Releases: Labs64/PluginPass
Releases · Labs64/PluginPass
0.10.3
0.10.2
What's Changed
- Fix: Harden file read operations against path traversal attacks
Full Changelog: 0.10.1...0.10.2
0.10.1
What's Changed
This release reactivates the PluginPass plugin with major security updates and modernization. The update addresses critical security vulnerabilities and ensures compatibility with modern WordPress and PHP versions.
Security & Compliance
- Fixed critical vulnerabilities including SQL injection, XSS, and open redirect/SSRF
- Proper escaping, input sanitization, nonce verification, and SQL safety implemented
- PHP requirement updated from 5.6 → 8.2, WordPress from 4.9.7 → 6.x
- Text domain changed from 'pluginpass' to 'pluginpass-pro-plugintheme-licensing' for correct internationalization
- Resolved 433+ PHPCS issues and reduced PHPStan errors from 292 → 25
Key Improvements
- Enhanced output escaping using esc_html(), esc_attr(), esc_url(), wp_kses_post()
- Improved input sanitization with sanitize_text_field(), sanitize_key(), wp_unslash()
- Replaced date() with gmdate() for timezone safety
- Fixed plugin activation errors with existence checks
- Updated demo plugin with the same security fixes
- Added WordPress coding standards compliance
Technical Enhancements
- Configured PHPStan with WordPress stubs for better static analysis
- Improved CI/CD pipelines with automated quality checks
- Enhanced code documentation and type hints
Full Changelog: 0.9.10...0.10.1
0.10.0
What's Changed
This release reactivates the PluginPass plugin with major security updates and modernization. The update addresses critical security vulnerabilities and ensures compatibility with modern WordPress and PHP versions.
Key Highlights
Security & Compliance
- Fixed critical vulnerabilities including SQL injection, XSS, and open redirect/SSRF
- Proper escaping, input sanitization, nonce verification, and SQL safety implemented
- PHP requirement updated from 5.6 → 8.2, WordPress from 4.9.7 → 6.x
- Text domain changed from 'pluginpass' to 'pluginpass-pro-plugintheme-licensing' for correct internationalization
- Resolved 433+ PHPCS issues and reduced PHPStan errors from 292 → 25
Key Improvements
- Enhanced output escaping using esc_html(), esc_attr(), esc_url(), wp_kses_post()
- Improved input sanitization with sanitize_text_field(), sanitize_key(), wp_unslash()
- Replaced date() with gmdate() for timezone safety
- Fixed plugin activation errors with existence checks
- Updated demo plugin with the same security fixes
- Added WordPress coding standards compliance
Technical Enhancements
- Configured PHPStan with WordPress stubs for better static analysis
- Improved CI/CD pipelines with automated quality checks
- Enhanced code documentation and type hints
Full Changelog: 0.9.10...0.10.0