Skip to main content

Multi-Tenancy Changelog

Version 1.2.1 - Released on 2026-06-03

  • Fix: route marketplace deployment API calls directly to the origin server to bypass Cloudflare challenge pages during release publishing

Version 1.2.0 - Released on 2026-06-03

  • Fix: clean sovereign teardown credentials
  • Fix: harden consume session handling
  • New: add stateless tenant autologin
  • Improved: absorb tenant globals fixes
  • Fix: normalize same-machine host strings to unblock sovereign installs on Bedrock hosts
  • Fix: auto-isolation produces sovereign tenants
  • Fix: handle core sovereign extension hooks
  • Fix: route legacy isolated networks at bootstrap
  • New: replace Database_Router with deprecation stub (Phase 5.4)
  • Fix: verify tenant grants for configured host
  • Fix: allow CI to skip debug-log migration gate
  • Fix: baseline debug log migration gate
  • Fix: tolerate sovereign install user during migration verification
  • Fix: align fixture user count with sovereign install
  • Fix: mock synthetic tenant HTTP in wp-env e2e
  • Fix: use valid tenant hostname in e2e fixture
  • Fix: match migrate command options in e2e harness
  • Fix: install addon tables before loading e2e fixture
  • Fix: prepare mounted plugins for wp-env e2e
  • Fix: execute wp-env commands through container shell
  • Fix: align integration checkout with wp-env paths
  • Fix: plumb configurable MySQL host binding
  • Fix: prevent duplicate broadcast meta rows
  • Fix: dedupe credential sitemeta rows
  • Fix: update Site_Router::resolve_sovereign references to Site_Router::resolve
  • New: provision users during sovereign migration
  • New: add sovereign migration verification gates
  • Fix: create_writer_user — use DDL admin, drop placeholder DDL, capture errors before close
  • Fix: portable AS drain so verify-sovereign-push actually processes the queue
  • Fix: bind all NOT NULL wp_posts columns in broadcast REPLACE INTO
  • New: ADR-001 Phase 3-A9 — verify-sovereign-push + integration tests
  • Improved: add Model Policy section — never Haiku for upstream-interfacing code
  • New: implement Tenant_Schema_Bootstrap (ADR-001 Phase 3-A5)
  • New: implement Tenant_DB_Writer (ADR-001 Phase 3-A4)
  • New: implement Tenant_Bootstrap_Local (ADR-001 Phase 3-A1)
  • New: remove Sovereign_Tenant_Endpoints class and registration (ADR-001 Phase 3-A0)
  • New: ADR-001 Phase 3.10 — Per-gateway tenant-context audit
  • New: ADR-001 Phase 3.6 — Network-side API audit log + daily summary
  • New: ADR-001 Phase 5.6 — flip host_binding default to 'localhost'
  • New: add scan_orphans command for orphan table cleanup
  • New: ADR-001 Phase 3.3 — sovereign tenant REST endpoints
  • New: ADR-001 Phase 5.1 — wp tenant verify-no-legacy pre-flight command
  • New: Phase 2.2 — SSO purpose claim, jti replay nonce, 5-min exp cap
  • New: ADR-001 Phase 2.3 — Network_User_Sync lazy SSO provisioning
  • New: ADR-001 ph2.7 — SSO audit logging + network admin log viewer
  • New: ADR-001 Phase 2.6 — origin pinning + SSO-gen counter revocation
  • New: network admin 'Visit (SSO)' button for sovereign tenants
  • New: ADR-001 Phase 2.4 — sovereign SSO query-arg handling
  • New: guard sovereign-incompatible paths in Remote_SSO_Handler
  • New: Phase 1 complete - tenant install, domain patch, charset fix
  • New: Phase 1 routing fast-path + S1 fix opt-in
  • New: ADR-001 + Phase 1 foundation (isolation_model column + registry awareness)
  • Fix: match IF [NOT] EXISTS in DDL fallback regex
  • Fix: normalize DB_HOST=localhost to 127.0.0.1 for FrankenPHP
  • Fix: make deferred site creation reliable; neutralise orphan-row source
  • Fix: opcache-safe registry wrappers + stable tenant_root
  • New: per-subsite database + filesystem isolation (Stage 1)
  • New: add Hostinger multi-tenancy capability

Version 1.1.2-beta.1 - Released on 2026-05-13

  • Beta: First beta of 1.1.2 — see entry below for the full change list.

