Added

• Ability to upload SVGs from more admin locations (props @stormrockwell, @darylldoyle, @wpexplorer, @smerriman, @jeffpaul, @dkotter via #279).

Changed

• Added $attachment_id argument to filters safe_svg_use_width_height_attributes and safe_svg_dimensions (props @roborourke, @dkotter via #278).

Fixed

• Inconsistent or incorrect data type for $svg argument in the filters safe_svg_use_width_height_attributes and safe_svg_dimensions (props @roborourke, @dkotter via #278).

New Contributors

• @stormrockwell made their first contribution in #279
• @wpexplorer made their first contribution in #279

Full Changelog: 2.3.3...2.4.0
View closed items in the milestone.

Security

• Update the enshrined/svg-sanitize package from 0.19.0 to 0.22.0 to fix an issue with case-insensitive attributes slipping through the sanitiser and address PHP 8.4 deprecation warnings (props @darylldoyle, @sudar, @georgestephanis, @dkotter, @realazizk via #268, #272).
• Bump form-data from 4.0.0 to 4.0.4 (props @dependabot, @faisal-alvi via #270).
• Bump tmp from 0.2.3 to 0.2.5 and @inquirer/editor from 4.2.9 to 4.2.16 (props @dependabot, @dkotter via #271).

Developer

• Configure dependabot to automatically create PR for enshrined/svg-sanitize (props @sudar, @georgestephanis, @dkotter, @jeffpaul via #269).

New Contributors

• @georgestephanis made their first contribution in #268
• @sudar made their first contribution in #268
• @realazizk made their first contribution in #272

Full Changelog: 2.3.2...2.3.3
View closed items in the milestone.

Note that this release bumps the WordPress minimum version from 6.5 to 6.6.

Fixed

• Visual parity between the front end and the block editor (props @s3rgiosan, @dkotter via #261, #266).

Changed

• Bump WordPress "tested up to" version 6.8 (props @godleman, @jeffpaul, @dkotter via #251, #254).
• Bump WordPress minimum supported version to 6.6 (props @godleman, @jeffpaul, @dkotter via #254).

Security

• Bump ws from 7.5.10 to 8.18.0, @wordpress/scripts from 27.9.0 to 30.6.0, nanoid from 3.3.7 to 3.3.8 and mocha from 10.2.0 to 11.0.1 (props @dependabot, @peterwilsoncc via #245).
• Bump @babel/runtime from 7.23.9 to 7.27.0, axios from 1.7.4 to 1.8.4, cookie from 0.4.2 to 0.7.1, express from 4.21.0 to 4.21.2 and @wordpress/e2e-test-utils-playwright from 0.26.0 to 1.20.0 (props @dependabot, @dkotter via #250).
• Bump http-proxy-middleware from 2.0.6 to 2.0.9 (props @dependabot, @iamdharmesh via #253).
• Bump tar-fs from 3.0.8 to 3.0.9 (props @dependabot, @dkotter via #258).
• Bump bytes from 3.0.0 to 3.1.2 and compression from 1.7.4 to 1.8.1 (props @dependabot, @dkotter via #265).

Developer

• Update all third-party actions our workflows rely on to use versions based on specific commit hashes (props @dkotter, @jeffpaul via #248).
• Updated GitHub Action workflow permissions (props @dkotter, @jeffpaul via #262).

New Contributors

• @godleman made their first contribution in #251
• @s3rgiosan made their first contribution in #261

Full Changelog: 2.3.1...2.3.2
View closed items in the milestone.

Fixed

• Revert changes made to how we determine custom dimensions for SVGs (props @dkotter, @martinpl, @subfighter3, @smerriman, @gigatyrant, @jeffpaul, @iamdharmesh via #238).

New Contributors

• @gigatyrant made their first contribution in #238
• @martinpl made their first contribution in #238
• @subfighter3 made their first contribution in #238

Full Changelog: 2.3.0...2.3.1
View closed items in the milestone.

Note that this release bumps the WordPress minimum version from 6.4 to 6.5.

Added

• New setting that allows large SVG files (roughly 10MB or greater) to be uploaded and sanitized properly (props @kirtangajjar, @faisal-alvi, @darylldoyle, @manojsiddoji, @dkotter via #201).
• New get_svg_dimensions function in order to reduce code duplication (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).

Changed

• Updated the enshrined/svg-sanitize package from 0.16.0 to 0.19.0 to fix a PHP 8.3 compatibility issue (props @sksaju, @TylerB24890, @darylldoyle, @rolf-yoast, @faisal-alvi via #214).
• Update how image dimensions are passed in get_image_tag_override and one_pixel_fix methods (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).
• Bump WordPress "tested up to" version to 6.7 (props @colinswinney, @jeffpaul via #232, #233).
• Bump WordPress minimum from 6.4 to 6.5 (props @colinswinney, @jeffpaul via #232, #233).
• Remove composer dev dependencies from archived project (props @TylerB24890, @szepeviktor, @peterwilsoncc via #220).

