* FIX: Automatic backups before updating a plugin, theme, or WP core were not working (regression in 1.23.1)* FIX: A database backup couldn't be taken from WP-Optimize and All-In-One Security (AIOS) (regression)* TWEAK: Add a user capabilities check when downloading a backup (this is not believed to have any security implications, as the download operation already requires knowledge of a further nonce that there is no mechanism for a non-administrator to obtain).* TWEAK: Improve the Handlebars template of the UpdraftVault remote storage by taking PHP code out of it* TWEAK: Prevent making a nonce available to logged-in users who could not manage UpdraftPlus (this did not give access to any unauthorised actions)* TWEAK: Improve the Handlebars template of the UpdraftVault remote storage by taking PHP code out of it* TWEAK: Improve the Handlebars template of the pCloud remote storage by taking PHP code out of it

* FEATURE: Support Cloudflare R2 as a generic S3 storage provider (always use v4 signature)* FEATURE: Added the ability to get an accurate row count for all tables in the advanced tools* FEATURE: Expose an option in the UI to disable chunked uploading when using WebDAV remote storage (previously required a constant)* FEATURE: Add the ability to anonymize WooCommerce order data when cloning a site* FIX: An over-ride enforcing use of V4 signatures on Aliyuncs S3 storage was no longer working* FIX: pCloud error handling in chunked uploading did not pass the error message up to the logging layer* FIX: Backups started under WP-CLI could not backup the database only without any files* FIX: Couldn't add any file/directory inclusion for "Other" entity due to access to one directory up from the current (ABSPATH) isn't permitted* FIX: Atomic restore is not renaming a few tables when not restoring specific tables by using the filter `updraftplus_restore_this_table`.* FIX: Sometimes the "delete old directories" notice displayed even though the actual `-old` directory didn't exist* FIX: The restore point date time was incorrect in the restore screen when restoring the incremental backup, and the WordPress site has a non-GMT timezone set.* TWEAK: Improve manual rescanning and deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUS_SET_TIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)* TWEAK: Add a filter updraftplus_mysqldump_arguments to allow changing of arguments passed to the mysqldump binary when that is being used* TWEAK: Include PHP version in default S3 user agent to aid debugging* TWEAK: Disable Gravatar on UpdraftClone* TWEAK: Cleanup .list.tmp files when a cloud backup completes* TWEAK: Use the function that lists our own cron schedules to simplify the way backup intervals are prepared and to avoid schedules mismatch* TWEAK: Improve manual deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUS_SET_TIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)* TWEAK: Improve the Handlebars template of the S3-Compatible (Generic) remote storage by taking PHP code out of it* TWEAK: Increase max_recursion value to 20 in class-search-replace.php* TWEAK: Add a new function that lists our own cron schedules so that it can later be used as schedules sorting purpose also as a main source from which our schedules list is originated* TWEAK: Display Google drive email address along with account holder name* TWEAK: Fixed WebDAV PHP 8.1+ deprecated warnings* TWEAK: Updated text message displayed on Web Server - Localhost UC Dashboard Key Creation.* TWEAK: Use nonce in every part of a restoration process to prevent direct access that has allows an unwanted log file to be begun. On sites running on end-of-lifed PHP versions (<8.0) it was possible to read the beginning of the log file, causing an unintended information disclosure about the server environment, e.g. Apache version, PHP version and available memory (but current PHP versions are not vulnerable).* TWEAK: Use nonce when starting a new restoration and strengthen the continuation process to prevent direct access that has the potential of being file and/or log abuse* TWEAK: Improve the WebDAV storage module API in regard to the way it handles uploading and writing files* TWEAK: Replace the word "Directory" with "Folder" in UI notices

FIX: Resolves a fatal error that occurred if a user had one specific add-on and not another (i.e. paid versions only)

