Change Log

Latest changes

17th January 2024 / v26.0

  • Feature Embed an Outlook / Exchange Calendar in WordPress. See online documentation for details. [LOGIN, APPS, INTRANET]
  • Feature Embed a SharePoint Online List in WordPress. See online documentation for details. [LOGIN, APPS, INTRANET]
  • Fix The plugin attempted to process any POST request with parameter “error”, mistakenly assuming that it would be an authentication-error sent by Microsoft. [LOGIN, MICROSOFT GRAPH MAILER]
  • Version bumped. [ALL]

18th December 2023 / v25.4

  • Improvement WPO365 can now also auto-assign WordPress roles to users based on claims found in the SAML 2.0 response. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix The plugin will always choose the form_post OIDC Response mode if the administrator has configured the Hybrid User Flow for OpenID Connect. [LOGIN]

15th December 2023 / v25.3

  • Fix Updated parts of the PHP Security Library v3 to improve compatibility with older PHP versions. [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix Reverted default OIDC response mode back to form_post, to support the Hybrid Flow. Administrators can instead manually select “query”. [LOGIN]

13th December 2023 / v25.2

  • Fix Fixed “Fatal error: Cannot use ::class with dynamic class name” for 2 files in PHP Security Library v3. [LOGIN, MICROSOFT GRAPH MAILER]

13th December 2023 / v25.1

  • Improvement The default response mode – for new installations – when requesting an (OIDC) authorization code has been updated to query. This will help preserve the code, especially if the administrator has configured a 3rd party multi-factor authentication provider such as Duo. Existing installations are not affected, however, and the response mode remains “form_post”. See the updated documentation for details. [LOGIN]
  • Improvement Admins configuring the Microsoft Graph Mailer portion of WPO365 can now select an option to skip all checks. Checking this option instructs the Microsoft Graph Mailer to skip the check whether the default “from” email address is registered for the corresponding account and whether the “from” email address specified by a plugin has a different email-domain compared to the default “from” email address used to submit email message to Microsoft Graph. [LOGIN, MAIL, SYNC, INTRANET]
  • Fix When enrolling users onto LearnDash courses, WPO365 now first checks if the user is already enrolled. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix When clicking the clear-button in the search box – for the embedded SharePoint Online Search experience for WordPress – the search results will be cleared. [LOGIN, M365 APPS, INTRANET]
  • Fix The option to replace the default WordPress “register” link with a link that redirects to the Azure AD B2C sign-up experience is now always available (but remains a premium option). [LOGIN+, CUSTOMERS, SYNC, INTRANET]
  • Fix WPO365 User synchronization no longer produces warnings if a user is not an Azure AD user (based on a domain-check that has become optional since v21.0). [SYNC, INTRANET]
  • Fix The plugin self-test now detects the recently introduced new INTRANET | 5Y and SYNC | 5Y plugins and will test all possible premium scenarios. [INTRANET | 5Y, SYNC | 5Y]
  • Fix The PHP Secure Communications library has been updated and the plugin now uses version 3.0 (to verify an ID token’s signature). [LOGIN, MICROSOFT GRAPH MAILER]
  • Version bumped. [ALL]

10th November 2023 / v25.0

  • Breaking Change Sending WordPress email using Microsoft Graph now always will use the Azure AD configuration from the plugin’s Mail configuration page. [LOGIN]
  • Feature SAML 2.0 based single sign-on can now be configured by generating / exporting Service Provider metadata that can be imported in Azure Active Directory whilst importing the Identity Provider metadata from Azure Active Directory in WPO365. See the updated documentation for details. [LOGIN]
  • Improvement Administrators that have enabled support for multi-tenancy, can now allow-list tenants, effectively restricting access to users of tenants that are not allow-listed. See the updated documentation for details. [LOGIN+, CUSTOMERS, SYNC, INTRANET]
  • Improvement SAML 2.0 will now always – by default – set the requestedAuthnContext to false and it’s no longer necessary to define a global variable in the WordPress site’s wp-config.php. Administrators who did add this variable can now safely remove it. On the other hand, administrators can still explicitely request that the authentication context is checked by enabling the corresponding option on the plugin’s Single Sign-on configuration page. [LOGIN]
  • Improvement Administrators can now configure “strict” mode for OpenID Connect. Doing so, will force WPO365 to only “listen” for users returning from Microsoft at the configured Redirect URI. See the online docuemntation for details. [LOGIN]
  • Tested up to 6.4. [ALL]

