Skip to content

Version update v4.7.9 #2286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nayemDevs merged 21 commits into from
Jan 30, 2026
Merged

Version update v4.7.9 #2286

nayemDevs merged 21 commits into from
Jan 30, 2026
+2,524 −1,622

Conversation

@NoumaanAhamed
Copy link
Collaborator

@NoumaanAhamed NoumaanAhamed commented Jan 30, 2026

  • FIXED

    • Fixed GoDAM plugin integration issues
    • Fixed translation loading
    • Applied security fixes in dependencies

  • ENHANCEMENT

    • Improved security handling for plugin integrations

iamimmanuelraj and others added 21 commits January 13, 2026 16:49
@iamimmanuelraj
chore: add dependabot configuration
ae83612
@iamimmanuelraj
Merge pull request #2267 from rtCamp/chore/add-dependabot-xyz
9c04097 
Enable Dependabot Ecosystems
@dependabot
chore(deps): bump actions/upload-artifact from 4 to 6
c45de62 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump actions/checkout from 2 to 6
07e18c7 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps-dev): bump acorn from 7.4.1 to 8.15.0
f6afb97 
Bumps [acorn](https://github.com/acornjs/acorn) from 7.4.1 to 8.15.0.
- [Commits](acornjs/acorn@7.4.1...8.15.0)

---
updated-dependencies:
- dependency-name: acorn
  dependency-version: 8.15.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@MiteshShah
Merge pull request #2272 from rtCamp/dependabot/npm_and_yarn/acorn-8.…
911ee17 
…15.0

chore(deps-dev): bump acorn from 7.4.1 to 8.15.0
@MiteshShah
Merge pull request #2269 from rtCamp/dependabot/github_actions/action…
e29ac64 
…s/checkout-6

chore(deps): bump actions/checkout from 2 to 6
@MiteshShah
Merge pull request #2268 from rtCamp/dependabot/github_actions/action…
4300a48 
…s/upload-artifact-6

chore(deps): bump actions/upload-artifact from 4 to 6
@NoumaanAhamed
fix: enhance security for AJAX activity comment retrieval
6ae7971
@NoumaanAhamed
fix: update error code in Godam integration
b3aab4a
@NoumaanAhamed
fix: load translations at the init action
4cdafb3
@NoumaanAhamed
fix: make error message strings translatable
045df29
@NoumaanAhamed
fix: update activity permission check to rtmedia
270596a
@NoumaanAhamed
Merge pull request #2274 from rtCamp/security-fix/godam-integration
3772a02 
Security-fix: GoDAM integration
@NoumaanAhamed
fix: prevent loading rtMedia's GoDAM integration script on video embe…
9aa1f82 
…d pages
@NoumaanAhamed
Merge pull request #2279 from rtCamp/fix/godam-gallery
b4dc8b8 
fix: prevent loading GoDAM integration script on video embed
@NoumaanAhamed
Secuirty-fix: dependabot fixes
e91dadb
@NoumaanAhamed
Merge pull request #2284 from rtCamp/fix/security-fixes
7eb2883 
Secuirty-fix: dependabot fixes
@NoumaanAhamed
Merge pull request #2275 from rtCamp/fix/translations-loading
ffdebc8 
Fix: translations loading earlier warning
@NoumaanAhamed
Version update v4.7.9
88649b6
@NoumaanAhamed
Merge pull request #2285 from rtCamp/version-update/v4.7.9
d82c189 
Version update v4.7.9
@NoumaanAhamed NoumaanAhamed requested a review from Copilot January 30, 2026 09:41
@rtBot
Copy link
Contributor

rtBot commented Jan 30, 2026

Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:

  • app/admin/RTMediaUploadTermsAdmin.php
  • index.php
  • templates/media/godam-integration.php

The error may be temporary. If the error persists, please contact a human (commit-ID: d82c189).

Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR releases rtMedia version 4.7.9, focusing on tightening security around GoDAM and BuddyPress activity integration, fixing translation loading for upload terms, and updating dependencies and CI tooling.

Changes:

  • Bump plugin version to 4.7.9 and document the release in all changelog/readme surfaces.
  • Harden GoDAM/BuddyPress activity integration: restrict the activity-comment AJAX endpoint to authenticated users, add fine‑grained permission checks, and avoid loading the integration script on specific GoDAM embed pages.
  • Fix translation loading for Upload Terms admin defaults and update PHP/JS dependency locks, CI GitHub Actions versions, and introduce a Dependabot configuration for automated dependency updates.

Reviewed changes

Copilot reviewed 12 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
index.php Bumps the plugin header version and RTMEDIA_VERSION constant to 4.7.9 to align runtime and metadata with the new release.
readme.txt Updates the Stable tag to 4.7.9 and adds a 4.7.9 changelog entry that matches the PR description (GoDAM fixes, translations, security-related dependency updates).
README.md Adds a 4.7.9 changelog section with the same set of fixes/enhancements for GitHub-facing documentation.
changelog.txt Prepends a 4.7.9 release section describing GoDAM integration fixes, translation loading fix, and security-related changes to dependencies.
templates/media/godam-integration.php Adjusts script enqueueing to skip the rtMedia↔GoDAM integration script on godam_page=video-embed pages; secures the get_single_activity_comment_html AJAX handler by removing the nopriv hook, enforcing is_user_logged_in(), returning localized error messages with HTTP status codes, and introducing rtmedia_user_can_view_activity() to enforce access rules for group/profile activities.
app/admin/RTMediaUploadTermsAdmin.php Moves initialization of default Upload Terms translation strings into an init hook (init_translations at priority 5) so translations are loaded at the correct point in the WP lifecycle before settings are read/updated.
languages/buddpress-media.pot Regenerates the POT header for version 4.7.9 and current creation date, and adds new msgids for the AJAX error messages in godam-integration.php plus updated line references for existing Upload Terms admin strings.
tests/codeception/composer.lock Updates several dev/test PHP packages (e.g., composer/composer, doctrine/instantiator, various illuminate/* components, phpunit/phpunit, sebastian/comparator, Symfony components, WP‑CLI packages) to newer versions, reflecting dependency/security updates used by the Codeception test suite.
package.json Bumps the acorn devDependency major version (^8.15.0) in line with the lockfile and other JS tooling updates.
package-lock.json Regenerates the lockfile to match updated devDependencies, including newer acorn, @parcel/watcher and its platform binaries, detect-libc, baseline-browser-mapping, caniuse-lite, electron-to-chromium, lodash, lru-cache, sass, and terser (now depending on the top-level acorn), tightening JS toolchain security and compatibility.
.github/workflows/playwright.yml Updates GitHub Actions references to newer major versions (actions/checkout@v6, actions/upload-artifact@v6) for the Playwright E2E workflow while preserving behavior (checkout PR head SHA and upload HTML report on failure).
.github/workflows/phpcs_on_pull_request.yml Updates the PHPCS workflow to use actions/checkout@v6, keeping the rest of the job the same.
.github/workflows/create.yml Updates the release/tag workflow to use actions/checkout@v6 for consistency with other workflows.
.github/dependabot.yml Adds a Dependabot configuration to keep Composer, npm, Docker, pip, Bundler, Go modules, GitHub Actions, and Terraform dependencies up to date on daily or monthly schedules.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

mi5t4n
mi5t4n approved these changes Jan 30, 2026
View reviewed changes
Copy link
Member

@mi5t4n mi5t4n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nayemDevs nayemDevs merged commit 4b5cb92 into master Jan 30, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mi5t4n mi5t4n mi5t4n approved these changes

@nayemDevs nayemDevs nayemDevs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@NoumaanAhamed @rtBot @mi5t4n @nayemDevs @iamimmanuelraj @MiteshShah