* FIX: Fix "More Files" tracking on resumption* FIX: Parse error when loading plugins and themes in UpdraftCentral. Error occurs when UpdraftPlus is installed in a system with PHP 5.6 or older.* FIX: BinZip did not handle out-of-tree directory symlinks. These are now backed up as expected.* FIX: When expired tokens occur during Vault uploads, reschedule and resume, to avoid incomplete pruning of backup history* FIX: Inconsistent WebDAV host field behaviour where there are multiple WebDAV storage locations* FIX: The Exclusion rule link text was broken when "uploads" and "wp-content" exclusion settings were initially in an unchecked state* TWEAK: Create IAM call methods in UpdraftPlus_S3* TWEAK: Add a select all / deselect all selector to the table list when restoring* TWEAK: Do not write `SET @@GLOBAL.GTID_PURGED` statements* TWEAK: Improve the upload after create status reporting in the progress widget* TWEAK: If a symlink pointed to an inaccessible location, this was silently skipped when using ZipArchive; it now generates a warning.* TWEAK: Cast the service list to an array in upload_button() to avoid a potential PHP error with PHP 8* TWEAK: Quadruple size of buffer when reading from files for S3 chunks

* FIX: Restrict the CSS scope for our jQuery to prevent conflicts* FIX: UI bug when unable to download a database for restoration and then retrying before refreshing the page* TWEAK: Add basic design to confirmation window when adding a site to UpdraftCentral* TWEAK: Prevent a PHP coding deprecation warning on PHP 8.1* TWEAK: Feedburner URLs now are case-sensitive* TWEAK: Improve the Handlebars template of the Rackspace Cloud Files remote storage by taking PHP code out of it* TWEAK: WP Rocket - disable CDN upon migration completion since key will be invalid.* TWEAK: Improve the UpdraftClone user-visible feedback and logging on delay or failure conditions* TWEAK: Improve the Handlebars template of the Rackspace Cloud Files remote storage by taking PHP code out of it   * TWEAK: WebDAV refactor part 2: Eliminate the stream-wrapper layer

* FIX: Infinite recursions/loops appeared to happen in restoration during the search-replace operation especially when some tables had a circular reference in their serialised data* FIX: Prevent PclZip from restoring empty/corrupt archives* FIX: Zip file sizes had ceased to be recorded in the backup history* FIX: Fix fatal error when loading the "Advanced Tools" section for UpdraftCentral* TWEAK: Log intermediate unzip errors before proceeding with different method

* FEATURE: Restore the "upload immediately after creation" feature that was turned off whilst misbehaviour was investigated; fixes have been applied.* FIX: Prevent premature removal of zip manifest files* TWEAK: Improve the Handlebars template of the OpenStack (Swift) remote storage by taking PHP code out of it* TWEAK: Do not run out-of-place "SET @@GLOBAL.GTID_PURGED" statements upon restore

* TWEAK: The "upload immediately after creation" feature has been disabled whilst reports of incorrect behaviour are investigated* TWEAK: Replace require_once to include_once and use the UpdraftCentral path constant when loading the UpdraftCentral host class.* TWEAK: Modify the "overdue crons" message for greater clarity

* TWEAK: Suppress pre-loading of phpseclib libraries, which has exposed fatal-error inducing bugs in a handful of unmaintained third-party plugins and themes* TWEAK: Increase the number of conditions for which attempts to access an S3 bucket will result in more logging

* FIX: Ensure jobdata is saved before attempting a partial cloud upload, preventing potential omission of an archive* FEATURE: Restore the "upload immediately after creation" feature that was turned off in 1.22.16 whilst misbehaviour was investigated* TWEAK: Add log information as to why DB stored routines couldn't be included in the backup if that should be so* TWEAK: Declare some implicity-declared class variables to avoid warnings in PHP 8.2

TWEAK: Temporarily revert "upload immediately after create" feature from 1.22.15

* FIX: Selective table restore* FIX: Fix restore button JS issue when importing single site to multisite* TWEAK: Allow charset to be set during a WP_CLI restore* TWEAK: Use similar charset if one is not set and not supported during a WL_CLI restore* TWEAK: Add bulk process handler for UpdraftCentral's plugin and theme modules* TWEAK: Return previous plugin and theme states before installation or activation* TWEAK: Improve the Handlebars template of the Backblaze remote storage by taking PHP code out of it (Premium)* TWEAK: Improve the Handlebars template of the WebDAV remote storage by taking PHP code out of it (Premium)* TWEAK: Improve the Handlebars template of the SFTP/SCP remote storage by taking PHP code out of it (Premium)* TWEAK: Avoid using 'phpmailer_init' action when setting up sender name and sender email address, as some SMTP plugins override the 'wp_mail()' function and they don't bother to call the 'phpmailer_init' action* TWEAK: Prevent increments being added to backups from other sites