24th October 2023 / v24.3

  • Feature WPO365 can now send a daily notification to the administration email address if one of the application / client secrets is about to expire in the next 30 days. Consult this article for details. [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix The field to enter the Azure AD B2C / Entra External ID default policy is now unlocked for the free WPO365 | LOGIN version. [LOGIN]

Update 31st October 2023 / v24.3

  • Fix An encoding issue prevented the premium versions of the SharePoint Library shortcode app to handle folder names with spaces correctly. [M365 APPS, INTRANET]

8th October 2023 / v24.2

  • Fix WPO365’s SCIM server to support Azure AD User provisioning has been tested against Microsoft’s Entra ID SCIM Validator and the resulting issues have been (mostly) resolved. [SCIM, INTRANET]
  • Fix The field to enter the Azure AD B2C / Entra External ID domain name is now unlocked for the free WPO365 | LOGIN version. [LOGIN]
  • Fix The fields officeLocation has been made available for use in a (customized) Employee Directory templates. [M365 APPS, INTRANET]

25th September 2023 / v24.1

  • Fix User sync query tester now handles single quotes correctly, after the deprecated use of JavaScript’s (un)escape method had been replaced previously. [SYNC, INTRANET, CUSTOMERS]
  • Fix The plugin’s updater will now display a notification when a newer version is available. [ALL]
  • Fix Link to the updated documentation for the Mail Staging Mode in the release notes for v24 has now been fixed. [LOGIN]

