Plugin version number, CHANGELOG.md, and readme.txt for 3.11.0

CHANGELOG.md

@@ -1,5 +1,48 @@
 # Change Log
 
+## [3.11.0](https://github.com/auth0/wp-auth0/tree/3.11.0) (2019-05-30)
+[Full Changelog](https://github.com/auth0/wp-auth0/compare/3.10.0...3.11.0)
+
+**Notes on this release**
+
+- Lock was updated from 11.15 to 11.16. The option to display social connections in small styled buttons is no longer available due to branding compliance reasons with third party identity providers. All the social connections will now be displayed as large styled buttons.
+- New installs using user migration will now have a namespaced user ID returned to Auth0 on first login. If you have or plan on having multiple custom databases, please see the [User Migration documentation](https://auth0.com/docs/cms/wordpress/user-migration) for more information. New installs will also use configuration variables instead of hard-coded values for the URL, migration token, and user namespace.
+- The WordPress core login override has been refactored to improve the user experience and overall security. 
+- Added more complete ID token validation during login.
+- Sites using VIP Go are now able to use MFA.
+- Fixed a bug that prevented sites using user migration from changing the WordPress user's email. 
+
+**Closed issues**
+- WordPress.com VIP Go MFA incompatibility [\#687](https://github.com/auth0/wp-auth0/issues/687)
+
+**Added**
+- Add auth0_lock_options filter [\#691](https://github.com/auth0/wp-auth0/pull/691) ([joshcanhelp](https://github.com/joshcanhelp))
+- Spanish translations for new UI text [\#685](https://github.com/auth0/wp-auth0/pull/685) ([joshcanhelp](https://github.com/joshcanhelp))
+
+**Changed**
+- Fix migration namespace and callback [\#694](https://github.com/auth0/wp-auth0/pull/694) ([joshcanhelp](https://github.com/joshcanhelp))
+- Change JWT leeway filter name and add tests [\#692](https://github.com/auth0/wp-auth0/pull/692) ([joshcanhelp](https://github.com/joshcanhelp))
+- Translate plugin links and remove error log [\#682](https://github.com/auth0/wp-auth0/pull/682) ([joshcanhelp](https://github.com/joshcanhelp))
+- Remove small social icons [\#680](https://github.com/auth0/wp-auth0/pull/680) ([joshcanhelp](https://github.com/joshcanhelp))
+- Edit login.css [\#679](https://github.com/auth0/wp-auth0/pull/679) ([frooeyzanny](https://github.com/frooeyzanny))
+- Refactor Auth Code login and add tests [\#678](https://github.com/auth0/wp-auth0/pull/678) ([joshcanhelp](https://github.com/joshcanhelp))
+
+**Deprecated**
+- Deprecate WP_Auth0_Options::can_show_wp_login_form() [\#690](https://github.com/auth0/wp-auth0/pull/690) ([joshcanhelp](https://github.com/joshcanhelp))
+- Deprecate WP_Auth0_Api_Client methods [\#684](https://github.com/auth0/wp-auth0/pull/684) ([joshcanhelp](https://github.com/joshcanhelp))
+- Deprecate Render Big Social Buttons method [\#683](https://github.com/auth0/wp-auth0/pull/683) ([joshcanhelp](https://github.com/joshcanhelp))
+
+**Fixed**
+- Fix VIP Go MFA screen [\#689](https://github.com/auth0/wp-auth0/pull/689) ([joshcanhelp](https://github.com/joshcanhelp))
+- Namespace user IDs and use DB configuration for new user migration installs [\#681](https://github.com/auth0/wp-auth0/pull/681) ([joshcanhelp](https://github.com/joshcanhelp))
+- Use existing migration token during setup [\#676](https://github.com/auth0/wp-auth0/pull/676) ([joshcanhelp](https://github.com/joshcanhelp))
+- Fix Auth0 logout redirect [\#675](https://github.com/auth0/wp-auth0/pull/675) ([joshcanhelp](https://github.com/joshcanhelp))
+- Check for email update in migration-ws-get-user endpoint [\#674](https://github.com/auth0/wp-auth0/pull/674) ([joshcanhelp](https://github.com/joshcanhelp))
+
+**Security**
+- Improve WordPress core login override for security and UX [\#686](https://github.com/auth0/wp-auth0/pull/686) ([joshcanhelp](https://github.com/joshcanhelp))
+- Add issuer and audience ID token validation [\#677](https://github.com/auth0/wp-auth0/pull/677) ([joshcanhelp](https://github.com/joshcanhelp))
+
 ## [3.10.0](https://github.com/auth0/wp-auth0/tree/3.10.0) (2019-04-18)
 [Full Changelog](https://github.com/auth0/wp-auth0/compare/3.9.0...3.10.0)
 

