magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
760e1e752a0c088fa634cf7ff678e0735ed525a4
wc-licensed-product-client/CHANGELOG.md
magdev 760e1e752a Add update-check endpoint support (v0.2.1) 
Implement /update-check endpoint aligned with remote OpenAPI spec:
- Add checkForUpdates() method to LicenseClientInterface
- Add UpdateInfo DTO for update check responses
- Add ProductNotFoundException for product_not_found error
- Update local openapi.json to v0.4.0

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 20:52:12 +01:00

2.8 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.2.1] - 2026-01-27

Added

  • checkForUpdates() method for checking plugin updates
  • UpdateInfo DTO for update check responses
  • ProductNotFoundException for product_not_found error handling
  • /update-check endpoint support aligned with remote OpenAPI spec (v0.4.0)

Changed

  • Updated local openapi.json to match remote specification (now v0.4.0)
  • Added "Plugin Updates" tag to OpenAPI specification

[0.2.0] - 2026-01-26

Added

  • SSRF protection with URL validation and private IP range blocking
  • allowInsecureHttp constructor parameter for development environments
  • Input validation in all DTO fromArray() methods
  • DateTime exception handling in DTOs
  • Recursive key sorting in ResponseSignature for nested objects

Changed

  • Key derivation now uses RFC 5869 compliant hash_hkdf() instead of custom HMAC
  • Exception messages sanitized to prevent information disclosure
  • Header normalization treats empty values as null

Fixed

  • JSON encoding error handling in ResponseSignature::buildSignaturePayload()
  • Header normalization null risk in SecureLicenseClient

Security

  • Comprehensive security audit performed
  • SSRF vulnerability mitigated
  • Information disclosure in error messages fixed
  • Improved cryptographic key derivation

[0.1.0] - 2026-01-22

Added

  • Object-oriented client library (LicenseClient, LicenseClientInterface)
  • DTO classes for API responses (LicenseInfo, LicenseStatus, ActivationResult)
  • LicenseState enum for license status values
  • Comprehensive exception hierarchy for error handling
  • PSR-3 logging support (optional)
  • PSR-6 caching support (optional)
  • PSR dependencies (psr/log, psr/cache, psr/http-client)
  • PHPUnit test suite with 32 tests covering DTOs, exceptions, and client
  • SecureLicenseClient with response signature verification (HMAC-SHA256)
  • ResponseSignature class for signing and verifying API responses
  • StringEncoder for basic string obfuscation in source code
  • IntegrityChecker for verifying source file integrity
  • SignatureException and IntegrityException for security errors
  • Server implementation documentation (docs/server-implementation.md)
  • Security test suite (34 additional tests)

Changed

  • Updated README with usage examples

[0.0.1] - 2026-01-22

Added

  • Initial composer project setup
  • Package configuration with PSR-4 autoloading
  • Symfony HttpClient dependency (^7.0)
  • Project documentation (README.md, CHANGELOG.md)
  • OpenAPI specification reference in tmp/openapi.json
Reference in New Issue View Git Blame Copy Permalink