diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ae440d..af224a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ All notable changes to this project will be documented in this file, per [the Ke ### Security - Run a user capability check before we clear the avatar cache (props [@dkotter](https://github.com/dkotter), [@truonghuuphuc](https://github.com/truonghuuphuc), [@Sidsector9](https://github.com/Sidsector9) via [#309](https://github.com/10up/simple-local-avatars/pull/309)). -- Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props [@dkotter](https://github.com/dkotter), Justus Böhme, [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-wfjh-m788-w2c5](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-wfjh-m788-w2c5)). +- Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-wfjh-m788-w2c5](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-wfjh-m788-w2c5)). - Bump `axios` from 1.6.7 to 1.7.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#298](https://github.com/10up/simple-local-avatars/pull/298)). - Bump `webpack` from 5.90.0 to 5.94.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#303](https://github.com/10up/simple-local-avatars/pull/303)). - Bump `ws` from 7.5.10 to 8.18.0 and `@wordpress/scripts` from 27.1.0 to 30.4.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#305](https://github.com/10up/simple-local-avatars/pull/305), [#311](https://github.com/10up/simple-local-avatars/pull/311)). diff --git a/CREDITS.md b/CREDITS.md index ce87f08..d362318 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Ravi Chandra (@ravichdev)](https://github.com/ravichdev), [Eduard Florea (@eflorea)](https://github.com/eflorea), [Helen Hou-Sandi (@helen)](https://github.com/helen), [@kniebremser](https://github.com/kniebremser), [Robbie Trencheny (@robbiet480)](https://github.com/robbiet480), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Paul de Wouters (@pdewouters)](https://github.com/pdewouters), [Ledwing Hernandez (@Waka867)](https://github.com/Waka867), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Ben Lobaugh (@blobaugh)](https://github.com/blobaugh), [Chris Jones (@heyjones)](https://github.com/heyjones), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Ammon Lockwood (@sumnercreations)](https://github.com/sumnercreations), [David Shanske (@dshanske)](https://github.com/dshanske), [Myles McNamara (@tripflex)](https://github.com/tripflex), [Jackie Kjome (@JackieKjome)](https://github.com/JackieKjome) [David Chabbi (@davidchabbi)](https://profiles.wordpress.org/davidchabbi/), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [@Antonio-Laguna](https://github.com/Antonio-Laguna), [(@ituk)](https://github.com/ituk), [Fabio Giannese (@diodoe)](https://github.com/diodoe), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Ajay Maurya (@ajmaurya99)](https://github.com/ajmaurya99), [Clayton Collie (@claytoncollie)](https://github.com/claytoncollie), [Connor Smyth (@ActuallyConnor)](https://github.com/ActuallyConnor), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [(@holle75)](https://github.com/holle75), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [Ulrich Pogson (@grappler)](https://github.com/grappler), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Austin Passy (@thefrosty)](https://github.com/thefrosty), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Alireza Salehi (@alireza-salehi)](https://github.com/alireza-salehi), [Vlad Olaru (@vladolaru)](https://github.com/vladolaru), [Alec Kinnear (@foliovision)](https://github.com/foliovision), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [David (@pixelloop)](https://github.com/pixelloop), [Victor Berland (@victorberland)](https://github.com/victorberland), [Konstantin Kovshenin (@kovshenin)](https://github.com/kovshenin), [Timothy Wheelock (@t-lock)](https://github.com/t-lock), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Shirkit (@Shirkit)](https://github.com/Shirkit), [Georgi Georgiev (@lllopo)](https://github.com/lllopo), [Matt Watson (@mattwatsoncodes)](https://github.com/mattwatsoncodes), [Christoph Rothmeier (@Rottinator)](https://github.com/Rottinator), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Matthew Haines-Young (@mattheu)](https://github.com/mattheu), [Patryk Kujawa (@patrixer)](https://github.com/patrixer), [Sebastian (@sekra24)](https://github.com/sekra24), [Bhargav Bhandari (@BhargavBhandari90)](https://github.com/BhargavBhandari90), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [Jon Christensen (@Firestorm980)](https://github.com/Firestorm980), [Joseph Richardson (@EHLOVader)](https://github.com/EHLOVader), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Jake Jackson (@jakejackson1)](https://github.com/jakejackson1), [Leo Germani (@leogermani)](https://github.com/leogermani), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [horrormovies.gr (@horrormoviesgr)](https://profiles.wordpress.org/horrormoviesgr/), [inpeaks (@inpeaks)](https://profiles.wordpress.org/inpeaks/), [lillylark (@lillylark)](https://profiles.wordpress.org/lillylark/), [Rafał Całka (@rafaucau)](https://github.com/rafaucau), [janrenn (@janrenn)](https://profiles.wordpress.org/janrenn/), [Amir Hossein (amirhossein7)](https://profiles.wordpress.org/amirhossein7/), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Sudip Dadhaniya (@sudip-md)](https://github.com/sudip-md), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [Rafie Muhammad (@rafiem)](https://github.com/rafiem), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Adam Cassis (@adekbadek)](https://github.com/adekbadek), [Trương Hữu Phúc (@truonghuuphuc)](https://github.com/truonghuuphuc), [Justus Böhme](). