w3mypq

3.0.3

Release Date – 24 Jun, 2026
* Critical: Security architecture upgrade. Due to foundational cryptographic hardening, all files encrypted with version 3.0.2 or earlier are no longer compatible and cannot be decrypted by this version (3.0.3>).
* Fix: Resolved a calculation error in the rolling daily storage quota tracker where the user usage transient computed incorrect totals.
* Tweak: Cleaned up chunk-index loop evaluations to ensure storage limits are applied accurately across all upload sizes.
* Fix: Activate the storage view drawer elements only when required.
* Files: /js/w3mypq.js and /js/worker.js
* Fix: Standardized FIPS-204 signature context structures to an explicit domain separation text layout string, introducing a strict policy gatekeeper to drop signed payloads if sender public validation keys are omitted.
* Fix: Restored true thread-safe cryptographic verification on the Web Worker pipeline, converting signature evaluations into explicit async object payload handshakes ({ buffer, isAuthentic }) to pass verified identity states cleanly to the frontend interface.
* Fix: As 3.0.2 – implemented absolute AEAD integrity protection across the envelope header, binding the recipient index metadata parameters directly into the AES-GCM Additional Authenticated Data (AAD) block via zero-copy views to permanently block unauthorized file-tampering or slot-swapping attacks.
* Fix: Hardened multi-recipient encryption arrays by wrapping the decapsulated ML-KEM-1024 shared secrets inside a secure SHA-256 digest layer to eliminate master-key linear relationship vulnerabilities.
* Note: As of version 3.0.3, files encrypted in Guest mode (with no recipients) should NOT be signed, or the “Personal” decryption will fail.

3.0.2

• Release Date – 21 Jun, 2026 *
• Fix: Hardened binary file format against recipient-list metadata tampering using AES-256-GCM AEAD (Authenticated Associated Data).
• Fix: Clarified misleading status explanations on alert notices.
• Add: an help function so to mitigate the problem of the wpautop WordPress function.
• See: https://wordpress.org/support/topic/3-0-0-template-problems/ to read applied solutions and helps.

3.0.1

• Release Date – 16 Jun, 2026 *
• Fix: Implemented a definitive template fix by moving all front-end interface and functionality JavaScript out of the HTML file and into a new dedicated script: w3mypq-common-display.js. This resolves the wpautop paragraph tag injections that were breaking script execution on specific themes.
• See: https://wordpress.org/support/topic/3-0-0-template-problems/
• Fix: Moved CSS styles and selectors previously injected via JavaScript directly into the w3mypq.css stylesheet.

3.0.0

• Release Date – 15 Jun, 2026 *
• Fix: Resolved a legacy bug present since version 1.0.0 where Guest Mode failed due to an incorrect key loading sequence.
• Fix: Fixed a security loophole where users could bypass daily limits and continue uploading files if the page was left open after the time limit elapsed, caused by a missing backend transient verification check.
• Fix – Style: Performed a comprehensive cleanup of w3mypq.css and removed remaining unused selectors to establish the definitive, optimized default design.
• Tweak: Moved the interface toggle JavaScript code from w3mypg.js directly to the bottom of w3mypq_body.html. The code has been shortened and optimized, neatly containing the encryption, decryption, and key-generation interface elements inside their own wrappers for immediate clarity.
• Important: This release completely rebuilds core files (w3mypq_body.html and w3mypq.css). It is not backward-compatible with older custom user templates.
• Fix: Fixed a potential memory layout crash by adding validation guards to catch detached or empty ArrayBuffer data (0 bytes) before decryption begins.
• Fix: minor fixes all around.

2.3.2

• Release Date – 12 Jun, 2026 *
• Fix: Refactored plugin life-cycle hooks by moving the automated daily file cleanup cron scheduling out of the class constructor and into the global plugin activation scope. This ensures full validation compliance and eliminates performance overhead on standard page loads.
• Fix: Optimized the handle_encrypted_upload and get_bulk_public_keys functions by removing redundant get_option(‘w3mypq_options’) database calls to speed up server processing.
• Fix: all emoji icons entities.
• Note: Please review the 2.3.1 changelog regarding the critical template layout rebuild changes.

