1.9.1

This release features one security fix. Because this is a security release, it is recommended that you update your sites immediately.

The Distributor team would like to thank the reporter for responsibly disclosing this issue, and allowing it to be fixed in this release. If you wish to report a potential security issue, please do so by submitting a security advisory.

Security

• Removed potential for data exposure via the REST API (props @dkotter, @jeffpaul, @peterwilsoncc via GHSA-q43c-v867-4cfp).

1.9.0

Changed

• Change uses of blacklist and use exclude instead (props @dkotter, @jeffpaul, @peterwilsoncc via #961)
• Indicate WordPress 6.1 support (props @peterwilsoncc, @faisal-alvi via #967).

Deprecated

• Deprecate the Distributor\Utils\blacklisted_meta function and the dt_blacklisted_meta filter (props @dkotter, @jeffpaul, @peterwilsoncc via #961).

Fixed

• Prevent distribution of classic editor plugin related meta data. (props @peterwilsoncc, @faisal-alvi, @jeffpaul via #977).
• Return distributed author name when using the get_the_author_meta('display_name') function. (props @cadic, @ravinderk, @iamdharmesh, @mapamond, @peterwilsoncc, @jeffpaul, via #984, #952).

Other

• PHPCS workflow failures. (props @peterwilsoncc, @jeffpaul, @gsarig, @faisal-alvi via #969).

Changes can be reviewed on the 1.9.0 milestone.

1.8.0

Changed

• Upgrade the Plugin Update Checker library, yahnis-elsts/plugin-update-checker, from 4.9 to 4.13 (props @dkotter, @jeffpaul, @peterwilsoncc via #937).

Other

• Automated creation of release pull requests (props @dinhtungdu, @peterwilsoncc, @faisal-alvi, @jeffpaul via #940).
• Use config files to determine version of node used in GitHub actions (props @peterwilsoncc, @Sidsector9, @jeffpaul via #933).

---

Full changelog: 1.7.1...1.8.0
View closed items on the milestone.

1.7.1

Added

• Cypress E2E tests (props @dkotter, @faisal-alvi, @dinhtungdu, @iamdharmesh, @Sidsector9 via #900).

Fixed

• Ensure we don't lose the post_type value when pushing or pulling content (props @dkotter, @pdewouters, @andygagnon, @jmstew3 via #922).

New Contributors

• @pdewouters made their first contribution in #922
• @andygagnon made their first contribution in #922

---

Full Changelog: 1.7.0...1.7.1
View closed items in the milestone.

1.7.0

Added

• Ability to set user roles to pull content (props @faisal-alvi, @dkotter, @peterwilsoncc via #877).
• More robust PHP testing (props @dkotter, @peterwilsoncc, @jeffpaul via #853).
• Support for plugin auto-updates for registered sites (props @dhanendran, @jeffpaul, @dkotter, @sksaju via #726).
• Distributable post types made consistent (props @faisal-alvi, @dkotter, @peterwilsoncc via #907).

Changed

• Bump WordPress "tested up to" version 6.0 (props @jeffpaul, @lukaspawlik, @vikrampm1, @peterwilsoncc via #902).
• Removed system post types for External Connections. (props @dkotter, @faisal-alvi, @peterwilsoncc, @dinhtungdu, @jeffpaul via #898).
• The Distributor > Pull Content menu is now be visible for all user roles. (props @faisal-alvi, @dkotter, @peterwilsoncc via #877).
• Update how we check if someone is running a development version of Distributor (props @dkotter, @jeffpaul, @dinhtungdu via #882).
• GH Action used for deploy to GH Pages (props @iamdharmesh, @jeffpaul via #886).

Fixed

• Unicode characters not escaped correctly (props @amalajith, @dkotter, @cadic, @peterwilsoncc via #890).
• Manually entering a page number doesn't work on the Pull screen (props @faisal-alvi, @dkotter via #878).
• Account for plugin changes in test to determine editor type (classic or block). (props @peterwilsoncc, @faisal-alvi, @dinhtungdu, @jeffpaul via #894).
• Prevent conflict with pre_post_link filter. (props @jeremyfelt, @peterwilsoncc, @jeffpaul, @dinhtungdu via #895).

Removed

• The dt_capabilities & dt_pull_capabilities filters are removed while displaying the menus. (props @faisal-alvi, @dkotter, @peterwilsoncc via #877).
• Known Issue listing for full screen mode (issue fixed in 1.6.5). (props @faisal-alvi, @dkotter, @jeffpaul via #897).