* FIX: Internal S3 library did not correctly construct canonical query string with v4 signatures if there were multiple parameters, leading to wrong signatures and failed authorisation* FIX: Fix a recent regression that caused DNS hostnames to not be preferred when using Amazon S3* TWEAK: Prevent deprecation notice on PHP 8.1 if opening a zero-size zip file* TWEAK: Introduce filter updraftplus_dropbox_fetch_curl_options for easier debugging/experimentation

* FIX: Fix a regression in the 1.22.9 adjustment to the internal S3 library's evaluation of when to use a Host: header* FIX: Fix a long-standing issue whereby if S3-related credentials were being tested via the front-end UI, and multiple back-end instances were present, then the wrong settings could be used in making decisions on Host: headers

* FIX: Do not attempt to use S3 DNS-style bucket naming in alternative library if SSL validation will fail due to AWS certificate wildcard policies or other bucket naming-related reasons* TWEAK: Add version number to alternative S3 library requests

* FIX: Internal S3 library was missing a method for using session tokens together with Vault* FIX: Various UI issues with the S3 IAM Wizard* TWEAK: Use AWS SDK/Guzzle for S3 operations if Curl is not available* TWEAK: Prevent coding deprecation notice during S3 upload on PHP 8.1

* FIX: Internal S3 library had regressed in its ability to detect bucket location on AWS when using v4 signatures* TWEAK: When using S3 APIs, log the class used for easier debugging* TWEAK: Change S3 SDK selection algorithm

* FIX: An issue that prevented being able to browse the contents of an already downloaded backup zip file* FIX: Add previously unbundled AWS SDK file for IAM service description which prevented S3 wizard in the Premium version working correctly* FIX: Prevent a fatal error when handling some S3 errors, caused by a format change* TWEAK: When loading AWS SDK at upload time, apply some work-arounds for plugins with buggy or old versions of related libraries* TWEAK: Update to latest AWS SDK toolkit, fixing an error with error-reporting in some situations in the previous version* TWEAK: Remove vendor/aws/aws-crt-php/run_tests.bat from build (apparently one user's hosting does not allow .bat files), plus other unnecessary files from that package* TWEAK: Enable PHP 8.1 in UpdraftClone (N.B. not yet officially supported by WordPress, so, made available for testing/development purposes)* TWEAK: Prevent error emitted on the browser console when 'Images' filter is selected on UpdraftCentral's media module

* TWEAK: Prevent a couple of possible fatal errors when printing autobackup options on PHP 8* TWEAK: Work around a bug in the JetPack autoloader that was triggered when projects using that also used Guzzle in a different namespace

* FIX: Unexpected 'Backup History' array structure during the rescanning of the new backup sets that changed the type of the database associative keys from string to array format* FIX: Failure in excluding and wiping out jobdata during backup and restore causing the same backup to repeat under certain circumstances* REFACTOR: Upgrade AWS SDK from version 2.8 to 3* TWEAK: Improve how log file and backup file attachments are handled through mail-related functions, so they don't get omitted by some 3rd party SMTP plugins* TWEAK: Overcome PHP 8 'Only the first byte will be assigned to the string offset' warning when rescanning local folder and/or remote storage for new backup sets* TWEAK: On Windows, when mysqldump.exe binary is in use for backing up database, it failed to exclude updraft_jobdata_* entries due to 'escapeshellarg' function that replaces % char to white space* TWEAK: Switch to official jstree release now that our patch is included* TWEAK: Update updater library in paid version to current release* TWEAK: In the multisite add-on, store the last log message separately to perform better with binary logging together with large backups* TWEAK: Add Google branding to the Google Drive authentication link* TWEAK: Change complex formatting string to avoid translator errors resulting in PHP errors

