The past few weeks we’ve been working on modernizing our codebase to ensure things run efficiently in the backend. Of course, we squashed a few bugs as well — including one reported and fixed by one of you!

We identified an edge case where the password hash of a WordPress user might be visible to a privileged user. If you’ve assigned tasks to team members and provided API credentials to a less trusted third party, we recommend implementing a password reset for your entire team as a security measure.

Of note, we’ve also bumped the minimum requirements to WordPress 6.0 (released 18 months ago) and PHP 7.4 (released 4 years ago). If you’re not at least on those versions, we recommend working with your host to upgrade. In fact, for security and speed, we highly recommend sticking with the latest version of WordPress (v6.4 as of now) and at least PHP 8.

---

Added

• API: Add support for creating transactions with custom fields.

Changed

• Requires PHP 7.4 or higher.
• Requires WordPress 6.0 or higher.

Fixed

• API: Allow events endpoint to be filtered by owner.
• API: The create_event endpoint no longer throws a 100 error.
• API: Restrict what owner data is returned with events endpoint.
• Backend: Prevent error if OpenSSL functions aren’t available in PHP.
• Backend: Changing how styles are added to the page on several stand-alone pages to prevent WordPress 6.4 compatibility issues.
• Client Portal: Better PHP 8.2 support.
• Contacts: Fixed display issues on the Add and Edit pages that occurred when moving fields.
• Listviews: Remove legacy code.
• Mail Delivery: Removed usage of deprecated function utf8_encode.
• Quote Templates: Fix issue with notes field rendering HTML entities in some cases.
• Quote Templates: Make sure quote titles with apostrophes do not have backslashes added when rendered.
• WooSync: Catch PHP error in Client Portal invoice if WooCommerce is disabled.
• WooSync: Contacts can now be assigned to existing companies.