Skip to content

Tags

Tags give the ability to mark specific points in history as being important

  • v2.5.1

    protected
    2ddfb3f5 · Merge branch 'feat/stats-countries-only' into 'main' ·
    Release: Customer Map 2.5.1 
    v2.5.1 — public stats: countries only

  • v2.5.0

    protected
    13143dcc · v2.5.0 — aspect + hide_count shortcode attrs ·
    Release: Customer Map 2.5.0 
    v2.5.0 — aspect + hide_count shortcode attrs

  • v2.4.6

    protected
    68ca90b6 · v2.4.6 — content bump (v2.4.5 retagged same commit, was a no-op upgrade) ·
    Release: Customer Map 2.4.6 
    First content-bumped signed release. No behaviour changes vs 2.4.4/2.4.5; just a real version increment so installs visibly move forward after upgrade.

Verifies: signing pipeline, protected-tag rule, in-plugin Ed25519 verification — full supply-chain chain working end to end.

  • v2.4.5

    protected
    955d24a2 · v2.4.4 — remove inbound REST API; fix CI signing variable handling ·
    Release: Customer Map 2.4.5 
    First signed release

  • v2.4.4

    protected
    955d24a2 · v2.4.4 — remove inbound REST API; fix CI signing variable handling ·
    Release: Customer Map 2.4.4 
    **Security hardening + CI signing fix.**

The five \`/wp-json/customer-map/v1/*\` endpoints (status, test-geocode, run-batch, clear-failures, retry-failed) are gone. All admin-only, but each was extra inbound attack surface. Equivalent functionality is unchanged in the admin UI:

- **Customer Map → Geocode Now** — run batch, retry failed, re-geocode all
- **Customer Map → Debug Log** — status report, Nominatim probe, clear failures

If you relied on the REST API for remote monitoring you'll need to switch to scraping the admin pages or to a dedicated monitoring plugin.

v2.4.3 was meant to be the first signed release but the CI build silently skipped signing because \`RELEASE_SIGNING_KEY\` was set as a Variable-type CI variable (value = the secret string) while the script tested for it as a File-type variable (\`[ -f ]\`). v2.4.4 accepts both.

This release itself ships unsigned (CI was still using the v2.4.3 .gitlab-ci.yml at build time). v2.4.5 will be the first verifiably signed release.

  • v2.4.3

    protected
    33208a12 · v2.4.3 — activate release signing ·
    Release: Customer Map 2.4.3 
    **Release signing active.** Every update zip from this point onward is signed with libsodium Ed25519 in CI and verified by the plugin before WordPress installs it. A tampered or substituted zip — from a compromised mirror or MITM — is rejected with a clear error.

- Updates to v2.4.4+ go through signature verification automatically. Nothing to do.
- The Customer Map → Debug Log → Updates panel now shows "Signing: Active (Ed25519, fp ...)" and confirms whether the latest release advertises a \`.sig\` asset.

Existing v2.4.2 installs running with an empty \`NCM_UPDATE_PUBLIC_KEY\` will install this update unverified (legacy path). After upgrading to 2.4.3 they pick up the populated public-key constant and verify all subsequent updates.

  • v2.4.2

    protected
    846aedec · v2.4.2 — optional Ed25519 release signing ·
    Release: Customer Map 2.4.2 
    **Optional Ed25519 release signing — supply-chain protection for updates.**

Once enabled, every update zip is verified against a bundled public key before WordPress is allowed to install it. A tampered download (compromised mirror, MITM) is rejected with a clear error.

\`\`\`sh
php tools/generate-signing-key.php
\`\`\`

Then paste the public key into \`NCM_UPDATE_PUBLIC_KEY\`, upload the secret key to GitLab as the file-type CI variable \`RELEASE_SIGNING_KEY\`, and tag the next release. See README → "Update integrity" for full instructions.

\`NCM_UPDATE_PUBLIC_KEY\` ships empty in 2.4.2 — updates install unverified, same as 2.4.1. The whole feature is opt-in. Existing installs upgrade to 2.4.2 cleanly without any operator action.

Customer Map → Debug Log → Updates now shows signing status, public-key fingerprint, and whether the latest release has a \`.sig\` asset.

  • v2.4.1

    protected
    693ffaee · v2.4.1 — fix header Version drift; CI guardrail ·
    Release: Customer Map 2.4.1 
    Header tidy-up. No behaviour changes.

