2.8.3

Changed

• Only allow images that were uploaded by the same user be used when setting the avatar via a REST request (props @dkotter, @justus12337, @faisal-alvi via #317).

Fixed

• Only allow image files to be set as the avatar in REST requests (props @dkotter, @justus12337, @faisal-alvi via #317).

Security

• Bump @10up/cypress-wp-utils from 0.2.0 to 0.4.0, @sentry/node from 6.19.7 to 8.38.0, @wordpress/env from 9.2.0 to 10.11.0, cypress from 13.2.0 to 13.15.2, cypress-mochawesome-reporter from 3.6.0 to 3.8.2, puppeteer-core from 23.3.0 to 23.8.0 (props @dkotter via #319).

---

Full Changelog: 2.8.2...2.8.3
View closed items in the milestone.

2.8.2

Fixed

• Ensure dependencies are (actually) included properly in the release (props @dkotter via #316).

---

Full Changelog: 2.8.1...2.8.2
View closed items in the milestone.

2.8.1

Fixed

• Ensure dependencies are included properly in the release (props @dkotter via #315).

---

Full Changelog: 2.8.0...2.8.1
View closed items in the milestone.

2.8.0

Note that this release bumps the minimum required version of WordPress from 6.4 to 6.5.

Added

• Support for the WordPress.org plugin preview (props @faisal-alvi, @jeffpaul via #297).

Changed

• Update PHP compatibility check to use 10up/wp-compat-validation-tool (props @Sidsector9, @jeffpaul, @faisal-alvi via #291).
• Bump Wordpress "tested up to" version 6.7 (props @sudip-md, @jeffpaul, @dkotter via #310, #312).
• Bump WordPress minimum supported version to 6.5 (props @sudip-md, @jeffpaul, @dkotter via #310, #312).

Fixed

• Ensure all strings are properly translated (props @pedro-mendonca, @dkotter via #295).
• Properly handle malformed simple_local_avatar user data (props @adekbadek, @dkotter, @faisal-alvi via #302).

Security

• Run a user capability check before we clear the avatar cache (props @dkotter, @truonghuuphuc, @Sidsector9 via #309).
• Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props @dkotter, @justus12337, @faisal-alvi via GHSA-wfjh-m788-w2c5).
• Bump axios from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #298).
• Bump webpack from 5.90.0 to 5.94.0 (props @dependabot, @faisal-alvi via #303).
• Bump ws from 7.5.10 to 8.18.0 and @wordpress/scripts from 27.1.0 to 30.4.0 (props @dependabot, @faisal-alvi via #305, #311).
• Bump body-parser from 1.20.2 to 1.20.3, express from 4.19.2 to 4.21.0, send from 0.18.0 to 0.19.0 and serve-static from 1.15.0 to 1.16.2 (props @dependabot, @faisal-alvi via #306).

Developer

• Update repo badges, add WordPress Playground badge, add plugin banner image (props @faisal-alvi, @thrijith, @jeffpaul via #297, #300, #304, #307).

New Contributors

• @pedro-mendonca made their first contribution in #295
• @adekbadek made their first contribution in #302
• @truonghuuphuc made their first contribution in #309
• @justus12337 made their first contribution in GHSA-wfjh-m788-w2c5

---

Full Changelog: 2.7.11...2.8.0
View closed items in the milestone.

2.7.11

Note that this release bumps the minimum required version of WordPress from 6.3 to 6.4.

Changed

• Bumped WordPress "tested up to" version 6.6 and minimum version to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #289, #290).

Security

• Add nonce check when saving the default avatar ID (props @faisal-alvi, @aaemnnosttv, @rafiem, @dkotter via GHSA-46pw-6m35-9m7x).
• Bump braces from 3.0.2 to 3.0.3, pac-resolver from 7.0.0 to 7.0.1, socks from 2.7.1 to 2.8.3 and removes ip (props @dependabot, @Sidsector9 via #286).
• Bump ws from 7.5.9 to 7.5.10 (props @dependabot, @faisal-alvi via #287).

New Contributors

• @sudip-md made their first contribution in #289
• @aaemnnosttv made their first contribution in GHSA-46pw-6m35-9m7x
• @rafiem made their first contribution in GHSA-46pw-6m35-9m7x

---

Full Changelog: 2.7.10...2.7.11
View closed items in the milestone.

2.7.10

Fixed

• Fix Default Avatar Fallback (props @amirhossein7, @faisal-alvi, @dkotter, @qasumitbagthariya via #281).

Security

• Bump express from 4.18.2 to 4.19.2 (props @dependabot, @faisal-alvi via #269).
• Bump follow-redirects from 1.15.5 to 1.15.6 (props @dependabot, @faisal-alvi via #269).
• Bump ip from 1.1.8 to 1.1.9 (props @dependabot, @faisal-alvi via #269).
• Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (props @dependabot, @faisal-alvi via #269).