15th September 2023 / v24.0

  • Breaking change Testing the User synchronization query no longer requires the WPO365 REST API for Microsoft Graph to be enabled. Administrators, however, must update both WPO365 | LOGIN and the premium extension / bundle or else they cannot test the query. If the user sync query remains unchanged, it is no longer needed to test the query again. [SYNC, INTRANET, CUSTOMERS]
  • Deprecated Administrators can not add new Private pages to the corresponding list on the plugin’s Authentication configuration page anymore. Instead they must enable and configure the Audiences feature, which provide a more robust option to mark pages or post types as private i.e. to require a user to log in first. See the online documentation for details. [LOGIN+, ROLES + ACCESS, SYNC, INTRANET]
  • Deprecated The ability to exclude post types from the Audiences feature has been removed. [ROLES + ACCESS, SYNC, INTRANET]
  • Feature Support for LearnDash integration, for example to auto-enroll users into courses or allocate users to LD User Groups based on a user’s Azure AD group membership(s) or just whenever WPO365 creates a new WordPress user. See the online documentation for details. [ROLES + ACCESS, SYNC, INTRANET]
  • Feature WPO365 now supports Entra External ID (Azure AD for Customers) and this support has been streamlined with the already built-in support for Azure AD B2C. [LOGIN+, SYNC, INTRANET, CUSTOMERS] Check out our online documentation
  • Feature (Auto-) Register new WordPress users in Azure AD B2C / Entra External ID (Azure AD for Customers) and update existing ones (including support for custom user attributes / claims). See the online documentation for details. [SYNC, INTRANET, CUSTOMERS]
  • Feature Synchronize users from WordPress to Azure AD B2C / Entra External ID (Azure AD for Customers) (including support for custom user attributes). See the online documentation for details. [SYNC, INTRANET, CUSTOMERS]
  • Feature (Auto-) Retry sending failed emails using Microsoft Graph. See the online documentation for details. [MAIL]
  • Feature Throttle nr. of emails send per minute using Microsoft Graph. See the online documentation for details. [MAIL]
  • Feature Audiences can now be configured to restrict viewing posts of a specific type to members of an audience. See the online documentation for details. [ROLES + ACCESS, SYNC, INTRANET]
  • Feature Audiences now allows administrators to require users to log in to view posts of a specific type and where a visitor will be redirected to e.g. the 404 Not Found page, the site’s login page or Microsoft’s login page. See the online documentation for details. [ROLES + ACCESS, SYNC, INTRANET]
  • Improvement Most of the features that WPO365 | CUSTOM USER FIELDS unlocks are now also unlocked by WPO365 | ROLES + ACCESS to allow for Azure-AD-user-attribute based rules. [ROLES + ACCESS, CUSTOM USER FIELDS]
  • Improvement Optional claims and attributes added to an JWT OIDC ID token can now also be mapped to WordPress custom user fields. See the online documentation for details. [LOGIN+, SYNC, INTRANET]
  • Improvement Administrators can now select a (custom) claim from the ID token or the SAML response that WPO365 should be using to create a new WordPress user’s username. See the updated documentation for details. [LOGIN+, SYNC, INTRANET]
  • Improvement Developers can now skip the removal of specific roles when WPO365 is configured to “Replace” user roles by utilizing the new “wpo365/roles/remove” filter. See the updated documentation for details. [ROLES + ACCESS, SYNC, INTRANET]
  • Improvement Developers can now add a filter for the Azure AD Redirect URI e.g. to set it dynamically to the current host. See the updated documentation for details. [LOGIN]
  • Improvement The WPO365 | MAIL premium addon now also unlocks the option to use WP-Config.php to override (some) config options. Now administrators can – for example on their staging environment – enable mail-staging mode, simply by adding a global constant to the WP-Config.php file. See the [updated documentation](). [MAIL]
  • Improvement Developers can now skip the URL check that WPO365 conducts just before it redirects a user to its final destination by hooking into a new filter wpo365/url_check/skip. See the updated documentation for details. [LOGIN]
  • Improvement Administrators can now configure WPO365 user synchronization to only send mail notifications when a job did not complete successfully. [SYNC, INTRANET]
  • Improvement Administrators now can bulk-reactivate users that have been deactivated previously by WPO365. [SYNC, INTRANET, CUSTOMERS]
  • Improvement When a user is reactivated, the role will be set to the default role for the main (or sub) site as per WPO365 configuration. [SYNC, INTRANET, CUSTOMERS]
  • Improvement Blocking password reset and email change has been made available for Azure AD B2C / Entra External ID (Azure AD for Customers). [LOGIN+, SYNC, INTRANET]
  • Fix WPO365 will now match custom WordPress roles in a case-insensitive matter. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix WPO365 will now retrieve a user’s Azure AD group memberships from Microsoft Graph if the administrator checked the option to include Microsoft 365 group memberships, even if the ID token already carries information on group memberships. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix When you schedule a WPO365 User synchronization job for a specific hour of the day, it will now translate the time from UTC to the admin’s timezone and not wrongly add the current minutes of the hour passed. [SYNC, INTRANET, CUSTOMERS]
  • Fix WPO365 now caches the access token with an audience property (= the requesting application (client) ID) to prevent access tokens for mail and for other Microsoft 365 services getting mixed up / from being overwritten. [LOGIN]
  • Fix Tested with PHP 8.2. [ALL]

9th June 2023 / v23.1

  • Fix The plugin update checker did not always return the expected result. [LOGIN, MS GRAPH MAILER]