Version 1.1.2 - Released on 2026-XX-XX

  • Fix: Add missing add_remote_sites_menu method on Remote_SSO_Handler to resolve admin menu error
  • Fix: Route separate_db site creation through the configured node provider so per-site databases are provisioned consistently (#19)
  • Chore: Rebrand marketplace URLs from multisiteultimate.com to ultimatemultisite.com (Plugin URI, Author URI, package homepage, author email)
  • Chore: Harden composer archive excludes so internal dev directories (.beads, .agents, AGENTS.md, etc.) are not shipped to customers

Version 1.1.1 - Released on 2026-05-06

  • Fix: Resolved parse error caused by duplicate handle_sso_login function definition
  • Fix: SSO token validation now accepts simpler tokens issued by the main site's login flow
  • Fix: Updated deprecated wu_sso_verify action to the current sso_verify parameter

Version 1.1.0 - Released on 2026-04-29

  • New: Network Registry compiler generates a flat PHP file for request-time domain resolution without DB queries
  • New: Credential Store with sodium encryption for secure database credential storage (env/file/meta refs)
  • New: Database Router for single-DB-per-request routing, delegates to existing db-config for host network
  • New: db-config.php overlay installed to WP_CONTENT_DIR on activation (LudicrousDB integration)
  • New: Local Provider for MySQL database and user provisioning with dedicated DDL user
  • New: Tenant filesystem class for per-tenant uploads, cache, and plugin directory isolation
  • New: Per-tenant Docket Cache isolation with renamed overlay directories
  • New: Privileged sidecar daemon and client for cross-server provisioning
  • New: Marketplace catalog with BerlinDB table, model, and entitlement-gated install/uninstall
  • New: MySQL grants auditor and cross-network query guard for security hardening
  • New: WP-CLI tenant exec wrapper for running commands in tenant context
  • New: WP-CLI tenant command for provisioning management
  • New: WP-CLI static-site commands for per-domain static site serving
  • New: Addon sunrise.php for customer network domain override at earliest WordPress lifecycle
  • New: Subdomain resolution within tenant networks (e.g. restaurant.tenant.host)
  • New: Loco Translate isolation directory in tenant layout
  • Fix: Credential Store writes directly to host DB via mysqli, bypassing update_site_option() cross-table routing
  • Fix: Network Registry fetch_customer_networks() uses direct host DB connection, prevents registry corruption in tenant context
  • Fix: host_domains() uses direct host DB connection and base_prefix instead of blog-specific table_prefix
  • Fix: Sunrise global declarations so overrides survive WP Ultimo method scope inclusion
  • Fix: Sunrise resolves HTTP_HOST against tenant DB wp_blogs for correct subsite routing
  • Fix: Symlink handling in regenerate() preserves Trellis shared files
  • Fix: FrankenPHP socket compatibility (localhost to 127.0.0.1 for TCP)
  • Fix: WP_HOME/WP_SITEURL constant override for tenant networks
  • Improved: Build pipeline using composer archive matching WooCommerce addon pattern
  • Improved: Deploy workflow with automated GitHub Release and WooCommerce marketplace delivery

Version 1.0.0 - Released on 2026-04-28

  • New: Network-level database routing — per-request DB isolation via db-config.php overlay
  • New: Credential Store with sodium encryption (env/file/meta credential references)
  • New: Network Registry compiler — fast flat-PHP file read by db-config.php overlay
  • New: Privileged sidecar daemon with Unix socket client and provider
  • New: Tenant filesystem support with Local_Provider integration and sunrise constant injection
  • New: Marketplace catalog with BerlinDB table, model, and entitlement-gated install/uninstall
  • New: WP tenant CLI command for provisioning and tenant management
  • New: Dedicated MySQL user for DDL provisioning operations (separate from query user)
  • New: WP-CLI tenant exec wrapper for running commands in a specific tenant context
  • New: Static filesystem class for per-domain static site serving
  • New: WP-CLI static-site commands
  • New: Addon sunrise.php for customer network override on early WordPress boot
  • New: Resolve subdomain subsites within tenant networks
  • New: Per-tenant Docket Cache isolation with renamed overlay directories
  • New: Loco Translate isolation via per-tenant loco/ directory in tenant layout
  • New: 12 hosting provider integrations (cPanel, Cloudways, RunCloud, GridPane, ServerPilot, Closte, Hestia, Enhance, Rocket.net, WP Engine, WPMUDEV, Cloudflare)
  • New: MySQL grants auditor and cross-network query guard for security hardening
  • Fix: PHP 8.2+ typed properties for database table instances
  • Fix: FrankenPHP socket compatibility and sunrise customer network override
  • Fix: Database Router fallback to include_once in sunrise context
  • Fix: BerlinDB tables auto-install on activation
  • Fix: Credential store writes directly to host DB; registry always reads host blogs table
  • Fix: host_domains() uses direct host DB connection and base_prefix (not blog-specific prefix)
  • Fix: fetch_customer_networks uses direct host DB query (not BerlinDB ORM)
  • Fix: Resolve symlinks in regenerate() to preserve Trellis shared files
  • Fix: Override WP_HOME/WP_SITEURL constants correctly for tenant networks
  • Fix: Add global declarations so sunrise overrides survive method scope
  • Fix: Use explicit DB name for subsite blog lookups in sunrise
  • Improved: Skip plugin autoloader when Bedrock root autoloader has already loaded dependencies