Full Changelog: 2.7.9...2.7.10

2.7.9

Fixed

• Ensure default Gravatar avatars are shown correctly (props @faisal-alvi, @dkotter, @horrormoviesgr, @inpeaks, @lillylark, @rafaucau, @janrenn via #278).

New Contributors

• horrormoviesgr made their first contribution in #278
• inpeaks made their first contribution in #278
• lillylark made their first contribution in #278
• @rafaucau made their first contribution in #278
• janrenn made their first contribution in #278

---

Full Changelog: 2.7.8...2.7.9
View closed items in the milestone.

2.7.8

Note that this release bumps the minimum required version of WordPress from 5.7 to 6.3.

Added

• "Testing" section in the CONTRIBUTING.md file (props @kmgalanakis, @jeffpaul via #274).

Changed

• Bumped WordPress "tested up to" version 6.5 (props @sudip-md, @dkotter, @jeffpaul via #270).
• Move simple_local_avatar_deleted action to avatar_delete (props @lllopo, @faisal-alvi, @dkotter via #255).
• Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #257).
• Update CODEOWNERS of the plugin (props @jeffpaul, @dkotter via #253).
• Disabled auto sync pull requests with target branch (props @iamdharmesh, @jeffpaul via #263).
• Upgrade download-artifact from v3 to v4 (props @iamdharmesh, @jeffpaul via #265).
• Replaced lee-dohm/no-response with actions/stale to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #266).

Fixed

• Broken default avatar when Local Avatars Only is unchecked (props @faisal-alvi, @ankitguptaindia, @qasumitbagthariya via #260).
• Ensure high-quality avatar preview on profile edit screen (props @ocean90, @dkotter via #273).
• Possible PHP warning (props @BhargavBhandari90, @dkotter via #261).
• Fixed typos (props @szepeviktor, @dkotter via #268).

New (PR) Contributors

• @Sidsector9 made their first contribution in #257
• @szepeviktor made their first contribution in #268

Full Changelog: 2.7.7...2.7.8

2.7.7

Fixed

• Revert the Host/Domain support for local avatar URL (props @faisal-alvi, @jakejackson1, @leogermani, @dkotter via #247).

Security

• Bump axios from 0.25.0 to 1.6.2 and @wordpress/scripts from 23.7.2 to 26.18.0 (props @dependabot, @faisal-alvi via #250).

New Contributors

• @jakejackson1 made their first contribution in #247
• @leogermani made their first contribution in #247

---

Full Changelog: 2.7.6...2.7.7
View closed items in the milestone.

2.7.6

Added

• Check for minimum required PHP version before loading the plugin (props @kmgalanakis, @faisal-alvi via #226).
• pre_simple_local_avatar_url filter to allow an avatar image to be short-circuited before Simple Local Avatars processes it (props @johnbillion, @peterwilsoncc via #237).
• Repo Automator GitHub Action (props @iamdharmesh, @faisal-alvi via #228).
• E2E test for checking the front end of avatars (props @Firestorm980, @iamdharmesh via #219).

Changed

• Bumped WordPress "tested up to" version 6.4 (props @zamanq, @ankitguptaindia, @faisal-alvi, @qasumitbagthariya via #230, #244).
• Update the Dependency Review GitHub Action to leverage our org-wide config file to check for GPL-compatible licenses (props @jeffpaul, @faisal-alvi via #215).
• Documentation updates (props @jeffpaul, @faisal-alvi via #242).

Fixed

• Address conflicts with other plugins and loading the media API (props @EHLOVader, @dkotter via #218).
• Prevent PHP fatal error when switching from a multisite to single site installation (props @ocean90, @ravinderk, @faisal-alvi via #222).
• Local avatar urls remain old after domain/host change (props @jayedul, @ravinderk, @jeffpaul, @faisal-alvi via #216).

Security

• Bump word-wrap from 1.2.3 to 1.2.4 (props @dependabot, @faisal-alvi via #223).
• Bump tough-cookie from 4.1.2 to 4.1.3 (props @dependabot, @faisal-alvi via #225).
• Bump @cypress/request from 2.88.10 to 3.0.0 (props @dependabot, @faisal-alvi via #225, #234).
• Bump cypress from 11.2.0 to 13.2.0 (props @dependabot, @faisal-alvi, @iamdharmesh via #234, #236).
• Bump postcss from 8.4.21 to 8.4.31 (props @dependabot, @faisal-alvi via #238).
• Bump @babel/traverse from 7.20.12 to 7.23.2 (props @dependabot, @faisal-alvi via #240).
• Bump @10up/cypress-wp-utils version to 0.2.0 (props @iamdharmesh, @faisal-alvi via #236).
• Bump @wordpress/env version from 5.2.0 to 8.7.0 (props @iamdharmesh, @faisal-alvi via #236).
• Bump cypress-mochawesome-reporter version from 3.0.1 to 3.6.0 (props @iamdharmesh, @faisal-alvi via #236).

Full Changelog: 2.7.5...2.7.6