6th June 2023 / v23.0

  • Change The WPO365 | M365 APPS extension now includes the Gutenberg Editor Block to embed a SharePoint Document Library in WordPress (was previously sold as a separate extension called WPO365 | DOCUMENTS). [M365 APPS, DOCUMENTS]
  • Improvement An administrator of a website that receives OpenID Connect based ID tokens from multiple sources, can now configure the plugin to ignore ID tokens not issued by a Microsoft Azure AD based Identity Provider. [LOGIN+, SYNC, INTRANET]
  • Improvement A new (translatable) error message – for the case where the ID token is intended for a different audience – has been added. [LOGIN]
  • Improvement The Documents (shortcode and Gutenberg based) app – to embed a SharePoint library in WordPress – can now be configured to show / hide an “Open in SharePoint” link in the app’s header. [M365 APPS, DOCUMENTS, INTRANET]
  • Improvement The WPO365 authentication cookie (set when you configure an “auth.-only” authentication scenario) can be prefixed to help work-around server-side caching services / plugins that support naming convention based cache busting. [LOGIN]
  • Improvement 3 new developer actions have been added. See the updated documentation for details. [LOGIN]
  • Improvement Exceptions logged by the Microsoft Graph Mailer are earmarked when logged in ApplicationInsights with a new custom property “wpoMail”. Administrators can now configure a query-based alert in ApplicationInsights and trigger a new alert specifcally for mail-related errors if “wpoMail” equals “error”. [LOGIN, MS GRAPH MAILER]
  • Fix If certain conditions were met, the plugin would delete Audience related metadata unwantedly. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix A SAMLResponse sent to the website will only be processed if the administrator configured SAML 2.0 based SSO for WordPress. [LOGIN]
  • Fix Various modifications to Microsoft Graph Mailer configurator should make it easier and more intuitive to configure it. [LOGIN, MS GRAPH MAILER]
  • Fix The Documents (shortcode and Gutenberg based) app – to embed a SharePoint library in WordPress – will now correctly load items in a folder. [M365 APPS, DOCUMENTS, INTRANET]
  • Fix The Documents (shortcode and Gutenberg based) app – to embed a SharePoint library in WordPress – now accepts a pagesize parameter to improve the performance when loading large libraries. [M365 APPS, DOCUMENTS, INTRANET]
  • Fix The Documents (shortcode and Gutenberg based) app – to embed a SharePoint library in WordPress – now loads all possible “locales” so it can display date columns e.g. “Modified” correctly. [M365 APPS, DOCUMENTS, INTRANET]
  • Fix The Log Viewer – to view and optionally resend emails sent using the Microsoft Graph Mailer – now calculates the last inserted logged item ID using MAX() instead of looking up the AUTO INCREMENT value, which may not be up-to-date. [MAIL]
  • Fix In an attempt to prevent the error “cURL error 28: Operation timed out after 15001 milliseconds with 0 bytes received” when integrating with Microsoft Graph, the use of the Expect: header has been disabled by default. [LOGIN, MS GRAPH MAILER]
  • Fix If support for multi-tenancy has been enabled and a user with a personal Microsoft account (e.g. outlook.com) signs in successfully, the plugin will no longer attempt to connec to Microsoft Graph to retrieve additional user attributes. [LOGIN+, CUST. USER FIELDS, SYNC, INTRANET]
  • Fix The license checker (for premium extensions / bundles) has been updated to work-around an issue whereby the license would be invalidated if the website’s home URL would incidentally returned the site’s IP address instead of its host name. This might happen occasionally, if you defined the constant WP_HOME using the $_SERVER[‘HTTP_HOST’] variable in your wp-config.php file and the site was requested by its IP address instead. [LOGIN]
  • Version bump for all extensions and bundles

3rd April 2023 / v22.1

  • Fix The built-in Microsoft Graph Mailer for WordPress will now exclude any custom headers that do not start with x- or X-, to prevent Microsoft Graph from not sending the message and reporting the following error instead: “The internet message header name […] should start with ‘x-‘ or ‘X-‘.”. [LOGIN, MICROSOFT GRAPH MAILER]

