2.3.0

Note that this release bumps the WordPress minimum version from 6.4 to 6.5.

Added

• New setting that allows large SVG files (roughly 10MB or greater) to be uploaded and sanitized properly (props @kirtangajjar, @faisal-alvi, @darylldoyle, @manojsiddoji, @dkotter via #201).
• New get_svg_dimensions function in order to reduce code duplication (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).

Changed

• Updated the enshrined/svg-sanitize package from 0.16.0 to 0.19.0 to fix a PHP 8.3 compatibility issue (props @sksaju, @TylerB24890, @darylldoyle, @rolf-yoast, @faisal-alvi via #214).
• Update how image dimensions are passed in get_image_tag_override and one_pixel_fix methods (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).
• Bump WordPress "tested up to" version to 6.7 (props @colinswinney, @jeffpaul via #232, #233).
• Bump WordPress minimum from 6.4 to 6.5 (props @colinswinney, @jeffpaul via #232, #233).
• Remove composer dev dependencies from archived project (props @TylerB24890, @szepeviktor, @peterwilsoncc via #220).

Fixed

• Use proper block category for the Safe SVG Icon block (props @kirtangajjar, @fabiankaegy via #226).

Security

• Only allow SVG file types to be uploaded if our sanitizer is able to run on those files (props @darylldoyle, @xknown, @dkotter via #228).
• Bump webpack from 5.90.1 to 5.94.0 (props @dependabot, @peterwilsoncc via #222).
• Bump ws from 7.5.10 to 8.18.0, serve-static from 1.15.0 to 1.16.2 and express from 4.19.2 to 4.21.0 (props @dependabot, @Sidsector9, @faisal-alvi via #227, #230, #234).

Developer

• Bump @10up/cypress-wp-utils from 0.2.0 to 0.4.0, @wordpress/env from 9.2.0 to 10.12.0, cypress from 13.3.0 to 13.16.0 and cypress-mochawesome-reporter from 3.4.0 to 3.8.2. Downgrades @wordpress/scripts to 27.9.0. Add additional E2E tests (props @dkotter, @Lewiscowles1986 via #234).
• Update repo badges, add banner image (props @jeffpaul, @dkotter via #224, #229).

New Contributors

• @manojsiddoji made their first contribution in #201
• @rolf-yoast made their first contribution in #214
• @TylerB24890 made their first contribution in #214
• @gabriel-glo made their first contribution in #216
• @jeremymoore made their first contribution in #216
• @colinswinney made their first contribution in #232

---

Full Changelog: 2.2.6...2.3.0
View closed items in the milestone.

2.2.6

Note that this release bumps the WordPress minimum version from 5.7 to 6.4.

Changed

• Bump WordPress "tested up to" version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
• Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).

Security

• Add svg sanitization on the wp_handle_sideload_prefilter filter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g).
• Bump braces from 3.0.2 to 3.0.3, pac-resolver from 7.0.0 to 7.0.1, socks from 2.7.1 to 2.8.3, ws from 7.5.9 to 7.5.10 and remove ip (props @dependabot, @Sidsector9 via #206).
• Bump axios from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218).

Developer

• Update repo badges, add WordPress Playground badge (props @jeffpaul, @dkotter via #217).

New Contributors

• @ankitguptaindia made their first contribution in #212
• @sudip-md made their first contribution in #212
• @xknown made their first contribution in GHSA-3vr7-86pg-hf4g

---

Full Changelog: 2.2.5...2.2.6
View closed items in the milestone.

2.2.5

Added

• New filter, safe_svg_current_user_can_upload, allowing more control over who can upload SVG files (props @dkotter, @iamdharmesh via #193).

Fixed

• Fatal error when applying the admin_post_thumbnail_html filter with just two arguments (props @kmgalanakis, @dkotter, @liz1kiweno via #196).
• Prevent PHP fatal error when the value of the filtered block categories is not an array (props @kmgalanakis, @dkotter, @cguidog via #200).
• Handled PHP warning when the $image_meta is not an array (props @faisal-alvi, @dkotter, @drazenbebic, @kirtangajjar via #203).

Developer

• Added a "Testing" section in the CONTRIBUTING.md file (props @kmgalanakis, @jeffpaul via #197).
• Added the Repo Automator GitHub Action (props @iamdharmesh, @jeffpaul via #198).

New Contributors

• @kmgalanakis made their first contribution in #196

Full Changelog: 2.2.4...2.2.5
View all items closed in the milestone.

2.2.4

Changed

• Upgrade the download-artifact from v3 to v4 (props @iamdharmesh, @jeffpaul via #181).
• Replaced lee-dohm/no-response with actions/stale to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183).

Fixed

• Ensure the svg file can be loaded before we try accessing it's attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
• Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).

Security

• Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185).
• Bump express from 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).

New Contributors

• @metashield-ie made their first contribution in #186

---

Full Changelog: 2.2.3...2.2.4
View closed items in the milestone.

2.2.3

Added

• Support for the WordPress.org plugin preview (props @dkotter, @jeffpaul via #167).

Changed

• Bump WordPress "tested up to" version 6.5 (props @dkotter, @jeffpaul via #180).
• Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).

Fixed

• Refactor the svg_dimensions function to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174).
• Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).

Security

• Bump axios from 0.25.0 to 1.6.2 and @wordpress/scripts from 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166).
• Bump follow-redirects from 1.15.3 to 1.15.6 and ip from 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).