* TWEAK: New versionning scheme; the second part of the version number was previously not used very meaningfully/systematically; together with the third, it now indicates the year of release and number within that year* TWEAK: Adjust run-time performance check, removing one test that was no longer appropriate* TWEAK: In the multisite add-on, store the last log message separately to perform better with binary logging together with large backups* TWEAK: Adjust next resumption display message if there isn't one* TWEAK: Cache the UpdraftVault quota to reduce the amount of network calls made during long backups

* FIX: A bug that prevented a final resumption from attempting to split the zip to make progress* FIX: Handle LOCK TABLES statements produced by some mysqldump versions properly in case of atomic restores* FIX: Packaging error in 1.16.67* SECURITY: Fix a non-persistent XSS error allowing an attacker to once run JavaScript in your web browser if you clicked on a link crafted personally for you whilst logged into your site (very similar to that fixed in 1.16.65/6)* TWEAK: Search and replace ABSPATH if it's changed, non-trivial and stored in the DB by a bad plugin/theme* TWEAK: Make whole label for "UpdraftPlus temporary clone user login settings" clickable* TWEAK: Change wording for an advanced tool for clarity* TWEAK: Include UD in user agent for S3 calls when using the AWS SDKs* TWEAK: Make sure WP_Error is passed up during specific plugin update failure case

* FIX: A bug that prevented a final resumption from attempting to split the zip to make progress* FIX: Handle LOCK TABLES statements produced by some mysqldump versions properly in case of atomic restores* SECURITY: Fix a non-persistent XSS error allowing an attacker to once run JavaScript in your web browser if you clicked on a link crafted personally for you whilst logged into your site (very similar to that fixed in 1.16.65/6)* TWEAK: Search and replace ABSPATH if it's changed, non-trivial and stored in the DB by a bad plugin/theme* TWEAK: Make whole label for "UpdraftPlus temporary clone user login settings" clickable* TWEAK: Change wording for an advanced tool for clarity* TWEAK: Include UD in user agent for S3 calls when using the AWS SDKs* TWEAK: Make sure WP_Error is passed up during specific plugin update failure case

SECURITY: The fix made in 1.16.65 was faulty; this release corrects it.

* SECURITY: Fix a non-persistent XSS error allowing an attacker to once run JavaScript in your web browser if you clicked on a link crafted personally for your site whilst logged into it. Discovered by Cryptotipit.* TWEAK: Premium - add review link at bottom of admin

* FIX: Do not create a zip manifest file if the zip is still potentially incomplete* TWEAK: Improve Dropbox downloading performance by reducing round-trips, by eliminating unnecessary chunking* TWEAK: Update certificate store to current list* TWEAK: Increase precision of previous check-in record in log

* FIX: Use correct zip file name when creating manifest* TWEAK: Tweak the response data of UpdraftCentral's plugin and theme handlers to add additional error information* TWEAK: Moved the raw backup history command so it can be accessed via UpdraftCentral* TWEAK: Optimise away unnecessary file open/read/close cycle on null gzip files when writing the final database dump (should help on enormous sites with thousands of tables)* TWEAK: Cleanup .list.tmp files when a local backup completes* TWEAK: Refactor WebDAV addon code for future improvements

* FIX: Fix UpdraftCentral error when installing plugin or theme on a slow connection* TWEAK: Support wildcard (asterisk char) exclusions not just for the first/top-level directory but also for the 2nd level directories and below* TWEAK: Fix deprecation warning on UpdraftCentral's comment settings* TWEAK: Algorithm improvement with small tables with individually large rows not triggering the existing over-sized rows algorithm, to reduce fetch size quicker* TWEAK: Implement the newly abstracted host plugin usage/process within the UpdraftCentral client code* TWEAK: Improve backtrace logging* TWEAK: Add admin and log warning messages regarding the planned shutdown of Microsoft Azure and OneDrive Germany* TWEAK: Output UpdraftVault quota recount link if needed* TWEAK: Introduce constant: UPDRAFTPLUS_LOG_BACKUP_SELECTS: Defining this to true will cause the SQL SELECT commands used when fetching data for a database table backup to be logged in the UpdraftPlus backup log* TWEAK: Don't change SQL modes if a null value is returned* TWEAK: Existing backups paging logic to avoid a confusing rescan user experience

