* prepared to release;

This commit is contained in:
Mykyta Synelnikov
2024-09-27 17:16:33 +03:00
parent 35e3727bca
commit d0aafed9a2
4 changed files with 76 additions and 3 deletions
+1 -1
View File
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
[Official Release Version: 2.8.6](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.6).
[Official Release Version: 2.8.7](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.7).
## Changelog
+52 -2
View File
@@ -1,10 +1,60 @@
== Changelog ==
= 2.8.7 Aug 19, 2024 =
= 2.8.7 September 30, 2024 =
* Enhancements:
- Added: Single user actions on WP Users list table
- Updated: User status filter on WP Users list table
- Updated: User bulk actions on WP Users list table
- Updated: User actions on User Profile and Member Directory card
- Added: Applying shortcodes in the post restriction message
- Added: ProfilePage Structured Data
- Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message
- Changed: Some wp-admin fields descriptions
- Updated: Data format in `um_admin_bulk_user_actions_hook` hook. Changed format from `$action_slug => array( 'label' => $action_title )` to `$action_slug => $action_title`
- Added: `$old_status` param to `um_after_user_status_is_changed` hook
- Added: `$user_id` param to `um_before_user_hash_is_changed` hook
- Added: `$user_id, $hash, $expiration` params to `um_after_user_hash_is_changed` hook
- Added: `um_restricted_post_content` hook
- Added: `um_loggedin_inner_content` hook
- Added: `um_profile_dynamic_meta_profile_schema` hook
* Bugfixes:
- Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns.
- Fixed: Single user action on User Profile security vulnerability. CVE ID: CVE-2024-8520
- Fixed: [um_loggedin] shortcode security vulnerability. CVE ID: CVE-2024-8519
- Fixed: Performance issue related to Settings > Secure tab
- Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns
- Fixed: Telegram and Discord social links in profile header
- Fixed: UM links to empty phone numbers
- Fixed: Email changing via User Account flush session. Security enhancement because email can be used for login
- Fixed: User Profile image URL in meta tags
- Fixed: Empty User Profile and PHP Fatal error when cannot get profile field data
- Fixed: Parsing /modal/ templates and parsing templates on the Windows hosting
- Fixed: Validation `form_id` attribute in the `ultimatemember` shortcode
* Templates required update:
- login-to-view.php
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade
* Deprecated:
- Hook: `um_after_user_status_is_changed_hook`. Use action hook `um_after_user_status_is_changed` instead.
- Hook: `um_when_status_is_set`. Use action hook `um_before_user_status_is_set` instead.
- Hook: `um_admin_user_action_hook`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
- Hook: `um_admin_user_action_{$bulk_action}_hook`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
- Hook: `um_admin_custom_hook_{$action}`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
- Function: `UM()->user()->set_status( $status )`. Use function `UM()->common()->users()->set_status( $status, $user_id )` instead.
- Function: `UM()->user()->assign_secretkey()`. Use function `UM()->common()->users()->assign_secretkey( $user_id )` instead.
- Function: `UM()->user()->approve( $repeat )`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead.
- Function: `UM()->user()->email_pending()`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead.
- Function: `UM()->user()->pending()`. Use function `UM()->common()->users()->set_as_pending( $user_id, $force )` instead.
- Function: `UM()->user()->reject()`. Use function `UM()->common()->users()->reject( $user_id, $force )` instead.
- Function: `UM()->user()->deactivate()`. Use function `UM()->common()->users()->deactivate( $user_id, $force )` instead.
- Function: `UM()->user()->user_exists_by_id( $user_id )`. Use function `UM()->common()->users()::user_exists( $user_id )` instead.
= 2.8.6 May 22, 2024 =
+2
View File
@@ -1514,6 +1514,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
/**
* Set user's hash
*
* @deprecated 2.8.7
*/
public function assign_secretkey() {
_deprecated_function( __METHOD__, '2.8.7', 'UM()->common()->users()->assign_secretkey()' );
+21
View File
@@ -178,6 +178,13 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
* Added: ProfilePage Structured Data
* Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message
* Changed: Some wp-admin fields descriptions
* Updated: Data format in `um_admin_bulk_user_actions_hook` hook. Changed format from `$action_slug => array( 'label' => $action_title )` to `$action_slug => $action_title`
* Added: `$old_status` param to `um_after_user_status_is_changed` hook
* Added: `$user_id` param to `um_before_user_hash_is_changed` hook
* Added: `$user_id, $hash, $expiration` params to `um_after_user_hash_is_changed` hook
* Added: `um_restricted_post_content` hook
* Added: `um_loggedin_inner_content` hook
* Added: `um_profile_dynamic_meta_profile_schema` hook
**Bugfixes**
@@ -201,6 +208,20 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
**Deprecated**
Hook: `um_after_user_status_is_changed_hook`. Use action hook `um_after_user_status_is_changed` instead.
Hook: `um_when_status_is_set`. Use action hook `um_before_user_status_is_set` instead.
Hook: `um_admin_user_action_hook`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
Hook: `um_admin_user_action_{$bulk_action}_hook`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
Hook: `um_admin_custom_hook_{$action}`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead.
Function: `UM()->user()->set_status( $status )`. Use function `UM()->common()->users()->set_status( $status, $user_id )` instead.
Function: `UM()->user()->assign_secretkey()`. Use function `UM()->common()->users()->assign_secretkey( $user_id )` instead.
Function: `UM()->user()->approve( $repeat )`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead.
Function: `UM()->user()->email_pending()`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead.
Function: `UM()->user()->pending()`. Use function `UM()->common()->users()->set_as_pending( $user_id, $force )` instead.
Function: `UM()->user()->reject()`. Use function `UM()->common()->users()->reject( $user_id, $force )` instead.
Function: `UM()->user()->deactivate()`. Use function `UM()->common()->users()->deactivate( $user_id, $force )` instead.
Function: `UM()->user()->user_exists_by_id( $user_id )`. Use function `UM()->common()->users()::user_exists( $user_id )` instead.
= 2.8.6 2024-05-22 =
**Enhancements**