Updates: Squirrly SEO (on the plugin side)
Squirrly:
= 12.4.17 =
* Security - Stop exposing master API tokens in the Live Assistant frontend config
* Security - sla_customcall restricted to a fixed allowlist of research endpoints
* Security - savePost whitelists post meta keys and validates JSON-LD data as JSON
* Security - JSON-LD output always re-encoded from validated JSON to block stored XSS
* Security - Settings backup and restore exclude per-site auth credentials
* Update - HMAC-signed API requests with a per-site key
* Update - Signed cloud callbacks via /wp-json/squirrly/v1/identity for clone detection
* Update - Detect cloned installs and require a fresh handshake on duplicates
* Update - Replace sqQuery JS global with sqAdmin; use the default WordPress ajaxurl
* Update - Redact tokens and signatures from local debug output
= 12.4.17 =
* Security - Stop exposing master API tokens in the Live Assistant frontend config
* Security - sla_customcall restricted to a fixed allowlist of research endpoints
* Security - savePost whitelists post meta keys and validates JSON-LD data as JSON
* Security - JSON-LD output always re-encoded from validated JSON to block stored XSS
* Security - Settings backup and restore exclude per-site auth credentials
* Update - HMAC-signed API requests with a per-site key
* Update - Signed cloud callbacks via /wp-json/squirrly/v1/identity for clone detection
* Update - Detect cloned installs and require a fresh handshake on duplicates
* Update - Replace sqQuery JS global with sqAdmin; use the default WordPress ajaxurl
* Update - Redact tokens and signatures from local debug output