All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
2.7.0 - 2024-??-??
- Add AppSec component support
- Make some fields required when necessary in the settings page (LAPI URL, Api key if authentication type is Api key, etc.)
- Update the standalone settings file if the file is already present (even if the setting is disabled)
2.6.7 - 2024-07-26
- Add compatibility with WordPress 6.6
2.6.6 - 2024-06-20
- Remove Twig dependency to avoid conflict with other plugins or themes (see issue 153)
2.6.5 - 2024-06-20
- No change in this version (wrong release process)
2.6.4 - 2024-06-13
- Fix Redis connection error when using user and password in DSN
2.6.3 - 2024-04-05
- Add compatibility with WordPress 6.5
2.6.2 - 2024-03-29
- Use
CrowdSecWordPressBouncernamespace to avoid conflict with other plugins or themes
2.6.1 - 2024-03-14
- Fix incorrect log and cache paths in admin view
2.6.0 - 2024-03-14
- Move logs and cache folders to
wp-content/uploads/crowdsecto avoid deletion on plugin update and pass checksum validation - Write
standalone-settings.phpfile only if the new settingEnable auto_prepend_file modeis on.
- Add a
Enable auto_prepend_file modesetting.
2.5.2 - 2023-11-23
- Add compatibility with WordPress 6.4
2.5.1 - 2023-09-14
- Add compatibility with WordPress 6.3
2.5.0 - 2023-06-01
- Add WordPress multisite compatibility
2.4.1 - 2023-04-28
- No change. Release to test update process hook.
2.4.0 - 2023-04-28
- Use absolute path for TLS files
- Use absolute path for geolocation files
- Add an action after plugin upgrade to recreate standalone settings file
2.3.1 - 2023-04-06
- Use root
.htaccessinstead of multiple subfolders.htaccess
2.3.0 - 2023-04-06
- Add
.htaccessfiles to deny direct access of plugin sensitive folders
2.2.0 - 2023-03-30
- Do not use cache tags
- Do not rotate log files
- Add tests for WordPress 6.2
2.1.0 - 2023-03-23
- Add a
custom_user_agentsetting for debug (#95)
- Fix error on fresh install because Api key is required even if bouncing is disabled
2.0.4 - 2023-03-09
- If a database option is empty, we add the default value to avoid configuration PHP error (#133)
2.0.3 - 2023-02-16
- If
display_errorssetting istrue, error is thrown only if bouncer has been successfully instantiated
2.0.2 - 2023-02-16
- Cast missing database options to string if necessary (#127)
2.0.1 - 2023-02-14
- Fix missing
TwigTest.phpin release zip that broke captcha and ban walls - Fix bad memcached dsn check
- Fix clean and bad ip resync values when disabling stream mode
2.0.0 - 2023-02-09
- All source code has been refactored using new CrowdSec PHP librairies:
- Logs messages have been changed
- User Agent sent to CrowdSec LAPI has been changed to
csphplapi_WordPress/vX.Y.Z
- Remove
Geolocation save resultsetting. To disable Geolocation result saving, we can set 0 in theGeolocation cache lifetimesetting
1.11.0 - 2022-12-22
- Add LAPI request timeout setting (default to 120 seconds)
1.10.0 - 2022-12-01
- Modify ban and captcha walls templating for W3C validity
- Do not use cache tags for
memcachedas it is discouraged - Replace unauthorized chars by underscore
_in cache keys
- Add tests for WordPress 6.1
1.9.0 - 2022-09-15
- Add TLS authentication feature
- Fix false negative connection test from admin when
trust_ip_forward_arraysetting is not in database
1.8.1 - 2022-08-18
- Set missing default values in settings
1.8.0 - 2022-08-04
- Add
use_curlconfiguration: should be used ifallow_url_fopenis disabled andcurlis available - Add
disable_prod_logconfiguration
- Change log path to
wp-content/plugins/crowdsec/logs - By default, the
bouncing_levelsetting isbouncing_disabled(instead ofnormal_bouncing)
1.7.0 - 2022-07-21
- Add geolocation feature
- Do not throw exception if empty api url as it is the default after a fresh install and activation
- Changed default value for some boolean value as WordPress config are always string
1.6.0 - 2022-06-30
- Add "Test bouncing" action in settings view
1.5.1 - 2022-06-24
- Add tests for WordPress 6.0
1.5.0 - 2022-06-09
- Add configuration to set captcha flow cache lifetime
- Use cache instead of session to store some captcha flow values
- Fix wrong deleted decisions count during cache refresh
1.4.3 - 2022-05-13
- Do not bounce if headers are already sent
1.4.2 - 2022-05-13
- Add WordPress debug log if bouncer logger is not ready
1.4.1 - 2022-04-10
- Close the session after bounce process
1.4.0 - 2022-04-07
- Do not bounce PHP CLI
1.3.2 - 2022-03-10
- Fix debug log for marketplace deployed version
1.3.1 - 2022-03-10
- Fix
gregwar/captchafor PHP 8.1 compatibility (by using version 0.15.0 ofcrowdsec/bouncerlib)
1.3.0 - 2022-02-03
- Use static settings only in standalone mode
1.2.5 - 2022-01-27
- Add test for WordPress 5.9
1.2.4 - 2021-12-16
- Fix CHANGELOG link in readme.txt
1.2.3 - 2021-12-16
- Add CHANGELOG file
1.2.2 - 2021-12-09
- Fix service-contracts version to avoid svn error due to PHP 8 code style
1.2.1 - 2021-12-09
- Fix symfony polyfill-mbstring version to avoid wordpress svn pre-commit hook error
- Fix PHP version to 7.2 as we have to run
composer installon a PHP 7.2 environment
1.2.0 - 2021-12-09
- Add end to end GitHub actions test
- Remove useless configuration to enable standalone mode. This mode should be entirely determined by the presence of an auto_prepend_file PHP directive (php.ini, Apache, nginx, ...)
