3.10.0 Features, Fixes & Maintenance Release

What's Changed

• Main by @timnolte in #304
• Development Environment & Dependecies Updates by @timnolte in #369
• Multisite/network configurations use your current blog as the default… by @danc1248 in #364
• added define config with OIDC_LOGIN_TYPE and OIDC_CLIENT_SCOPE by @matchaxnb in #256
• Aggregated claims by @schanzen in #255
• Implement singleton pattern for OpenID_Connect_Generic class by @RobjS in #190
• Updates NPM Modules & Changes Plugin Instance Visibility by @timnolte in #380
• Bump tar from 4.4.13 to 4.4.19 by @dependabot in #377
• Bump ssri from 6.0.1 to 6.0.2 by @dependabot in #382
• Bump lodash from 4.17.19 to 4.17.21 by @dependabot in #383
• Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in #381
• Bump ws from 6.2.1 to 6.2.2 by @dependabot in #385
• Bump hosted-git-info from 2.8.8 to 2.8.9 by @dependabot in #384
• Fix #178 : update user meta after refresh by @rkcreation in #337
• Add openid-connect-generic-session-expired action on session expiry before logout by @jkouris in #228
• Only load admin CSS when showing settings page by @tommcc in #345
• Refresh user claim by @rkcreation in #338
• Acr value support by @Glowsome in #388
• Refactors new ACR Handling Code for Better Code Quality by @timnolte in #389
• Fixes 3.8.0 Regression for User Creation Failure When No Nickname by @timnolte in #390
• Fixes QS not being added to the redirect URL by @slykar in #335
• Fixes User Linking & Creation Issues by @timnolte in #392
• Dependabot Security Related Fixes & Refactoring by @timnolte in #393
• Updates WP to Latest Dev Standard for Local Development by @timnolte in #395
• Refactors Callable Refresh User Claims Function & Action by @timnolte in #396
• Updates to Allow Composer Installers Version 1 & 2 by @timnolte in #426
• Bump minimist from 1.2.5 to 1.2.6 by @dependabot in #398
• Bump grunt from 1.4.1 to 1.5.3 by @dependabot in #407
• Bump terser from 5.12.1 to 5.14.2 by @dependabot in #422
• Fixes and Updates GitHub Actions by @timnolte in #430
• Prepares New Bug Fix and Refactoring Release by @timnolte in #432
• HOWTO.md: fix typo in alter-user-data example by @xdavidwu in #434
• Create an Official Security Policy by @timnolte in #463
• fix(php): Security upgrade php from 7.4-cli to 8.0-cli [Snyk] by @snyk-bot in #479
• fix(deps): Bump minimatch from 3.0.4 to 3.0.8 by @dependabot in #448
• fix(deps): Bump loader-utils from 1.4.0 to 1.4.2 by @dependabot in #449
• fix(deps): Bump decode-uri-component from 0.2.0 to 0.2.2 by @dependabot in #455
• fix(deps): Bump qs from 6.5.2 to 6.5.3 by @dependabot in #457
• fix(deps): Bump simple-git and @wordpress/env by @dependabot in #464
• fix(deps): Bump @sideway/formula from 3.0.0 to 3.0.1 by @dependabot in #470
• fix(deps): Bump got, @wordpress/env and npm by @dependabot in #487
• fix(deps): Bump async from 2.6.3 to 2.6.4 by @dependabot in #485
• fix(deps): Bump webpack from 5.70.0 to 5.83.1 by @dependabot in #484
• fix(deps): Bump json5 from 1.0.1 to 1.0.2 by @dependabot in #460
• fix(deps): Bump http-cache-semantics and npm by @dependabot in #467
• fix(filters): Prevents running the auth url filter twice by @drzraf in #405
• fix: #458 Log Cleanup When Log Limit Changed by @timnolte in #489
• chore: Clean up PHPStan configuration by @szepeviktor in #420
• chore(Unit Testing): Adds Unit Testing & New Local Development Environment by @timnolte in #501
• chore: Updates documentation & GHA workflows to use develop branch by @timnolte in #506
• Bump axios and @wordpress/scripts by @dependabot in #505
• chore(deps-dev): Bump follow-redirects from 1.15.3 to 1.15.4 by @dependabot in #508
• chore(deps-dev): Bump ip from 1.1.8 to 1.1.9 by @dependabot in #515
• feat(Logging): Updates logging to allow for tracking processing time by @timnolte in #522
• feat(Sessions): Add remember me feature via a filter by @menno-ll in #513
• feat(Cookies): Updates WP Cookie Expiration to Same as Session Length by @menno-ll in #514
• 3.10.0 Features, Fixes & Maintenance Release by @timnolte in #529