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Ravi Chandra (@ravichdev)](https://github.com/ravichdev), [Eduard Florea (@eflorea)](https://github.com/eflorea), [Helen Hou-Sandi (@helen)](https://github.com/helen), [@kniebremser](https://github.com/kniebremser), [Robbie Trencheny (@robbiet480)](https://github.com/robbiet480), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Paul de Wouters (@pdewouters)](https://github.com/pdewouters), [Ledwing Hernandez (@Waka867)](https://github.com/Waka867), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Ben Lobaugh (@blobaugh)](https://github.com/blobaugh), [Chris Jones (@heyjones)](https://github.com/heyjones), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Ammon Lockwood (@sumnercreations)](https://github.com/sumnercreations), [David Shanske (@dshanske)](https://github.com/dshanske), [Myles McNamara (@tripflex)](https://github.com/tripflex), [Jackie Kjome (@JackieKjome)](https://github.com/JackieKjome) [David Chabbi (@davidchabbi)](https://profiles.wordpress.org/davidchabbi/), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [@Antonio-Laguna](https://github.com/Antonio-Laguna), [(@ituk)](https://github.com/ituk), [Fabio Giannese (@diodoe)](https://github.com/diodoe), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Ajay Maurya (@ajmaurya99)](https://github.com/ajmaurya99), [Clayton Collie (@claytoncollie)](https://github.com/claytoncollie), [Connor Smyth (@ActuallyConnor)](https://github.com/ActuallyConnor), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [Rahul Prajapati (@rahulsprajapati)](https://github.com/rahulsprajapati), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [(@holle75)](https://github.com/holle75), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [Ulrich Pogson (@grappler)](https://github.com/grappler), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Austin Passy (@thefrosty)](https://github.com/thefrosty), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Alireza Salehi (@alireza-salehi)](https://github.com/alireza-salehi), [Vlad Olaru (@vladolaru)](https://github.com/vladolaru), [Alec Kinnear (@foliovision)](https://github.com/foliovision), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [David (@pixelloop)](https://github.com/pixelloop), [Victor Berland (@victorberland)](https://github.com/victorberland), [Konstantin Kovshenin (@kovshenin)](https://github.com/kovshenin), [Timothy Wheelock (@t-lock)](https://github.com/t-lock), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Quamruz Zaman (@zamanq)](https://github.com/zamanq), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Shirkit (@Shirkit)](https://github.com/Shirkit), [Georgi Georgiev (@lllopo)](https://github.com/lllopo), [Matt Watson (@mattwatsoncodes)](https://github.com/mattwatsoncodes), [Christoph Rothmeier (@Rottinator)](https://github.com/Rottinator), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Matthew Haines-Young (@mattheu)](https://github.com/mattheu), [Patryk Kujawa (@patrixer)](https://github.com/patrixer), [Sebastian (@sekra24)](https://github.com/sekra24), [Bhargav Bhandari (@BhargavBhandari90)](https://github.com/BhargavBhandari90), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [Jon Christensen (@Firestorm980)](https://github.com/Firestorm980), [Joseph Richardson (@EHLOVader)](https://github.com/EHLOVader), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Jake Jackson (@jakejackson1)](https://github.com/jakejackson1), [Leo Germani (@leogermani)](https://github.com/leogermani), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [horrormovies.gr (@horrormoviesgr)](https://profiles.wordpress.org/horrormoviesgr/), [inpeaks (@inpeaks)](https://profiles.wordpress.org/inpeaks/), [lillylark (@lillylark)](https://profiles.wordpress.org/lillylark/), [Rafał Całka (@rafaucau)](https://github.com/rafaucau), [janrenn (@janrenn)](https://profiles.wordpress.org/janrenn/), [Amir Hossein (amirhossein7)](https://profiles.wordpress.org/amirhossein7/), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Sudip Dadhaniya (@sudip-md)](https://github.com/sudip-md), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [Rafie Muhammad (@rafiem)](https://github.com/rafiem), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Adam Cassis (@adekbadek)](https://github.com/adekbadek), [Trương Hữu Phúc (@truonghuuphuc)](https://github.com/truonghuuphuc), [Justus Böhme (@justus12337)](https://github.com/justus12337). ## Libraries diff --git a/readme.txt b/readme.txt index df30bf2..c824133 100644 --- a/readme.txt +++ b/readme.txt @@ -61,7 +61,7 @@ No. Simple Local Avatars neither collects, stores, nor sends any PII data of vi * **Fixed:** Ensure all strings are properly translated (props [@pedro-mendonca](https://github.com/pedro-mendonca), [@dkotter](https://github.com/dkotter) via [#295](https://github.com/10up/simple-local-avatars/pull/295)). * **Fixed:** Properly handle malformed `simple_local_avatar` user data (props [@adekbadek](https://github.com/adekbadek), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#302](https://github.com/10up/simple-local-avatars/pull/302)). * **Security:** Run a user capability check before we clear the avatar cache (props [@dkotter](https://github.com/dkotter), [@truonghuuphuc](https://github.com/truonghuuphuc), [@Sidsector9](https://github.com/Sidsector9) via [#309](https://github.com/10up/simple-local-avatars/pull/309)). -* **Security:** Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props [@dkotter](https://github.com/dkotter), Justus Böhme, [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-wfjh-m788-w2c5](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-wfjh-m788-w2c5)). +* **Security:** Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-wfjh-m788-w2c5](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-wfjh-m788-w2c5)). * **Security:** Bump `axios` from 1.6.7 to 1.7.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#298](https://github.com/10up/simple-local-avatars/pull/298)). * **Security:** Bump `webpack` from 5.90.0 to 5.94.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#303](https://github.com/10up/simple-local-avatars/pull/303)). * **Security:** Bump `ws` from 7.5.10 to 8.18.0 and `@wordpress/scripts` from 27.1.0 to 30.4.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#305](https://github.com/10up/simple-local-avatars/pull/305), [#311](https://github.com/10up/simple-local-avatars/pull/311)).