before using (in #1517) props @dd32
• Fix [Security] Update select2 to 4.0.13 (in #1495)

Development

• Update local development environment to use Docker (in #1423)
• Update wp-coding-standards/wpcs and fix all linting issues
• Require PHP ≥ 7.0 and WordPress ≥ 4.6
• Allow switching between PHP 7.4 and PHP 8.2
• Document Connectors (in #1518)
• Update dependencies
  • eslint to ^8.57.0 (in #1480)
  • @babel/traverse from 7.20.10 to 7.23.2 (in #1463)
  • braces from 3.0.2 to 3.0.3 (in #1487)
  • composer/composer from 2.2.21 to 2.2.24 (in #1488)
  • @wordpress/eslint-plugin to v19 (in #1452)
  • @wordpress/eslint-plugin to ^19.2.0 (in #1490)

Deprecations

• Deprecate PHP 5.6 (in #1499)
• Deprecate wp_stream_register_column_defaults filter (in #1519)

Full Changelog: 4.0.0...v4.0.1-rc.1

Release 4.0.0

• Fix: Use only $_SERVER['REMOTE_ADDR'] as the reliable client IP address for event logs. This might cause incorrectly reported event log IP addresses on environments where PHP is behind a proxy server or CDN. Use the wp_stream_client_ip_address filter to set the correct client IP address (see readme.txt for instructions) or configure the hosting environment to report the correct IP address in $_SERVER['REMOTE_ADDR'] (issue #1456, props @calvinalkan).
• Tweak: fix typos in message strings and code comments (fixed in #1461 by @szepeviktor).
• Development: use Composer v2 during CI runs (fixed in #1465 by @szepeviktor).

Full change-log 3.10.0...4.0.0

Version 3.10.0

• Fix: Improve PHP 8.1 compatibility by updating filter_*() calls referencing FILTER_SANITIZE_STRING (issue #1422).
• Fix: prevent PHP deprecation warning when checking for the Stream settings page requests (issue #1440).
• Fix: Add the associated post title to comment events (issue #1430).
• Fix: Use the user associated with a comment instead of the current logged-in user when logging comments (issue #1429).
• Fix: Prevent PHP warnings when no Lead ID present for a Gravity Forms submission (issue #1447).
• Fix: Remove support for legacy WordPress VIP user attribute helpers get_user_attributes(), delete_user_attributes() and update_user_attributes() (issue #1425).
• Development: Document the process for reporting security vulnerabilities (issue #1433).
• Development: Mark as tested with WordPress version 6.3.

Full change log 3.9.3...3.10.0

Version 3.9.3

What's Changed

• Fix: [Security] CVE-2022-43450: Check for capabilities in 'wp_ajax_load_alerts_settings' AJAX action before loading alert settings, props @Lucisu via Patchstack. 1432
• Fix: [Security] CVE-2022-43490: Temporarily remove uninstall flow to avoid inadvertent uninstallation of the plugin, props @Lucisu via Patchstack. #1435
• Development: Mark as tested with the latest version 6.2 of WordPress. #1436

Full Changelog: 3.9.2...3.9.3