MMPlugs Logo

Docs / MMCRA Toolkit / Changelog

Changelog

Changelog

1.10.0 — May 2026

Anti-piracy and license enforcement.

  • License-gated features. SBOM generation, Plugin Scanner, Compliance Bundle export, DoC HTML export, and weekly OSV monitoring now require an active license. 14-day grace window covers transient network outages — the License page surfaces a countdown warning when grace is running down.
  • License watermark on every artifact. SBOM, DoC HTML, and Compliance Bundle README are now embedded with a 16-character sha256(license_key + domain) fingerprint. Leaked artifacts trace back deterministically to the buyer.
  • License page now displays the watermark fingerprint so customers know what's embedded.

1.9.0 — May 2026

License + auto-updater integration mirroring MMTable Pro's pattern.

  • New: License management page (CRA Toolkit → License). Activate, deactivate, transfer keys against mmplugs.com.
  • New: Auto-updater. Daily cron checks the update server. WP shows update badge when a new version ships.
  • New: Ed25519 + SHA-256 signature verification before any update is installed. Tampered packages refused.
  • Shipped mm-update-server v0.9.0 with parallel mmcra/v1 namespace alongside existing mmtp/v1.

1.8.0 — May 2026

Security hardening pass.

  • Zip uploads now cap at 5,000 entries and 200 MB total uncompressed size before extraction. Prevents zip-bomb resource exhaustion.
  • .htaccess hardening on every wp-content/uploads/mmcra/ subdirectory denies direct file access and directory listing. Self-heals on admin_init if missing.
  • PGP key field capped at 20 KB. Real keys are 3-8 KB; anything larger is rejected.
  • Error messages no longer expose absolute server paths.
  • New: mmcra_capability filter for sites that want a custom role.
  • "Settings" action link on the WP Plugins screen row.

1.7.x — April 2026

  • 1.7.2: Plugin Scanner and SBOM Generator "upload zip" cards collapsed by default behind an "Advanced" disclosure.
  • 1.7.1: Wizard skip buttons get proper internal padding.
  • 1.7.0: Setup Wizard. Five-step guided flow for first-time configuration.

1.6.0 — April 2026

  • New: SBOM generation from uploaded zip. Generate SBOMs for plugins not installed on this site.

1.5.x — April 2026

  • 1.5.2: Fix fatal printf error in vulnerabilities and scanner output paths.
  • 1.5.1: SBOM components key forced present even when zero deps; OSV check path no longer breaks.
  • 1.5.0: Dashboard compliance grid with bulk actions (generate-all, bundle-all).

1.4.0 — March 2026

  • New: Compliance Bundle export. One ZIP per plugin with every CRA artifact.

1.3.0 — March 2026

  • New: Weekly OSV monitoring cron with email alerts.

1.2.0 — March 2026

  • New: OSV.dev vulnerability check feature.

1.1.x — March 2026

  • 1.1.2: Re-lint and repackage zip after PGP key fix.
  • 1.1.1: Fix PGP key save corruption.
  • 1.1.0: Plugin Scanner subsystem. Static analysis of installed plugins and uploaded zips.

1.0.x — February 2026

  • 1.0.3: Empty banner flash regression fixed.
  • 1.0.2: VDP view file restoration after Edit-tool corruption.
  • 1.0.1: PGP key sanitization fix.
  • 1.0.0: Initial release. SBOM generator, VDP, DoC, audit log, settings.