New Contributors

• @sksaju made their first contribution in #154
• @cjyabraham made their first contribution in #154
• @Hercilio1 made their first contribution in #154
• @psorensen made their first contribution in #173
• @tictag made their first contribution in #173

---

Full Changelog: 2.2.2...2.2.3
View closed items in the milestone.

2.2.2

Changed

• Bump WordPress "tested up to" version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).

Fixed

• Ensure CSS applies properly to the SVG Icon block when added via theme.json (props @tobeycodes, @dkotter via #161).

New Contributors

• @tobeycodes made their first contribution in #161
• @qasumitbagthariya made their first contribution in #162

---

Full Changelog: 2.2.1...2.2.2
View closed items in the milestone.

2.2.1

Changed

• Update to apiVersion 3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133).

Fixed

• Address an error due to the SVG Icon block using the fill-rule attribute (props @zamanq, @jeffpaul, @iamdharmesh via #152).

Security

• Bump postcss from 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155).
• Bump @cypress/request from 2.88.12 to 3.0.1 and cypress from 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156).
• Bump @babel/traverse from 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).

New Contributors

• @fabiankaegy made their first contribution in #133
• @zamanq made their first contribution in #152

---

Full Changelog: 2.2.0...2.2.1
View closed items in the milestone.

2.2.0

Added

• New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
• SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the safe_svg_optimizer_enabled filter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145).
• Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
• Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).

Changed

• Update Support Level from Active to Stable (props @Sidsector9, @iamdharmesh via #100).
• Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
• Bump WordPress "tested up to" version 6.3 (props @dkotter, @jeffpaul via #144).
• Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).

Fixed

• Add namespace to the class_exists check (props @szepeviktor, @iamdharmesh via #120).
• Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
• Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
• Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
• Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
• Ensure SimpleXML exists before using it (props @sdmtt, @faisal-alvi via #140).
• Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).

Security

• Bump semver from 5.7.1 to 5.7.2 (props @dependabot via #134).
• Bump word-wrap from 1.2.3 to 1.2.5 (props @dependabot via #141).
• Bump tough-cookie from 4.1.2 to 4.1.3 and @cypress/request from 2.88.10 to 2.88.12 (props @dependabot via #146).

New Contributors

• @csloisel made their first contribution in #76
• @dhanendran made their first contribution in #76
• @gsarig made their first contribution in #79
• @szepeviktor made their first contribution in #119
• @bmarshall511 made their first contribution in #130
• @sdmtt made their first contribution in #140

---

Full Changelog: 2.1.1...2.2.0
View closed items in the milestone.

2.1.1

Changed

• Upgrade @wordpress npm package dependencies (props @ggutenberg, @Sidsector9 via #108).
• Bump WordPress "tested up to" version to 6.2 (props @ggutenberg, @Sidsector9 via #108).
• Run our E2E tests on the zip generated by "Build release zip" action (props @jayedul, @dkotter via #106).

Fixed

• Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
• Better error handling for environments that don't match our minimum PHP version (props @dkotter, @ravinderk via #111).

New Contributors

• @jayedul made their first contribution in #106
• @ggutenberg made their first contribution in #108
• @ravinderk made their first contribution in #111
• @freinbichler made their first contribution in #112
• @IanDelMar made their first contribution in #112

---

Full Changelog: 2.1.0...2.1.1
View closed items in the milestone.

2.1.0

Added

• An SVG Gutenberg Block (props @faisal-alvi, @Sidsector9, @cr0ybot, @darylldoyle, @cbirdsong, @jeffpaul via #80).
• "Build release zip" GitHub Action (props @iamdharmesh, @dkotter, @faisal-alvi via #87).

Changed

• Bump minimum PHP version from 7.0 to 7.4 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
• Bump minimum WordPress version from 4.7 to 5.7 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
• Bump WordPress "tested up to" version 6.1 (props @iamdharmesh, @peterwilsoncc via #85).

Security

• Updates the underlying sanitisation library to pull in a security fix (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
• Bump got from 10.7.0 to 11.8.5 (props @dependabot via #83).
• Bump @wordpress/env from 4.9.0 to 5.6.0 (props @dependabot via #83).
• Bump simple-git from 3.9.0 to 3.16.0 (props @dependabot via #88, #99).
• Bump loader-utils from 2.0.2 to 2.0.4 (props @dependabot via #92).
• Bump json5 from 1.0.1 to 1.0.2 (props @dependabot via #91).
• Bump decode-uri-component from 0.2.0 to 0.2.2 (props @dependabot via #93).
• Bump markdown-it from 12.0.4 to 12.3.2 (props @dependabot, @peterwilsoncc via #94).
• Bump @wordpress/scripts from 19.2.4 to 25.1.0 (props @dependabot, @peterwilsoncc via #94).
• Bump http-cache-semantics from 4.1.0 to 4.1.1 (props @dependabot, @peterwilsoncc via #101).
• Bump webpack from 5.75.0 to 5.76.1 (props @dependabot, @faisal-alvi via #103).
• Bump svg-sanitizer from 0.15.2 to 0.16.0 (props @darylldoyle, @faisal-alvi, @Cyxow via #105).

New Contributors

• @Sidsector9 made their first contribution in #80
• @cr0ybot made their first contribution in #80
• @cbirdsong made their first contribution in #80
• @vikrampm1 made their first contribution in #82

---

Full Changelog: 2.0.3...2.1.0
View closed items in the milestone.