Fixes an issue where non-administrative users could find a way to perform administrative front-end tasks such as editing other users’ posts, avatars, covers etc.
Watch the release video
Security improvements
More privilege-related bugs fixed
Following the privilege escalation bug patched in 3.6.0.2 we ran some additional code review and found more security related issues. They are all related to the same common root problem: allowing a non-administrative user to perform front-end PeepSo administrative tasks such as editing posts, avatars, covers of other users.
Since there is no permanent privilege escalation and the problems are contained within specific front-end functionalities, these are not as severe as the previous one, so the fixes will only be available in 3.7.0.0 and later releases, without backports or patches for older versions.
Lowered system requirements
This release reintroduces support for WordPress 5.4 and PHP 7.2 in an effort to make upgrading to latest PeepSo versions more inclusive and easier for everyone. We have decided staying on outdated PeepSo has more disadvantages than outdated PHP.
We still strongly recommend upgrading at least to PHP 7.4 and latest WordPress, but as of 3.7.0.0 PeepSo will work with PHP 7.2 and WordPress 5.4 again. So if some reason you are stuck on the old versions, latest PeepSo will run on them again.
More flexible pricing
To make sure as many people as possible can upgrade to the latest & safest PeepSo, we have enabled a “no subscription” checkout option – you can now buy a yearly license without committing to automatic renewals. Combined with this year’s price cut we hope more people will stay updated, so that we can all feel safer. You can now get PeepSo for as low as $99 for the Basic Bundle, followed by $199 for Starter and $299 for Ultimate. And all our Bundles contain the Gecko theme for free. Check our pricing to learn more.
We also introduced non-recurring five year licenses featuring some very attractive pricing (pay 3 years, get 2 extra for free).
Friends & AutoFriends
Maximum amount of friends
There is a new configuration tab in PeepSo Configuration: Friends. It contains a new setting “maximum amount of friends“. The default number is 200 and you can customize the limit, keeping in mind that excessive friendship connections might result in degraded performance.
AutoFriends is no longer a standalone plugin
The AutoFriends plugin was merged into the Friends plugin. Starting with PeepSo 3.7.0.0 there is no need to have AutoFriends enabled. If you are on Starter or Ultimate bundle, it means one plugin less for you, and if you are on Basic, it means a new free feature.
The configuration options for AutoFriends are in the same Friends config tab. The aforementioned friends limit will apply to AutoFriends as well.
Other improvements
TranslatePress
We are currently working on TranslatePress compatibility to achieve at least partial multilingual capability. PeepSo 3.7.0.0 works well with TranslatePress, and we have improved styling of the Gecko primary menu, were it to contain the TranslatePress language switcher.
The majority of features work fine, but notifications are generated in the wrong language (the language of the sender, not the receiver). Improving that will take us a long time, as we need to introduce a notification system that is translated when displayed, not when generated.
Chat
If you encounter an issue where one of the parties in a conversation does not see the messages, please make sure to deactivate and reactivate the Chat plugin after updating. The plugin needs to run some housekeeping on its database tables. After that is done, the feature should start working fine for new messages.
Paid Memberships Pro
The recent PMP update introduced an admin JavaScript file which indiscriminately hides form fields in the admin section of the site, including fields that do not belong to PMP. That causes all PeepSo config options to disappear. We introduced a hot-fix which forces WordPress to dequeue the PMP JavaScript from pages belonging to PeepSo.
