Versioned Changelog

*Update: PLUGINS-2936 – Prevent .htaccess Conflicts Causing Mobile Download Issues.

* NEW: ANT_FRAUD-61 – Whitelisting and Blacking functionality for the mobile number verification.

* Fix: Restores normal behavior for the report caching updates scheduled action, which was failing due to a bad filepath.
* Fix: Fix error when placing an order with a valid card after using a declined one.
* Fix: Fix order renewal errors when using some plugins.
* Fix: Prevent fatal errors when loading or deleting subscriptions with corrupted date values stored in a database.
* Fix: Prevent fatal errors when trying to save invalid date values and display better error messages instead.
* Fix: Fix broken blocks and javascript translations.
* Fix: Keep newly created subscriptions in pending status when initial payment fails instead of putting them on hold.
* Dev: Improve test suite bootstrap process by postponing interactions with Action Scheduler until it has fully initialized.
* Dev: Plugin upgrade routines will now be triggered by changes in the main plugin version (and not the core library version).
* Dev: Update wcs_is_paypal_profile_a() so it handles non-string parameters more gracefully. This is principally to reduce noise levels when running the test suite.
* Dev: Proactively reviewed and hardened code to improve our security posture going forward.

* UPDATE: Corrected automatic user login flow after account creation by replacing wp_set_current_user() and wp_set_auth_cookie() with wp_signon().
* UPDATE: Added username existence check to avoid conflicts when generating usernames from email addresses.
* UPDATE: Sanitized $_POST[‘apple-token-redsys’] input variable.
* UPDATE: Secured wp_remote_*() calls with host validation to prevent SSRF vulnerabilities.
* UPDATE: Added permission_callback checks for REST endpoints using referer validation to avoid public access.
* UPDATE: Enabled CURLOPT_SSL_VERIFYHOST = 2 and CURLOPT_SSL_VERIFYPEER = 1 in Redsys API library to enforce proper SSL certificate validation and prevent MITM attacks.
* UPDATE: Justified use of wp_redirect() for external OAuth flow with proper comment.
* UPDATE: Escaped dynamic CSS output for safe rendering.

* Update: Improvement made in Buy Again test email on WooCommerce email settings.
* Dev: Bump WooCommerce “tested up to” version 9.9.5.
* Dev: Bump WordPress “tested up to” version 6.8.1.
* Fix: Fatal error thrown on product page when the previous order is deleted.

* New – Free Gift mode that allows waiving the shipping cost is supported.
* New – Added REST API endpoints support to full CRUD operation for Free Gift rule(s) and Master Log.
* Dev – Bump WooCommerce “tested up to” version 9.9.5.
* Update – Modified REST API response key names for Free Gift rule(s).
* Fix – Free Gift is not awarded when the coupon code is applied with case discrepancies.

* Add – Added support for Express Checkout Buttons

* Update – WordPress 6.8 compatible.
* Update – WooCommerce 10.0 compatible.
* Dev – Revised for PHPStan validation (rules via phpstan.neon).
* Dev – Revised several instances of empty checks on variables that are required to be objects.
* Dev – Fixed a wrong parameter documentation.
* Update – Made the coupon priority info shown easily distinguishable.

* Added – Compatibility with WooCommerce’s Cost of Goods Sold (COGS) feature. #833
* Added – Compatibility with WooCommerce v10.0. #836
* Added – Improved logging when Action Scheduler task execution issues occur. #835