- Plugin header \`Version:\` field now matches \`NCM_VERSION\` (was stuck at 2.3.2 in v2.4.0).
- CI now blocks any future header/constant drift via a static check in \`safety_check\`.

  • v2.4.0

    protected
    498f16ac · v2.4.0 — HPOS support + data-safety hard guarantee ·
    Release: Customer Map 2.4.0 
    **Fixes the silent-install bug + adds a hard data-safety guarantee.**

WooCommerce 8.2+ defaults to High-Performance Order Storage, putting orders in \`wp_wc_orders\` instead of \`wp_posts\`. Pre-2.4.0 read only the legacy table and silently saw zero orders on HPOS installs. v2.4.0 detects HPOS, declares compatibility, and queries whichever store is active.

The plugin **no longer writes to any WordPress or WooCommerce table**. Per-order processing state moved to a new \`wp_wcm_order_state\` table. Legacy \`_wcm_geocoded\` and \`_wcm_geocode_attempts\` postmeta is migrated on first load and **left in place untouched**. No \`$order->save()\` calls anywhere — eliminates the risk of cascading \`woocommerce_update_order\` hooks firing through the plugin ecosystem.

A new CI stage \`safety_check\` greps the source for any SQL writing to forbidden tables and fails the build if one is reintroduced.

- HPOS state row.
- "Tables owned" / "Read-only" section listing every table the plugin will and won't touch.

Safe for all installs. The migration is idempotent (\`INSERT IGNORE\` on the order_id PK). Legacy postmeta is never modified.

  • v2.3.2

    protected
    b2e2e132 · v2.3.2 — Plugin URI points at GitLab README explicitly ·
    Release: Customer Map 2.3.2 
    Header tidy-up. No behaviour changes — safe to update.

- \`Plugin URI\` and "View details" homepage link now point at the GitLab README blob (\`/tools/customer-map/-/blob/main/README.md\`).

  • v2.3.1

    protected
    33865f91 · v2.3.1 — point Plugin URI at GitLab; author is nolle.engineering ·
    Release: Customer Map 2.3.1 
    Plugin header tidy-up. No behaviour changes — safe to update.

- \`Plugin URI\` now points at the GitLab project (\`gitlab.nolle.engineering/tools/customer-map\`) where source, releases, and changelog live. Previously linked to a non-existent landing page.
- \`Author\` is \`nolle.engineering\` (the brand) instead of \`Patric Nolle\` (the individual).

  • v2.3.0

    protected
    4df2aa76 · v2.3.0 — point updater at the moved project path (tools/customer-map) ·
    Release: Customer Map 2.3.0 
    **Major release:** decoupled storage from blur, customer-intel protection, self-hosted updates, and a Debug Log page for diagnosing silent installs.

- New `Customer Map → Debug Log` page with env, queue, cron, shutdown-hook health, recent failures, a ring-buffered event log, a live Nominatim probe, and a copy-report-to-clipboard button.
- Instrumented logging at upgrade, cron self-heal, shutdown-hook gates, batch start/end, and per-order geocode results.

- Schema gains `lat_orig` / `lng_orig` (dbDelta migration; legacy rows backfilled from current `lat`/`lng`).
- Blur radius now configured in **km** (default 3, max 500).
- Blur is deterministic per-row and applied at query time — change the radius and existing data shifts immediately, no re-geocode required.

- Public AJAX strips order counts. Popups show only city/country; stats bar shows countries + cities.
- Remote single-customer locations still appear (marketing angle), but competitors can no longer derive sales numbers from the public map.
- Public requests are clamped to MAX(site default, requested) — a shortcode can ask for more anonymisation, never less.

- Live blur slider on the admin map.
- Live shortcode preview that mirrors the current product filter + blur, with copy-to-clipboard.
- New \`[customer_map blur="..."]\` shortcode attribute.

- Plugin polls gitlab.nolle.engineering/tools/customer-map for new releases, surfaces them in the standard wp-admin update flow.
- Auto-update **disabled by default** — operators opt in per-install via the standard Plugins screen link.
- Manual "Check for updates now" button on the Debug Log page.

- New \`ncm_blur_radius_km\` (default 3).
- New \`NCM_UPDATE_PROJECT\` constant for installs hosted on a different GitLab path.