3rd April 2023 / v22.0

  • Improvement Administrators can now define configuration overrides in the WP-Config.php file. Support for configuration overrides must be enabled separately by checking the correspondig option on the plugin’s Miscellaneous page. See online documentation. [LOGIN+, SYNC, INTRANET]
  • Improvement The plugin will no longer skip loading when detecting wp-cli but instead skip any attempt to authenticate the current request. Support for wp-cli must be enabled separately by checking the correspondig option on the plugin’s Miscellaneous page. See online documentation. [LOGIN+, SYNC, INTRANET]
  • Improvement Administrators can now define a list of usernames of administrators that are allowed to administer the WPO365 settings in the WP-Config.php file. See online documentation. [LOGIN]
  • Improvement The WPO365 | MICROSOFT GRAPH MAILER plugin can now also log remotely to ApplicationInsights, allowing administrators to configure Azure’s Monitoring / Alerts feature to send – for example – an SMS whenever an exception is logged. [MICROSOFT GRAPH MAILER]
  • Fix Updated the permissions requested / scope for Azure AD B2C / OpenID Connect based Single Sign-on, after a previous change added ‘https://graph.microsoft.com/User.Read’ to the scope / permissions being requested (v21.8), which in turn caused an “invalid_request AADB2C90146” response being returned when attempting to authenticate with Microsoft. [LOGIN]
  • Fix Updated the permissions requested / scope for Azure AD / OpenID Connect based Single Sign-on, after a previous change always added ‘https://graph.microsoft.com/User.Read’ to the scope / permissions being requested (v21.8). Now this permission will only be added, if the plugin detects a premium extension (because any premium extension needs this permission when it attempts to retrieve user data from Microsoft Graph) [LOGIN]
  • Fix The application ID / application ID URI for Azure AD based protection for the WordPress REST API must now also be added to the wp-config.php (but only if the administrator has enabled the option to use wp-config.php for Azure AD secrets). [LOGIN+, SYNC, INTRANET]
  • Fix The Microsoft Graph Mailer for WordPress no longer “unauthorizes” itself, after it fails to retrieve an access token. Instead, WPO365 Health Messages are created and administrators should regularly check for errors [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix Refactored the flow when sending emails from a different account than the one submitting the request to send an email to Microsoft Graph (= the default “From” account) to improve consistency, even when the alternative sending-from account is a Shared Mailbox, a Distribution List or normal User Mailbox. [MICROSOFT GRAPH MAILER, MAIL, SYNC, INTRANET]
  • Fix User synchronization will now generate an error and stop when it fails to create a new WP Cron task for the next batch of users. [SYNC, INTRANET]
  • Fix Updated Teams SDK (used for silent SSO when integrating WordPress into Microsoft Teams). [LOGIN]
  • Fix Updated PowerBI SDK. [LOGIN, INTRANET, M365 APPS]

16th March 2023 / v21.8

  • Feature Administrators can now enable Mail Staging Mode. This is useful for debugging and staging environments. WordPress emails will be logged and saved in the database instead of being sent. [MAIL]
  • Improvement The WPO365 plugin will now handle forms (e.g. Contact Form 7) that propose to send emails from a different account than the default from mail account, after it handles any other option (e.g Shared Mailbox or Send as / Send on behalf of). The proposed alternative from therefore always prevails. It can also be any type of mailbox e.g. User Mailbox, Shared Mailbox or Distributionlist. But it’s up to the adminstrator to ensure that the default from mail account is a either a member (e.g. of the Shared Mailbox) or has sufficient permissions to send emails as / on behalf of an alternative account (e.g. the Distributionlist). [MAIL]
  • Fix The initial OpenID Connect authorization request will now always include https://graph.microsoft.com/User.Read. [LOGIN]
  • Fix A public property $ErrorInfo has been added to the PHPMailer object to support integration with Gravity Forms. [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix The plugin now better understands – in the context of WordPress Multisite installations – whether the configuration must be retrieved / stored at site or at network level. [LOGIN]
  • Fix Some Azure AD information that the plugin collects during the plugin self-test is no longer assigned to the user executing the self-test. [LOGIN]

8th March 2023 / v21.7

  • Fix ID Token validation now also validates audiences that are defined using an Application ID URI instead of the Application ID (e.g. this is the case for Microsoft Teams). [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix The plugin does no longer rely on the HTTP_HOST key of the global $_SERVER variable, which – if not initialized – may cause a critical error on the website. [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix The link to launch the Mail Log Viewer would return “false” for FireFox users. [MAIL]

2nd March 2023 / v21.6

  • Improvement The (premium extension for the) Microsoft Graph Mailer for WordPress now also supports sending mail as / on behalf of another user or Distribution List. [MAIL]
  • Improvement The user interface for the Mail Log Viewer has been significantly updated with improved scrolling and selection and overall a clearer arrangement of the available information. [MAIL]
  • Improvement The Microsoft Graph Mailer for WordPress will notify the administrator in the form of a WPO365 Health Message when another plugin with mail-sending capabilities is detected. [LOGIN, MICROSOFT GRAPH MAILER]
  • Fix An alternative system for WordPress Nonces has been introduced to work around the fact that some browsers refuse to send the WordPress auth cookie along with HTTP 302 redirect requests, causing default WordPress nonce verification to fail unexpectedly, in which case the plugin would then log the warning “Could not successfully validate oidc nonce with value xyz”. [LOGIN, MICROSOFT GRAPH MAILER]