Fixed

• Use proper block category for the Safe SVG Icon block (props @kirtangajjar, @fabiankaegy via #226).

Security

• Only allow SVG file types to be uploaded if our sanitizer is able to run on those files (props @darylldoyle, @xknown, @dkotter via #228).
• Bump webpack from 5.90.1 to 5.94.0 (props @dependabot, @peterwilsoncc via #222).
• Bump ws from 7.5.10 to 8.18.0, serve-static from 1.15.0 to 1.16.2 and express from 4.19.2 to 4.21.0 (props @dependabot, @Sidsector9, @faisal-alvi via #227, #230, #234).

Developer

• Bump @10up/cypress-wp-utils from 0.2.0 to 0.4.0, @wordpress/env from 9.2.0 to 10.12.0, cypress from 13.3.0 to 13.16.0 and cypress-mochawesome-reporter from 3.4.0 to 3.8.2. Downgrades @wordpress/scripts to 27.9.0. Add additional E2E tests (props @dkotter, @Lewiscowles1986 via #234).
• Update repo badges, add banner image (props @jeffpaul, @dkotter via #224, #229).

New Contributors

• @manojsiddoji made their first contribution in #201
• @rolf-yoast made their first contribution in #214
• @TylerB24890 made their first contribution in #214
• @gabriel-glo made their first contribution in #216
• @jeremymoore made their first contribution in #216
• @colinswinney made their first contribution in #232

Full Changelog: 2.2.6...2.3.0
View closed items in the milestone.

Note that this release bumps the WordPress minimum version from 5.7 to 6.4.

Changed

• Bump WordPress "tested up to" version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
• Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).

Security

• Add svg sanitization on the wp_handle_sideload_prefilter filter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g).
• Bump braces from 3.0.2 to 3.0.3, pac-resolver from 7.0.0 to 7.0.1, socks from 2.7.1 to 2.8.3, ws from 7.5.9 to 7.5.10 and remove ip (props @dependabot, @Sidsector9 via #206).
• Bump axios from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218).

Developer

• Update repo badges, add WordPress Playground badge (props @jeffpaul, @dkotter via #217).

New Contributors

• @ankitguptaindia made their first contribution in #212
• @sudip-md made their first contribution in #212
• @xknown made their first contribution in GHSA-3vr7-86pg-hf4g

Full Changelog: 2.2.5...2.2.6
View closed items in the milestone.

Added

• New filter, safe_svg_current_user_can_upload, allowing more control over who can upload SVG files (props @dkotter, @iamdharmesh via #193).

Fixed

• Fatal error when applying the admin_post_thumbnail_html filter with just two arguments (props @kmgalanakis, @dkotter, @liz1kiweno via #196).
• Prevent PHP fatal error when the value of the filtered block categories is not an array (props @kmgalanakis, @dkotter, @cguidog via #200).
• Handled PHP warning when the $image_meta is not an array (props @faisal-alvi, @dkotter, @drazenbebic, @kirtangajjar via #203).

Developer

• Added a "Testing" section in the CONTRIBUTING.md file (props @kmgalanakis, @jeffpaul via #197).
• Added the Repo Automator GitHub Action (props @iamdharmesh, @jeffpaul via #198).

New Contributors

• @kmgalanakis made their first contribution in #196

Full Changelog: 2.2.4...2.2.5
View all items closed in the milestone.

Changed

• Upgrade the download-artifact from v3 to v4 (props @iamdharmesh, @jeffpaul via #181).
• Replaced lee-dohm/no-response with actions/stale to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183).

Fixed

• Ensure the svg file can be loaded before we try accessing it's attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
• Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).

Security

• Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185).
• Bump express from 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).

New Contributors

• @metashield-ie made their first contribution in #186

Full Changelog: 2.2.3...2.2.4
View closed items in the milestone.

Added

• Support for the WordPress.org plugin preview (props @dkotter, @jeffpaul via #167).

Changed

• Bump WordPress "tested up to" version 6.5 (props @dkotter, @jeffpaul via #180).
• Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).

Fixed

• Refactor the svg_dimensions function to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174).
• Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).

Security

• Bump axios from 0.25.0 to 1.6.2 and @wordpress/scripts from 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166).
• Bump follow-redirects from 1.15.3 to 1.15.6 and ip from 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).

New Contributors

• @sksaju made their first contribution in #154
• @cjyabraham made their first contribution in #154
• @Hercilio1 made their first contribution in #154
• @psorensen made their first contribution in #173
• @tictag made their first contribution in #173

Full Changelog: 2.2.2...2.2.3
View closed items in the milestone.

Changed

• Bump WordPress "tested up to" version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).

Fixed

• Ensure CSS applies properly to the SVG Icon block when added via theme.json (props @tobeycodes, @dkotter via #161).

New Contributors

• @tobeycodes made their first contribution in #161
• @qasumitbagthariya made their first contribution in #162

Full Changelog: 2.2.1...2.2.2
View closed items in the milestone.