diff --git a/CHANGELOG.md b/CHANGELOG.md index af224a8..28d2d66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [2.8.3] - 2024-11-18 +### Changed +- Only allow images that were uploaded by the same user be used when setting the avatar via a REST request (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)). + +### Fixed +- Only allow image files to be set as the avatar in REST requests (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)). + +### Security +- Bump `@10up/cypress-wp-utils` from 0.2.0 to 0.4.0, `@sentry/node` from 6.19.7 to 8.38.0, `@wordpress/env` from 9.2.0 to 10.11.0, `cypress` from 13.2.0 to 13.15.2, `cypress-mochawesome-reporter` from 3.6.0 to 3.8.2, `puppeteer-core` from 23.3.0 to 23.8.0 (props [@dkotter](https://github.com/dkotter) via [#319](https://github.com/10up/simple-local-avatars/pull/319)). + ## [2.8.2] - 2024-11-12 ### Fixed - Ensure dependencies are (actually) included properly in the release (props [@dkotter](https://github.com/dkotter) via [#316](https://github.com/10up/simple-local-avatars/pull/316)). @@ -370,6 +380,8 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial release [Unreleased]: https://github.com/10up/simple-local-avatars/compare/trunk...develop +[2.8.3]: https://github.com/10up/simple-local-avatars/compare/2.8.2...2.8.3 +[2.8.2]: https://github.com/10up/simple-local-avatars/compare/2.8.1...2.8.2 [2.8.1]: https://github.com/10up/simple-local-avatars/compare/2.8.0...2.8.1 [2.8.0]: https://github.com/10up/simple-local-avatars/compare/2.7.11...2.8.0 [2.7.11]: https://github.com/10up/simple-local-avatars/compare/2.7.10...2.7.11 diff --git a/package-lock.json b/package-lock.json index 55018fb..5fafee3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "simple-local-avatars", - "version": "2.8.2", + "version": "2.8.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "simple-local-avatars", - "version": "2.8.2", + "version": "2.8.3", "license": "GPL-2.0-or-later", "devDependencies": { "@10up/cypress-wp-utils": "^0.4.0", diff --git a/package.json b/package.json index 033961b..071018a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "simple-local-avatars", - "version": "2.8.2", + "version": "2.8.3", "description": "Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!", "license": "GPL-2.0-or-later", "author": "10up (https://10up.com)", diff --git a/readme.txt b/readme.txt index c824133..2de90c0 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: jakemgold, 10up, thinkoomph, jeffpaul, faisal03 Donate link: https://10up.com/plugins/simple-local-avatars-wordpress/ Tags: avatar, gravatar, user photos, users, profile Tested up to: 6.7 -Stable tag: 2.8.2 +Stable tag: 2.8.3 License: GPL-2.0-or-later License URI: https://spdx.org/licenses/GPL-2.0-or-later.html @@ -45,6 +45,11 @@ No. Simple Local Avatars neither collects, stores, nor sends any PII data of vi == Changelog == += 2.8.3 - 2024-11-18 = +* **Changed:** Only allow images that were uploaded by the same user be used when setting the avatar via a REST request (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)). +* **Fixed:** Only allow image files to be set as the avatar in REST requests (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)). +* **Security:** Bump `@10up/cypress-wp-utils` from 0.2.0 to 0.4.0, `@sentry/node` from 6.19.7 to 8.38.0, `@wordpress/env` from 9.2.0 to 10.11.0, `cypress` from 13.2.0 to 13.15.2, `cypress-mochawesome-reporter` from 3.6.0 to 3.8.2, `puppeteer-core` from 23.3.0 to 23.8.0 (props [@dkotter](https://github.com/dkotter) via [#319](https://github.com/10up/simple-local-avatars/pull/319)). + = 2.8.2 - 2024-11-12 = * **Fixed:** Ensure dependencies are (actually) included properly in the release (props [@dkotter](https://github.com/dkotter) via [#316](https://github.com/10up/simple-local-avatars/pull/316)). diff --git a/simple-local-avatars.php b/simple-local-avatars.php index 7adc93c..17ba278 100644 --- a/simple-local-avatars.php +++ b/simple-local-avatars.php @@ -3,7 +3,7 @@ * Plugin Name: Simple Local Avatars * Plugin URI: https://10up.com/plugins/simple-local-avatars-wordpress/ * Description: Adds an avatar upload field to user profiles. Generates requested sizes on demand, just like Gravatar! Simple and lightweight. - * Version: 2.8.2 + * Version: 2.8.3 * Requires at least: 6.5 * Requires PHP: 7.4 * Author: 10up @@ -35,7 +35,7 @@ require_once dirname( __FILE__ ) . '/includes/class-simple-local-avatars.php'; // Global constants. -define( 'SLA_VERSION', '2.8.2' ); +define( 'SLA_VERSION', '2.8.3' ); define( 'SLA_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); if ( ! defined( 'SLA_IS_NETWORK' ) ) {