2.3.1

Release Date – 07 Jun, 2026
* Fix – Style: Added notices for custom styles.
* Fix: Removed accidental <style> and </style> HTML tags from the external w3mypq.css stylesheet.
* Note: you should remove <style> and </style> HTML tags from the custom w3mypq.css if using it.
* Tweak: Moved CSS selector #w3_wrap_link-decrypt-form from JS (w3mypg.js) into the stylesheet (w3mypq.css).
* Fix: Performed initial style cleanup and removed unused selectors from w3mypq.css to optimize file size.
* Add: Admin dashboard info panel displaying “Total Encrypted Vault Space Used”.
* Add: Added maximum file size display to the frontend “Upload Dynamic Quota & Countdown Info Panel”.
* Fix: Addressed minor codebase and styling bugs.

2.3.0

Release Date – 07 Jun, 2026
* Fix: Fix the new added 2.2.0 Vault Module Maintenance Tools, Administrator buttons to execute targeted storage vault and transient purges (preserving user keys) or full resets.
* Add: Dynamic Quota & Countdown Info Panel directly onto the front-end vault interface, utilizing a high-efficiency client-side background ticker that updates every minute to display remaining storage capacity (MB/KB) and a precise live hours/minutes countdown until the rolling 24-hour limit resets.
* Fix: Core uninstall execution mapping loops to automate immediate, complete cleanup of all user meta data records, file tokens, background transient timeout parameters, upload folders, upon plugin removal.
* Fix: Reinforced server-side User Quota Gatekeeper on the REST API endpoint, embedding an absolute hard-stop guard that validates complete file dimensions on Chunk 0 and terminates unauthorized transmission frames instantly.
* Fix: Patched fractional mathematical chunk leaks on the REST API gateway, enforcing a strict zero-tolerance hard stop block when daily bandwidth thresholds are maxed out.
* Fix: Discarded legacy un-sanitized profile meta save routines to ensure wrong key inputs trigger an immediate native red warning alert banner.
* Fix: Post-Quantum key check. Fully automates Public key extraction directly from pasted text, stripping out headers, whitespaces, and PEM boundaries.

2.2.0

Release Date – 06 Jun, 2026
* Add: Vault Module Maintenance Tools -into the Admin panel settings page to execute targeted administrative cleanup routines on the server vault storage footprint or for testing purpose.
* Fix: Uninstall immediate complete transients cleanup.
* Add: A real-time, visual display placed right on the dashboard to keep registered users informed of their remaining daily secure upload capacity and the exact hour/minute countdown until their 24-hour quota limit resets. It auto update each minute if the page is not reloaded.
* Fix: user’s quota check.
* Minor fixes

2.1.0

Release Date – 04 Jun, 2026
* Add: ‘Rolling Daily User Quota’ option to prevent disk space exhaustion via fast WordPress transients.
* Fix: Resolved an issue where the ‘link expired’ button would repeatedly reload the same page.
* Fix: Minor bug fixes and performance improvements.

2.0.0

Release Date – 02 Jun, 2026

• Note: this immediate major update to 2.0 version require to change custom HTML/CSS files is used.
• Add: High-capacity file uploads processed seamlessly via an isolated binary slicing chunk loop.
• Add: Dedicated administrative settings page managing maximum attachment sizes, user role permissions access gating, and dynamic file retention limits.
• Fix: Send out email only when required.
• Fix/Add: Migration of temporary tracking tokens to the high-performance WordPress Transients API instead of regular options.

1.0.0

Release Date – 02 Jun, 2026

• Initial public release.
• ML-KEM support.
• ML-DSA support.
• Browser-based file encryption.
• Multi-recipient sharing support.
• Guest mode support.
• Current version is subject to PHP upload limits imposed by the hosting environment.
• Large-file upload optimization is planned for future releases.