* FIX: If MySQL performance was very fast on large tables, and if fallback fetch mode was being used (which should not occur on any WordPress core table, but can be triggered on recent Oracle MySQL 8.0 versions), then when increasing rows fetched on large tables, some rows could be unintentionally skipped.* TWEAK: Oracle MySQL 8.0 from somewhere after 8.0.17 has removed the display width from the response to SHOW CREATE TABLE, resulting in failure (prior to this tweak) to detect a primary key type that can be used with faster fetching* TWEAK: Use 'wp_mail_failed' action hook to improve logging of email delivery failures caused by a PHPMailer exception* TWEAK: Add additional log information to themes and plugins modules

* TWEAK: Add method to check whether an image editor is available for UpdraftCentral's image media editing feature.* TWEAK: In the reporting add-on accept URLs, if the address is a URL then instead of emailing it, POST it to that URL using the format used by Slack* TWEAK: Add a link to the create clone UI to explain the various clone package sizes* TWEAK: Record ABSPATH in the summary* TWEAK: Prevent a couple of unwanted logging notices on PHP 8* FIX: An issue that prevented the more files restore UI appearing if it was part of an incremental backup* FIX: Add an extra check to prevent incremental backups from being run after a migration, if incremental backups are not enabled.

* FIX: Each time the 'Upload Backup' dialog is opened, '(already uploaded)' text is appended one more time for the same remote storage resulting in it being nearly impossible to have the two buttons shown at the bottom* FEATURE: (Paid versions) New WP-CLI command (connect) to connect plugin with the user's associated account/licence on updraftplus.com* TWEAK: Enhanced over-sized row-detection to include any table with a primary key and a LONGTEXT* TWEAK: Log file now includes max packet size* TWEAK: Properly handle port numbers included in DB_HOST when using mysqldump* TWEAK: Handle UNIX socket paths included in DB_HOST when using mysqldump* TWEAK: Increase default mysqldump maximum packet size* TWEAK: Change WebDAV request library to HTTP_Request2* TWEAK: Add custom category sorting on post module using uasort due to deprecation warning emitted on UpdraftCentral* TWEAK: Added an icon within the top-right of the log widget allowing user to toggle that part between its current size and full-screen of the restoration log section* TWEAK: Prevent an error in the phpinfo advanced tool when handling non-string constants* TWEAK: Escape remote storage IDs in output templates* TWEAK: Suppress unwanted error logging related to Gravity Forms* TWEAK: Clear Elementor cache at the end of restoration process (if possible) giving an opportunity for Elementor to regenerate CSS files on the next page load request* TWEAK: Clear Avada/Fusion-related CSS cache at the end of restoration process (if relevant)* TWEAK: Catch and recover from errors and exceptions when clearing third-party caches* TWEAK: Prevent a PHP logging notice when an SCP server is scanned for files* TWEAK: Remove unused CloudFront methods from S3 library* TWEAK: Added missing anonymisation.png graphic and detail of Anonymisation addon in the addons list table* TWEAK: Added Update URI header field to avoid accidentally being overwritten with an update of a plugin of a similar name from the WordPress.org Plugin Directory.* TWEAK: Improvements in finding a working mysqldump binary during a backup operation* TWEAK: Start on larger chunk sizes when fetching *meta table contents, and scale up chunk sizes on all tables dynamically (less SQL queries; but testing shows it makes little difference to overall speed)* TWEAK: Adjust Google Drive to retry once after a UDP_Google_IO_Exception, as was done in Google Cloud - intended to help with intermittently buggy Curl versions* TWEAK: Show a notice when attempting to download a backup from email remote storage explaining nothing can be downloaded