WP_Auth0.php

@@ -3,13 +3,13 @@
  * Plugin Name: Login by Auth0
  * Plugin URL: https://auth0.com/docs/cms/wordpress
  * Description: Login by Auth0 provides improved username/password login, Passwordless login, Social login, MFA, and Single Sign On for all your sites.
- * Version: 3.11.0-beta
+ * Version: 3.11.0
  * Author: Auth0
  * Author URI: https://auth0.com
  * Text Domain: wp-auth0
  */
 
-define( 'WPA0_VERSION', '3.11.0-beta' );
+define( 'WPA0_VERSION', '3.11.0' );
 define( 'AUTH0_DB_VERSION', 22 );
 
 define( 'WPA0_PLUGIN_FILE', __FILE__ );

readme.txt

@@ -1,6 +1,6 @@
 === Login by Auth0 ===
 Tags: login, oauth, authentication, single sign on, ldap, active directory, saml, windows azure ad, google apps, two factor, two-factor, facebook, google, twitter, baidu, renren, linkedin, github, paypal, yahoo, amazon, vkontakte, salesforce, box, dwolla, yammer, passwordless, sms, magiclink, totp, social
-Tested up to: 5.1.1
+Tested up to: 5.2.1
 Requires at least: 3.8
 Requires PHP: 5.3
 License: GPLv2
@@ -24,10 +24,6 @@ This plugin replaces standard WordPress login forms with one powered by [Auth0](
     - Password policies
     - Email validation
     - Mitigate brute force attacks
-- **Easy access to your users data**
-    - User stats
-    - Profile data
-    - Login history and locations
 
 == Installation ==
 
@@ -122,24 +118,11 @@ All is not lost!
 
 == Changelog ==
 
-**v3.10.0**
-
-- The "Single Logout" functionality has been changed. This setting now logs users out of Auth0 automatically when they log out of WordPress. It no longer logs users out of WordPress automatically if they have already been logged out of Auth0.
-- Core WordPress login form display handling has been changed to improve security and maintainability. Please review the "Original Login Form on wp-login.php" option on the **Basic** tab of the plugin settings to make sure this is set properly for your site.
-- The following settings have been deprecated and will be removed in the next major release if they are still being used:
-    - **Features > "Single Sign-On"**: To use SSO going forward, please activate the "Universal Login Page" setting in the **Features** tab of the plugin settings.
-    - **Appearance > "Custom CSS" and "Custom JS"**: If you already have CSS and/or JS stored, the setting will continue to work until the next major release. If not, these fields have been removed.
-- The following settings have been removed from the plugin. Please use the Auth Dashboard to manage these going forward. The functionality has not been removed from Auth0, only the ability to manage it from WordPress:
-    - **Basic >API Token**
-    - **Features > "Password Policy"**
-    - **Features > "Multifactor Authentication (MFA)"**
-    - **Features > "FullContact"**
-    - **Features > "Store Geolocation"**
-    - **Features > "Store Zipcode Income"**
-    - **Advanced > "Link Users with Same Email"**
-- The default Lock version has been updated from 11.5 to 11.14. If you have never changed the Lock URL, this update will be automatic for this and future releases.
-- An Auth0 login form (or link to login) will now appear on the WooCommerce Checkout page for sites that allow or require an account to check out.
-- The connection with the WP JWT Auth plugin has been deprecated and will be removed in the next major.
-- And more!
-
-[Complete list of changes for this and other releases](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#3100-2019-04-16)
+**v3.11.0**
+
+- Lock was updated from 11.15 to 11.16. The option to display social connections in small styled buttons is no longer available due to branding compliance reasons with third party identity providers. All the social connections will now be displayed as large styled buttons.
+- New installs using user migration will now have a namespaced user ID returned to Auth0 on first login. If you have or plan on having multiple custom databases, please see the [User Migration documentation](https://auth0.com/docs/cms/wordpress/user-migration) for more information. New installs will also use configuration variables instead of hard-coded values for the URL, migration token, and user namespace.
+- Added more complete ID token validation during login.
+- Fixed a bug that prevented sites using user migration from changing the WordPress user's email.
+
+[Complete list of changes for this and other releases](https://github.com/auth0/wp-auth0/releases)