26th January 2023 / v21.5

  • Fix The recently added ID token verification did not take the mail-authorization flow into account. [LOGIN]
  • Improvement Administrators can now re-configure the WPO365 | LOGIN plugin to skip the ID token verification altogether, on the plugin’s Miscellaneous configuration page (but this is not recommended for production environments). [LOGIN]

26th January 2023 / v21.4

  • Fix The built-in update checker for premium extensions might incorrectly indicate that an update for some extensions would be available. [LOGIN]

26th January 2023 / v21.3

  • Fix The plugin would cause a fatal crash when using PHP 7.2 or lower. [LOGIN]

25th January 2023 / v21.2

  • Change The WPO365 | LOGIN plugin will now verify the tenant that issued the ID token and the audience for which the ID token was issued. [ALL]
  • Fix Various issues with the built-in license and update checker for premium extensions and bundles.
  • Fix The Employee Directory app now will only take the host portion of the SharePoint home URL when dynamically constructing the permissions scope. [M365 APPS, INTRANET]
  • Fix The User Sync test case will skip the check for custom domains when Azure AD B2C has been selected. [SYNC, INTRANET]

17th January 2023 / v21.1

  • Fix License check for premium extensions and bundles would show “unknown error occurred” for valid licenses.
  • Fix Update check for premium extensions and bundles now better aligned with the recently updated license management service.

16th January 2023 / v21.0

  • Improvement Various aspects of user synchronization have been improved / refactored in an attempt to make it easier to configure, track and start / stop jobs. [SYNC, INTRANET]
  • Improvement The WPO365 plugin will now – by default – first try to look up an existing WordPress user by its Azure AD Object ID. This value uniquely identifies a user in Azure AD and is automatically configured when WPO365 creates a new user (or updates an existing one). [ALL]
  • Improvement To support Azure AD B2C user synchronization, newly created user synchronization jobs will now – by default – skip the domain check (whereby the login domain of the username of users retrieved from Microsoft Graph is matched against a list of supported custom domains on the plugin’s User registration configuration page). Existing user synchronization jobs must be updated manually. [SYNC, INTRANET]
  • Improvement If user synchronization has been configured, the default WordPress User list will be enhanced automatically. A column is added to show the date and time a user was last updated. A second column will show a button that allows administrators to reactivate a user in case that user has been de-activated / soft-deleted by WPO365 User synchronization. [SYNC, INTRANET]
  • Improvement Support for Azure AD B2C custom login domains. See online documentation for details. [LOGIN+, SYNC, INTRANET]
  • Improvement Administrators can now configure custom website buttons targeting a specific Azure AD B2C user flow or custom policy sign-up, sign-in or reset password. See online documentation for details. [LOGIN+, SYNC, INTRANET]
  • Improvement It is now possible to configure an embedded login experience for Azure AD B2C. See online documentation for details. [LOGIN+, SYNC, INTRANET]
  • Fix The Source for custom user fields (ID token, Microsoft Graph or SAML response) selector was not always visible on the plugin’s User sync configuration page. [LOGIN+, CUSTOMER USER FIELDS, SYNC, INTRANET]
  • Fix The Allow forms to override “From” address was only enabled for application-level Mail.Send permissions. [MAIL, SYNC, INTRANET]
  • Fix Overriding the “From” address was sometimes ignored. [MAIL, SYNC, INTRANET]
  • Fix Sending from a Shared Mailbox was sometimes ignored. [MAIL, SYNC, INTRANET]
  • Fix Version bump for all WPO365 plugins. [ALL]
  • Fix License for premium extensions are now checked regularly and a notification will be shown if the license is expired. [ALL]
  • Fix The “Authorized!” label on the plugin’s Mail configuration page is now green instead of red to indicate succes

22nd November 2022 / v20.4

  • Fix The mail authorization may falsely indicate that the plugin is not authorized to send emails using Microsoft Graph due to how the plugin compared permissions. [ALL]