New Contributors

• @danc1248 made their first contribution in #364
• @matchaxnb made their first contribution in #256
• @schanzen made their first contribution in #255
• @dependabot made their first contribution in #377
• @rkcreation made their first contribution in #337
• @jkouris made their first contribution in #228
• @tommcc made their first contribution in #345
• @Glowsome made their first contribution in #388
• @slykar made their first contribution in #335
• @xdavidwu made their first contribution in #434
• @snyk-bot made their first contribution in #479
• @szepeviktor made their first contribution in #420
• @menno-ll made their first contribution in #513

Full Changelog: 3.9.1...3.10.0

3.9.1 Maintenance Release

What's Changed

• Improvement: @timnolte - Refactors Composer setup and GitHub Actions.
• Improvement: @timnolte - Bumps WordPress tested version compatibility.

3.9.0 Feature & Maintenance Release

What's Changed

• Feature: @matchaxnb - Added support for additional configuration constants.
• Feature: @schanzen - Added support for agregated claims.
• Fix: @rkcreation - Fixed access token not updating user metadata after login.
• Fix: @danc1248 - Fixed user creation issue on Multisite Networks.
• Feature: @RobjS - Added plugin singleton to support for more developer customization.
• Feature: @jkouris - Added action hook to allow custom handling of session expiration.
• Fix: @tommcc - Fixed admin CSS loading only on the plugin settings screen.
• Feature: @rkcreation - Added method to refresh the user claim.
• Feature: @Glowsome - Added acr_values support & verification checks that it when defined in options is honored.
• Fix: @timnolte - Fixed regression which caused improper fallback on missing claims.
• Fix: @slykar - Fixed missing query string handling in redirect URL.
• Fix: @timnolte - Fixed issue with some user linking and user creation handling.
• Improvement: @timnolte - Fixed plugin settings typos and screen formatting.
• Security: @timnolte - Updated build tooling security vulnerabilities.
• Improvement: @timnolte - Changed build tooling scripts.

Full Changelog: 3.8.5...3.9.0

3.8.5 Maintenance Release

• Fix: @timnolte - Fixes missing URL request validation before use & ensure proper current page URL is setup for Redirect Back.
• Fix: @timnolte - Fixes Redirect URL Logic to Handle Sub-directory Installs.
• Fix: @timnolte - Fixes to provide proper redirect user back for the openid_connect_generic_auth_url shortcode.

3.8.4 Maintenance Release

• Fix: @timnolte - Fixed invalid State object access for redirection handling.
• Improvement: @timnolte - Fixed local wp-env Docker development environment.
• Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.

3.8.3 Maintenance Release

• Fix: @timnolte - Fixed problems with proper redirect handling.
• Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
• Improvement: @timnolte - Refactored additional code to meet coding standards.

3.8.2 Security Release

• Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.

3.8.1 Fix Release

• Fix: @timnolte - Prevent SSO redirect on password protected posts.
• Fix: @timnolte - CI/CD build issues.
• Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.

3.8.0 Feature Release

• Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
• Improvement: @timnolte - NPM version requirements for development.
• Improvement: @timnolte - Travis CI build fixes.
• Improvement: @timnolte - GrumPHP configuration updates for code contributions.
• Improvement: @timnolte - Refactored to meet WordPress coding standards.
• Improvement: @timnolte - Refactored to provide localization.
• Improvement: @timnolte - Refactored to provide a Docker-based local development environment.

3.7.1 Fix Release

• Fix: Release Version Number.