Security

• build(deps): bump guzzlehttp/guzzle from 6.5.3 to 7.4.4 (props @dependabot[bot], @jeffpaul, @peterwilsoncc via #885, #891).
• build(deps): bump terser from 4.7.0 to 4.8.1 (props @dependabot[bot], @jeffpaul, @peterwilsoncc via #911).

---

View all closed issues on the 1.7.0 milestone.

1.6.9

Added

• Dependency security scanning (props @jeffpaul, @dkotter via #869).
• Added new code snippet to Snippets page detailing how to remove canonical links (props @dkotter via #855).

Changed

• Update the version of the bundled Application Passwords plugin to 0.1.3 (props @claytoncollie, @Sidsector9 via #824).
• Clarified the instructions for setting up External Connections (props @skorasaurus, @jeffpaul via #838).
• Minor changes to the remote_post method (props @dkotter, @cadic via #841).
• Bump WordPress "tested up to" version to 5.9 (props @mohitwp, @jeffpaul, @iamdharmesh via #854).

Fixed

• Ensure content updates work for distributed items that use the block editor in WordPress 5.9+ (props @dkotter, @cadic via #845).
• Tidied up the position and style of the help icon that shows on the Distributor settings page (props @willhowat, @dkotter via #871).

Security

• Bump tar from 4.4.8 to 4.4.19 (props @dependabot via #843).
• Bump ajv from 6.12.2 to 6.12.6 (props @dependabot via #849).
• Bump lodash.template from 4.4.0 to 4.5.0 (props @dependabot via #850).
• Bump copy-props from 2.0.4 to 2.0.5 (props @dependabot via #851).
• Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (props @dependabot via #866).

---

View all closed issues in the 1.6.9 milestone

1.6.8

Added

• New hook dt_get_pull_content_rest_query_args to filter WP_Query args for the list-pull-content REST endpoint (props @theskinnyghost, @dkotter via #839).

Changed

• Clear out a user's authorized site list instead of rebuilding it on site changes (props @dkotter , @cadic via #829).

Fixed

• Ensure the connection information we have is valid prior to using that for deletion (props @dkotter, @LucyTurtle via #830).
• Ensure users can enter a per page limit of greater than 100 and have that properly used on the Pull Content screen for External Connections (props @dkotter, @iamdharmesh, @jmstew3 via #831).
• Ensure the Snippets tutorials have a proper height (props @dkotter, @pcrumm via #836).

Security

• Bump actions/checkout in GitHub Action workflow files from v1/v2 to v2.4.0 (props @faisal-alvi via #828).

---

View all closed issues in the 1.6.8 milestone

1.6.7

Added

• Added Snippets page to Distributor's documentation site with helpful filters and callbacks (props @claytoncollie via #817).

Fixed

• Change how the New tab on the Pull Content screen is populated for External Connections (props @dkotter, @dinhtungdu, @cadic, @helen, @jjgrainger, @jakemgold, Lily Bonney, Mollie Pugh, Martina Haines via #811).

---

View all closed issues in the 1.6.7 milestone

1.6.6

Added

• Add filters to control terms and meta distribution for internal connections: dt_push_post_meta and dt_push_post_terms (props @dinhtungdu, @dkotter via #800).

Fixed

• Ensure error messages are shown properly if an error happens during a push (props @dkotter, @Drmzindec via #803).

https://github.com/10up/distributor/milestone/27?closed=1

1.6.5

Added

• Better support for the Block Editor's fullscreen mode via a new Distributor panel with a toggle option (props @dkotter, @dinhtungdu, @helen, @jeffpaul via #750) and #790).
• Update URI header to ensure only legitimate Distributor updates are applied to this install (props @jeffpaul via #778).
• Issue management automation via GitHub Actions (props @jeffpaul #782).

Changed

• Update subscriptions.php hook priority so plugins hooked to save_post can process before syncing happens (props @pascalknecht, @dkotter, @dinhtungdu via #590).
• Documentation updates (props @jeffpaul via #770).

Fixed

• Ensure original site information is set properly on content Pulled from external connections (props @dkotter, @justiny via #776).
• Ensure we are on a multisite before using switch_to_blog (props @dkotter, @Drmzindec via #780).

Security

• Bump y18n from 3.2.1 to 3.2.2 (props @dependabot via #747).
• Bump rmccue/requests from 1.7.0 to 1.8.0 (props @dependabot via #756).
• Bump ssri from 6.0.1 to 6.0.2 (props @dependabot via #757).
• Bump lodash from 4.17.19 to 4.17.21 (props @dependabot via #759).
• Bump hosted-git-info from 2.8.8 to 2.8.9 (props @dependabot via #760).
• Bump path-parse from 1.0.6 to 1.0.7 (props @dependabot via #785).

https://github.com/10up/distributor/milestone/26?closed=1