AvoPay Bitcoin for WooCommerce

1.0.13

• Fix: PHP fatal error on cron backstop caused by stale interface declarations (broken since v1.0.1)
• Fix: retry payment button now calls the API correctly instead of a removed local method (broken since v1.0.1)
• Fix: “Tested up to” updated to WordPress 7.0 — restores search visibility on WP.org
• Code: Plugin Check 0 errors, 0 warnings

1.0.12

• Fix: payment card now renders above order details and billing address on WooCommerce Blocks checkout
• UX: checkout QR card redesigned — white background for scanner compatibility, reduced size, dark theme
• UX: payment prompt text added above Lightning invoice (“Please complete the Lightning payment below to finalise your order.”)
• UX: Lightning QR reduced from 380px to 220px — still fully scannable, page no longer requires scrolling to see order details
• UX: payment method icon updated to Bitcoin logo; description updated to “Pay from any Bitcoin Lightning wallet”
• UX: admin dashboard header updated with AvoPay logo and Bitcoin menu icon
• Marketplace: installation instructions updated for WordPress.org — no manual ZIP download required

1.0.11

• Compliance: move “External services” to a standalone top-level readme section with full data-sent descriptions and Privacy + Terms links for all five services
• Security: payment status polling endpoints now require a per-order poll token (generated at checkout, verified server-side) — prevents unauthenticated enumeration of order status

1.0.10

• Feature: merchant-absorbs-fees across all payment channels

1.0.5

• Copy: step 3 title, description, and button text updated for clarity

1.0.4

• Fix: admin dashboard now passes correct licensed property to JS (fixes step 2 auto-QR load and step 3 test payment display)

1.0.3

• Compliance: remove custom update checker (WP.org guideline — updates served from WP.org)
• Compliance: rename plugin slug to avopay-bitcoin-for-woocommerce (WooCommerce trademark policy)
• Code: replace date(), parse_url(), strip_tags() with WP equivalents gmdate(), wp_parse_url(), wp_strip_all_tags()
• Code: add wp_unslash() before all sanitize_text_field() calls on superglobals
• Code: add ordered placeholders (%1$s) and translators comments in all translatable strings
• Code: remove development error_log() call

1.0.2

• Fix: site domain now registered with AvoPay on API key activation so client dashboard shows correct domain

1.0.1

• Compliance: payment creation logic moved server-side; plugin is now a thin API connector (no local trial counter or gateway disable)
• Compliance: inline script and style tags replaced with wp_add_inline_script / wp_add_inline_style
• Security: input sanitization added for CONTENT_TYPE, POST keys, and JSON payload version field
• Docs: external service Terms and Privacy links added for CoinGecko, CoinCap, and Blockstream Esplora

1.0.0

• WordPress.org release
• Added: optional “Delete AvoPay data on uninstall” setting (default: off, preserves order financial records)
• Improved: full uninstall cleanup of plugin options, logs table, and cron jobs
• Improved: activation table creation uses dbDelta for safe upgrades

0.5.19

• Fix: test payment stops at transaction.mempool with live wait counter
• UX: step 2 connected + date merged into single pill
• UX: step 3 success state split into green banner and neutral info box

0.5.18

• Security: rate limiting on all API routes
• Security: JWT token_version revocation — stale tokens rejected immediately
• Security: CORS locked down to avopay.dev domains
• Security: OTP log suppression in Nginx access logs
• Security: startup env validation — API exits on missing required vars

0.5.17

• Fix: claim fee bumping on retry (RBF — 500 to 750 to 1000 sats/vbyte)

0.5.16

• Feature: invoice.settled status marks order paid instantly
• Improvement: decoupled claim trigger from webhook handler
• Improvement: adaptive JS polling (1s x 15 then 3s)
• Improvement: API secondary poll via open-CORS swap status endpoint
• Fix: double payment email on fast settlements

0.5.15

• Feature: relay architecture — API-side callback delivery with retry queue
• Feature: swap_registry table tracks full lifecycle per swap

0.5.14

• Feature: server-side callback delivery via AvoPay API

0.5.13

• Fix: WP cron backstop age guard skips orders younger than 2 minutes

0.5.12

• Feature: slow payment watchdog — 30 min delay email and 120 min manual review flag

0.5.11

• Feature: Hetzner cron backstop every 5 min for stuck pending orders

0.5.10

• Feature: L-BTC direct payment tab — customer can pay from any Liquid wallet

0.5.9

• Fix: test payment 500 error — removed stale descriptor method calls
• Fix: step 2 QR and step 3 test payment now show error feedback on AJAX failure

0.5.8

• Fix: claim broadcaster now works on any hosting environment
• Fix: empty PHP files replaced to prevent security scanner false positives

0.5.7

• Feature: server-side SLIP-0077 address derivation via AvoPay API
• Change: vendor directory removed — zero PHP dependencies

0.5.6

• Feature: L-BTC direct payment support
• Feature: retry flow (max 3 attempts)

0.5.5

• Feature: PM2 graceful shutdown
• Feature: claim retry queue with backoff

0.5.4

• Initial public release