- Fix issue that cause warning message error on front in standalone mode
- Fix behavior : bounce should not be done twice in standalone mode
1.1.2 - 2021-12-02
- Use displayErrors variable to decide if we throw error or not
1.1.1 - 2021-12-02
- Fix release script
1.1.0 - 2021-12-02
- Use
0.14.0version of crowdsec php lib - Handle typo fixing for retro compatibility (
flex_boucing=>flex_bouncingandnormal_boucing=>normal_bouncing) - Split of debug in 2 configurations : debug and display_errors
1.0.7 - 2021-10-22
- Add compatibility test for WordPress 5.8
1.0.6 - 2021-08-24
- Handle invalid input Ip format when the scope decision is set to "Ip"
1.0.5 - 2021-07-01
- Close php session after bouncing
1.0.4 - 2021-06-25
- Fix a bug at install/update process of the plugin.
1.0.3 - 2021-06-24
- This release is just a small fix to let the WordPress Marketplace consider the "1.0.3" as stable and propose this version to be downloaded. (yes, the previous fix was not enough)
1.0.2 - 2021-06-24
- This release is just a small fix to let the WordPress Marketplace consider the "1.0.2" as stable and propose this version to be downloaded.
1.0.1 - 2021-06-24
- Update the package metadata to indicate to the Wordpress Marketplace that this plugin has been successuly tested with the latest Wordpress 5.7 release (PHP 7.3, 7.4, 8.0)
- Update E2E tests dependencies
- Fix a problem when running dev environment on linux hosts : the "enable_ipv6" docker compose attribute was no more accepted since in docker compose v3.
1.0.0 - 2021-06-24
- Add Standalone mode: an option allowing the PHP engine to no longer have to load the WordPress core during the bouncing stage. To be able to apply this mode, the webmaster has to set the auto_prepend_file PHP flag to the script we provide.
- Add debug mode: user can enable the debug mode directly from the CrowdSec advanced settings panel. A more verbose log will be written when this flag is enabled.
- Add WordPress 5.7 support
- Add PHP 8.0 support
- Store Plugin in a flat file. This is a step to prepare the standalone mode.
- Prevent proxies from caching the wall pages. When the WP is covered by a reverse proxy (like a CDN, Varnish, Nginx reverse proxy etc), the wall page (ban or catpcha) is no more cached.
- Fix incompatibilities with other plugin (session_start). When another plugin uses PHP sessions, using the two plugins together trigger a PHP notice (session_start already sent). This has been fixed.
0.6.0 - 2021-01-23
- Add ipv6 support
0.5.4 - 2021-01-14
- Update doc
0.5.3 - 2021-01-14
- Update doc and assets
0.5.2 - 2021-01-14
- Update doc and assets
0.5.1 - 2021-01-14
- Update doc and assets
0.5.0 - 2021-01-13
- Allow user to customize public pages
0.4.5 - 2021-01-12
- Update deps
- Use
.envfile for docker-compose - Update doc
0.4.4 - 2021-01-12
- Improve dev environment
0.4.3 - 2021-01-05
- Improve log system
0.4.2 - 2021-01-05
- Improve security
0.4.1 - 2020-12-26
- Add more tests
0.4.0 - 2020-12-24
- Add cdn ip ranges
- Add WordPress support from 4.9 to 5.6
- Add functional tests for every WordPress version
- Add wp scan dev tool
0.3.0 - 2020-12-22
- Add redis and memcached connection checks
- Make a lint pass
0.2.0 - 2020-12-22
- Use the new bouncer constructor syntax
- Allow hiding cs mentions
- Remove todo mentions
- Hide paranoid mode as it is wip
- Add versioning process
0.1.0 - 2020-12-22
- Initial release