Added: Stale cache fallback — when an API call fails, the most recently cached response can be served for a configurable grace window instead of surfacing the error. Configure Stale Cache TTL per endpoint or set a site-wide default.
Added: Log viewer status code range filter (2xx / 3xx / 4xx / 5xx) for quickly isolating error responses.
Added: Log level column in the log viewer (debug, info, warning, error) for filtering and auditing.
Added: CSV export of log entries from the log viewer.
Added: Selective bulk delete of log entries.
Improved: Shortcode attributes renamed to match the rest of the plugin — use api_id and endpoint_id. The original api and endpoint attributes continue to work for existing shortcodes.
Fixed: Guided tour steps no longer show “undefined” in the header.
Fixed: Log viewer and breadcrumb UI issues (checkbox column alignment, button spacing, current page bold weight).
Security: Hardened encryption for stored API credentials — AES-256-GCM is now required, with stronger cryptographic randomness and no fallback key.
Security: Favicon uploads are now validated by file content rather than declared type; SVG and Content-Type spoofing are rejected.
Security: Shortcode file-part configuration can no longer be overridden by crafted shortcode attributes.
Security: API keys, bearer tokens, passwords, and other credentials are now masked in request and response logs.
Security: CSV log export neutralizes formula injection attempts (leading =, +, -, @) for safe import into spreadsheet applications.
Security: Users demoted from the Administrator role no longer retain access to HuxxConnect settings.
Security: Admin notice surfaces when the encryption key tier is downgraded, preventing silent key-rotation confusion.
1.0.1
Added: API-wide default headers, query parameters, and body parameters — configure once at the API level, applied to all endpoint requests.
Added: Warning indicator when endpoint headers would override the API’s authorization header.
Added: Patchstack Vulnerability Disclosure Program (VDP) for security bug reporting.
Improved: Export excludes encrypted credentials when the environment lock is active, preventing unusable ciphertext from being included.
Fixed: Error responses could be silently dropped when WPGetAPI compatibility filters modified the HTTP response format.
Fixed: Test variable overrides not applying type coercion — arrays and booleans were sent as strings.
1.0.0
Initial public release on WordPress.org.
0.9.6
Improved: Build script produces wp.org-compatible ZIP filename.
Improved: Added composer.json to distribution for Plugin Check validation.
0.9.4
Added: Extensibility hooks for custom authentication types — Pro and third-party plugins can register new auth methods via the centralized auth type dropdown. (Dev: new huxx_connect/auth/types filter and huxx_connect/auth/fields/{type} action.)
Added: Wildcard array syntax ([]) for extracting data from nested arrays in API responses. (Dev: [] in dot-notation paths traverses array elements, e.g., data.[].name.)
Improved: Redesigned admin interface with design tokens, Phosphor icons, and consistent styling across all views.
Improved: WPGetAPI compatibility bridge documented in readme files.
Improved: Tested up to WordPress 6.9.4.
Fixed: Boolean and integer values in authentication configuration are preserved correctly during import.
Fixed: OAuth 2.0 capitalization corrected on API card auth badges.
0.9.3
Fixed: WPGetAPI compatibility no longer causes fatal errors when WPGetAPI is activated or reactivated. (Dev: activation detection now uses request parameters instead of hook timing.)
Fixed: Empty API credential fields display correctly instead of showing masked placeholder asterisks.
Fixed: Postman import handles empty collection variables and warns about values that need manual attention.
0.9.2
Added: Brace syntax for the keys shortcode attribute — extract multiple fields from a response using keys=”{id},{name}”. (Dev: pipe-delimited paths also supported for WPGetAPI compatibility. Both dot-notation and brace/pipe formats work.)
Added: Shortcode output filter hook for extensions to customize response rendering. (Dev: huxx_connect/shortcode/format_output filter.)
Added: Export data filter hook for extensions to modify exported configurations. (Dev: huxx_connect/export/data filter.)
Improved: API favicons automatically sync when importing API configurations.
Improved: Request preview headers now show masked credential values instead of raw secrets.
Improved: API key values in request URLs are masked in the request log before storage.
For the complete pre-1.0 changelog, see CHANGELOG.md included with the plugin.