14th November 2022 / v20.3

  • Feature Websites that are using the Mail Integration for Office 365/Outlook are now urged to switch to WPO365 | MICROSOFT GRAPH MAILER or configure the builtin Microsoft Graph mail function of the WPO365 | LOGIN plugin. Consult the online migration guide for further details. [ALL]
  • Improvement Administrators can check an option to Use alternative CDN (on the plugin’s Integration page). If checked, the plugin will download the react-js and react-dom.js packages from the CloudFlare CDN (instead of from the default UNPKG CND). However, administrators can also choose to self-host these dependencies. In this case they can override the CDN configuration using a constant that must defined in wp-config.php. See the online documentation for details. [ALL]
  • Fix The avatar method updated in v20.0 now also overrides the get_avatar hook to avoid conflicts with other plugins such as Ultimate Member. [AVATAR, SYNC, INTRANET]

28th October 2022 / v20.2

  • Improvement Administrators can now define a constant in wp-config.php to override the default CDN used to download the react.js and react-dom.js packages. This constant must be defined immediately after the line /* That’s all, stop editing! Happy publishing. */ as an array as follows URLs may be replaced by administrators as they see fit:
define('WPO_CDN', array('react' => 'https://cdnjs.cloudflare.com/ajax/libs/react/16.14.0/umd/react.production.min.js', 'react_dom' => 'https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.14.0/umd/react-dom.production.min.js'));

21st October 2022 / v20.1

  • Fix The renaming of an option (to allow retrieval of oauth tokens by client side apps) prevented existing configurations to update this value. [ALL]

18th October 2022 / v20.0

  • Feature The (premium version of the) Microsoft Graph Mailer can now send attachments larger than 3 MB. [MAIL, SYNC, INTRANET]
  • Feature The (premium version of the) Microsoft Graph Mailer can now send emails from a Microsoft 365 Shared Mailbox. [MAIL, SYNC, INTRANET]
  • Improvement The LOGIN+ extension now also allows administrators to save multiple configurations (on the plugin’s Import / Export configuration page). [LOGIN+]
  • Improvement Administrators can now define the name of the WordPress user meta for user attributes synchronized from Azure AD to WordPress. [LOGIN+, CUSTOM USER FIELDS, SYNC, INTRANET]
  • Improvement The Avatar method now replaces the URL of the profile image instead (by filtering the pre_get_avatar_data function instead of the get_avatar function). [AVATAR, SYNC, INTRANET]
  • Improvement Now supports receiving custom claims in a SAML response and save them as WordPress user meta. [LOGIN+, CUSTOM USER FIELDS, SYNC, INTRANET]
  • Improvement Administrators can now choose to skip updating a user WordPress user’s displayname. [LOGIN+, USER FIELDS, SYNC, INTRANET]
  • Improvement Some parts of the source code have been updated to improve compatibility with PHP 8.1. [ALL]
  • Fix The Audiences feature now also prevents access to posts and pages using a direct-edit link. [ROLES + ACCESS, SYNC, INTRANET]
  • Fix Sign out of Microsoft now also works as expected for Azure AD B2C. [LOGIN+, SYNC, INTRANET]
  • Fix Custom formatting of a WordPress user’s displayname now works as expected for SAML 2.0 based Single Sign-on. [LOGIN+, CUSTOM USER FIELDS SYNC, INTRANET]
  • Fix The shortcode properties of a Micrsoft 365 App are now HTML-decoded to handle the case where WordPress updates shortcode properties when an author edits a page. [ALL]
  • Fix The div that encapsulates a Microsoft 365 App can now be referenced by its unique classname “wpo365-app-root”. [ALL]
  • Fix Some WPO365 options have been removed / renamed to avoid triggering ModSecurity OWASP CRS causing an 418 “I am not a teapot” HTTP errors, for example when hosting a site at DreamHost. [ALL]
  • Fix The plugin now correctly tries again to get a user’s (Azure AD) group memberships with Group.Read.All permissions when the administrator has not (yet) granted permissions to do so using GroupMember.Read.All permissions. [ROLES + ACCESS, SYNC, INTRANET]

Click here for older entries.