diff --git a/.wordpress-org/blueprints/blueprint.json b/.wordpress-org/blueprints/blueprint.json index e3367203..9a52be57 100644 --- a/.wordpress-org/blueprints/blueprint.json +++ b/.wordpress-org/blueprints/blueprint.json @@ -15,7 +15,7 @@ "step": "installPlugin", "pluginZipFile": { "resource": "url", - "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.0.zip" + "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip" }, "options": { "activate": true diff --git a/README.md b/README.md index 6a754132..50eba8e8 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -[Official Release Version: 2.10.0](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.0). +[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1). ## Changelog diff --git a/changelog.txt b/changelog.txt index 17a06292..56362a1b 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,15 @@ == Changelog == += 2.10.1 March 03, 2025 = + +* Bugfixes: + + - Fixed: Security issue CVE ID: CVE-2025-1702. + - Fixed: Activation link redirects to Reset Password after registration without password field and required email activation. + - Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime. + +* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade * + = 2.10.0 February 18, 2025 = * Enhancements: diff --git a/readme.txt b/readme.txt index ff3c0463..c2950d0e 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration Requires PHP: 7.0 Requires at least: 6.2 Tested up to: 6.7 -Stable tag: 2.10.0 +Stable tag: 2.10.1 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.txt @@ -167,6 +167,16 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION += 2.10.1 2025-03-03 = + +**Bugfixes** + +* Fixed: Security issue CVE ID: CVE-2025-1702. +* Fixed: Activation link redirects to Reset Password after registration without password field and required email activation. +* Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime. + +**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade** + = 2.10.0 2025-02-18 = **Enhancements** @@ -267,6 +277,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI == Upgrade Notice == += 2.10.1 = +This version fixes a security related bug. Upgrade immediately. + = 2.10.0 = Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately. diff --git a/ultimate-member.php b/ultimate-member.php index 9ca17b31..54da7c77 100644 --- a/ultimate-member.php +++ b/ultimate-member.php @@ -3,7 +3,7 @@ * Plugin Name: Ultimate Member * Plugin URI: http://ultimatemember.com/ * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress - * Version: 2.10.0 + * Version: 2.10.1 * Author: Ultimate Member * Author URI: http://ultimatemember.com/ * Text Domain: ultimate-member