magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
main
wc-licensed-product-client/CHANGELOG.md
magdev 56abe8a97c Add update-check endpoint documentation (v0.2.2) 
- Add /update-check endpoint documentation to server-implementation.md
- Add product_not_found error code to error codes table
- Add handleUpdateCheck() handler example in WordPress plugin
- Add findProduct() method stub for product lookups
- Verified client implementation aligns with server documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 11:56:47 +01:00

3.2 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.2.2] - 2026-01-28

Added

  • /update-check endpoint documentation in server-implementation.md
  • product_not_found error code to error codes table
  • handleUpdateCheck() handler example in WordPress plugin implementation
  • findProduct() method stub for product lookups

Changed

  • Verified client implementation aligns with updated server documentation
  • All signature algorithms, key derivation, and JSON canonicalization match server

[0.2.1] - 2026-01-27

Added

  • checkForUpdates() method for checking plugin updates
  • UpdateInfo DTO for update check responses
  • ProductNotFoundException for product_not_found error handling
  • /update-check endpoint support aligned with remote OpenAPI spec (v0.4.0)

Changed

  • Updated local openapi.json to match remote specification (now v0.4.0)
  • Added "Plugin Updates" tag to OpenAPI specification

[0.2.0] - 2026-01-26

Added

  • SSRF protection with URL validation and private IP range blocking
  • allowInsecureHttp constructor parameter for development environments
  • Input validation in all DTO fromArray() methods
  • DateTime exception handling in DTOs
  • Recursive key sorting in ResponseSignature for nested objects

Changed

  • Key derivation now uses RFC 5869 compliant hash_hkdf() instead of custom HMAC
  • Exception messages sanitized to prevent information disclosure
  • Header normalization treats empty values as null

Fixed

  • JSON encoding error handling in ResponseSignature::buildSignaturePayload()
  • Header normalization null risk in SecureLicenseClient

Security

  • Comprehensive security audit performed
  • SSRF vulnerability mitigated
  • Information disclosure in error messages fixed
  • Improved cryptographic key derivation

[0.1.0] - 2026-01-22

Added

  • Object-oriented client library (LicenseClient, LicenseClientInterface)
  • DTO classes for API responses (LicenseInfo, LicenseStatus, ActivationResult)
  • LicenseState enum for license status values
  • Comprehensive exception hierarchy for error handling
  • PSR-3 logging support (optional)
  • PSR-6 caching support (optional)
  • PSR dependencies (psr/log, psr/cache, psr/http-client)
  • PHPUnit test suite with 32 tests covering DTOs, exceptions, and client
  • SecureLicenseClient with response signature verification (HMAC-SHA256)
  • ResponseSignature class for signing and verifying API responses
  • StringEncoder for basic string obfuscation in source code
  • IntegrityChecker for verifying source file integrity
  • SignatureException and IntegrityException for security errors
  • Server implementation documentation (docs/server-implementation.md)
  • Security test suite (34 additional tests)

Changed

  • Updated README with usage examples

[0.0.1] - 2026-01-22

Added

  • Initial composer project setup
  • Package configuration with PSR-4 autoloading
  • Symfony HttpClient dependency (^7.0)
  • Project documentation (README.md, CHANGELOG.md)
  • OpenAPI specification reference in tmp/openapi.json
Reference in New Issue View Git Blame Copy Permalink