magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
760e1e752a0c088fa634cf7ff678e0735ed525a4
wc-licensed-product-client/CHANGELOG.md
magdev 760e1e752a Add update-check endpoint support (v0.2.1) 
Implement /update-check endpoint aligned with remote OpenAPI spec:
- Add checkForUpdates() method to LicenseClientInterface
- Add UpdateInfo DTO for update check responses
- Add ProductNotFoundException for product_not_found error
- Update local openapi.json to v0.4.0

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 20:52:12 +01:00

85 lines
2.8 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.2.1] - 2026-01-27
### Added
- `checkForUpdates()` method for checking plugin updates
- `UpdateInfo` DTO for update check responses
- `ProductNotFoundException` for `product_not_found` error handling
- `/update-check` endpoint support aligned with remote OpenAPI spec (v0.4.0)
### Changed
- Updated local `openapi.json` to match remote specification (now v0.4.0)
- Added "Plugin Updates" tag to OpenAPI specification
## [0.2.0] - 2026-01-26
### Added
- SSRF protection with URL validation and private IP range blocking
- `allowInsecureHttp` constructor parameter for development environments
- Input validation in all DTO `fromArray()` methods
- DateTime exception handling in DTOs
- Recursive key sorting in `ResponseSignature` for nested objects
### Changed
- Key derivation now uses RFC 5869 compliant `hash_hkdf()` instead of custom HMAC
- Exception messages sanitized to prevent information disclosure
- Header normalization treats empty values as null
### Fixed
- JSON encoding error handling in `ResponseSignature::buildSignaturePayload()`
- Header normalization null risk in `SecureLicenseClient`
### Security
- Comprehensive security audit performed
- SSRF vulnerability mitigated
- Information disclosure in error messages fixed
- Improved cryptographic key derivation
## [0.1.0] - 2026-01-22
### Added
- Object-oriented client library (`LicenseClient`, `LicenseClientInterface`)
- DTO classes for API responses (`LicenseInfo`, `LicenseStatus`, `ActivationResult`)
- `LicenseState` enum for license status values
- Comprehensive exception hierarchy for error handling
- PSR-3 logging support (optional)
- PSR-6 caching support (optional)
- PSR dependencies (`psr/log`, `psr/cache`, `psr/http-client`)
- PHPUnit test suite with 32 tests covering DTOs, exceptions, and client
- `SecureLicenseClient` with response signature verification (HMAC-SHA256)
- `ResponseSignature` class for signing and verifying API responses
- `StringEncoder` for basic string obfuscation in source code
- `IntegrityChecker` for verifying source file integrity
- `SignatureException` and `IntegrityException` for security errors
- Server implementation documentation (`docs/server-implementation.md`)
- Security test suite (34 additional tests)
### Changed
- Updated README with usage examples
## [0.0.1] - 2026-01-22
### Added
- Initial composer project setup
- Package configuration with PSR-4 autoloading
- Symfony HttpClient dependency (^7.0)
- Project documentation (README.md, CHANGELOG.md)
- OpenAPI specification reference in tmp/openapi.json
Reference in New Issue View Git Blame Copy Permalink