laipower/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/CHANGELOG.md

5.6 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

0.8.1 - 2023-01-07

Changed

  • Change directory location that stores firewall rules. [#28049]

0.8.0 - 2022-12-27

Added

  • Add file existance checks before requiring rule files in the WAF. [#28050]
  • Disable Jetpack Firewall on unsupported environments. [#27939]

0.7.2 - 2022-12-19

Fixed

  • Fix the initialization of the firewall. [#27846]

0.7.1 - 2022-12-06

Changed

  • html_entity_decode filter now decodes single-quotes too, and uses a Unicode Replacement Character instead of returning empty string on invalid characters. [#27753]

0.7.0 - 2022-12-05

Added

  • Prepare package for use in the Jetpack Protect standalone plugin. [#27528]

Changed

  • Updated package dependencies. [#27688]

Removed

  • Remove has_rules_access plan check in favor of external alternatives [#27600]

0.6.10 - 2022-11-28

Changed

  • Updated package dependencies. [#27043]

0.6.9 - 2022-11-01

Fixed

  • Fix bug for cron event not generating IP rules. [#27215]

0.6.8 - 2022-10-27

Fixed

  • Fixes several invalid action callbacks. [#27106]

0.6.7 - 2022-09-20

Changed

  • Changing how we load and run the package to avoid actions.php [#24730]

0.6.6 - 2022-09-08

Fixed

  • Fixed exception namespace. [#25663]

0.6.5 - 2022-07-26

Changed

  • Updated package dependencies. [#25158]

0.6.4 - 2022-07-12

Fixed

  • Correct namespacing error. [#24993]

0.6.3 - 2022-06-21

Changed

  • Renaming master to trunk. [#24661]

0.6.2 - 2022-06-06

Fixed

  • Fix the hook we're using for run.php.

0.6.1 - 2022-06-02

Removed

  • Disable the WAF module on Atomic

0.6.0 - 2022-05-18

Added

  • Add checks for a killswitch define [#24247]
  • Added endpoint to update rules on demand [#24327]
  • handle share data option to decide if we should write to log file [#24218]

Fixed

  • Allow the rules API to return 401 responses without throwing an exception. [#24153]
  • fix bootstrap generation in cases file.php is not required yet [#24153]

0.5.1 - 2022-05-04

Added

  • Added a check to only run the firewall when the Jetpack module is enabled, a method to provide the bootstrap.php path, and a REST API endpoint to provide the firewall settings. [#23769]
  • Connected the WAF UI to actually updating the IP block and allow lists when saving the settings. [#24124]

Fixed

  • Fixed database logging [#24070]
  • Fixed issue where code for the waf package was executed if the module was disabled [#24217]
  • Fixed writing rules php files if the API request for getting up-to-date rules failes so that the internal functionality is kept in tact. [#24181]
  • We now sanitize the output generated by blocked requests, and only report the rule ID in the header response. [#24058]

0.5.0 - 2022-04-26

Added

  • added cron to update rules
  • Added WAF IP allow list and block list functionality.

Changed

  • Added comment to ignore failing phpcs check
  • PHPCS: Fix WordPress.Security.ValidatedSanitizedInput
  • Updated package dependencies.

0.4.0 - 2022-04-19

Added

  • added logs when a request is blocked
  • Generating rules now fetches them from the API. Also adds a few CLI commands.

0.3.0 - 2022-04-12

Added

  • Added hooks for generating the rules.php file, and improved functionality and class names.

0.2.0 - 2022-04-06

Added

  • Added Jetpack WAF standalone mode.

Fixed

  • Fix normalizing nested array targets, like with query strings.

0.1.1 - 2022-03-29

Fixed

  • Fixed instance of normalizeHeaderName that wasn't renamed; fixed header parsing; removed unused compiler file.

0.1.0 - 2022-02-16

Added

  • Added executing the WAF as part of the Jetpack plugin.
  • Added Initial version

Changed

  • Core: do not ship .phpcs.dir.xml in production builds.