Mikesoft TeamVault

2.0.8

• Hardened uninstall data removal so recursive storage cleanup refuses paths outside the storage root and does not follow symlinks.
• Hardened upload validation so SVG remains blocked even if another extension filter tries to re-add it.
• Confirmed WordPress.org listing translations should be handled through translate.wordpress.org instead of shipping locale-specific readme files.

2.0.7

• Fixed stale file browser refresh behavior in local and proxy-backed environments by adding cache-busting to TeamVault browser/search requests.
• Disabled HTTP caching on browser/search REST responses so file and folder changes are visible immediately after create, upload, rename, move, and delete actions.
• Improved client-side upload size validation so it also respects the effective PHP upload and post limits before sending oversized files.
• Split REST permission callbacks into explicit read, write, and delete guards while preserving the current capability model.
• Hardened ZIP export temporary file generation and readability checks.
• Updated the in-plugin admin logo color to TeamVault blue.

2.0.6

• Fixed file list not refreshing immediately after delete file, delete folder, rename file, rename folder, and move file operations.
• Disabled HTTP caching for browser/search REST responses so local environments show changes immediately.
• Fixed ZIP export temporary file collisions and readability checks.

2.0.5

• Fixed new files and folders not appearing immediately after upload or folder creation.
• Fixed storage security notice reappearing on every page load with no way to dismiss it.
• Fixed JavaScript event listener accumulation on context menu and folder tree toggle.
• Fixed concurrent navigation requests corrupting the file list with stale data.
• Hardened download and preview streams: readable check before headers, MIME type sanitized against response splitting.
• Fixed several PHP correctness issues: wp_mkdir_p return value, finfo resource leak, tmp_name path handling, strtotime false guard.
• Fixed XSS vector in user search autocomplete via unescaped username attribute.
• Added sanitize_callback to REST API string parameters for WordPress.org compliance.

2.0.4

• Improved the upload error message when a file exceeds the size limit so it now shows the file name, its actual size, and the configured maximum.
• Added a client-side size check before upload so users get immediate feedback without waiting for a server round-trip.

2.0.3

• Hardened TeamVault filesystem boundary checks and rejected symlink traversal inside private storage operations.
• Added safer reindex validation so unsafe or disallowed files are skipped and reported.
• Switched activity log IP capture to the direct server address instead of spoofable forwarding headers.
• Added an administrator storage notice when the private document path is inside the public uploads tree.
• Changed new activations so only Administrators receive TeamVault document access by default.

2.0.2

• Fixed TeamVault REST requests on sites that use plain permalinks instead of pretty permalinks.
• Improved upload feedback when PHP rejects an oversized request before a file reaches TeamVault validation.

2.0.1

• Added the TeamVault file manager screenshot to the WordPress.org listing and GitHub documentation.
• Completed Italian interface translation coverage and removed stale translation entries.
• Fixed the move-file validation message shown when a file is already in the destination folder.

2.0.0

• Major security and reliability release for stricter administrator-only controls.
• Settings, activity logs, whitelist management, maintenance tools, and uninstall data controls now require administrator-level access.
• Reduced user data exposure by removing email search and email fields from the user search REST response.
• Improved large-file handling for uploads, downloads, previews, and ZIP exports while keeping Plugin Checker compatibility annotations in place.
• Added regression coverage for administrator-only controls and user search privacy.

1.3.6

• Restricted TeamVault settings, activity logs, whitelist management, and maintenance tools to administrator-level access.
• Reduced user search exposure by removing email search and email data from the REST response.
• Improved large-file handling by streaming uploads, downloads, previews, and ZIP exports in chunks instead of loading full files into memory.
• Added regression coverage for administrator-only controls and user search privacy.

1.1.35

• Improved the WordPress.org plugin page copy with clearer positioning, use cases, and privacy messaging.
• Expanded FAQs to better explain private access, Media Library differences, and user access control.

1.1.34

• Simplified the storage widget to show only the space used by TeamVault files.
• Fixed TeamVault storage totals so they are calculated from the registered files that still exist on disk.
• Persisted the detected on-disk file size during upload so new records stay aligned with the physical file size.

1.1.33

• Clarified storage usage in the sidebar with separate TeamVault, available, and total capacity metrics.
• Fixed TeamVault storage totals so they reflect the real filesystem size of stored files.

1.1.32

• Clarified release metadata and WordPress.org asset documentation for the latest maintenance release.

1.1.31

• Improved whitelist input handling for safer user access settings processing.

1.1.30

• Fixed whitelist user selection visibility in settings.
• Fixed persistence of selected whitelist users.

1.1.29

• Added TeamVault branding in the admin interface.

For the full release history, see changelog.txt in the plugin package.