Version Packages (#2434)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

.changeset/faustwp-1-8-10.md

@@ -1,5 +1,11 @@
 # Faust
 
+## 1.8.10
+
+### Patch Changes
+
+- 81a854f: Maintenance release for WordPress.org. No functional changes. Sites still on 1.8.0 remain affected by GHSA-q6pm-r77q-qcv3 / CVE-2026-54239 and should update.
+
 ## 1.8.9
 
 ### Patch Changes

plugins/faustwp/CHANGELOG.md

@@ -9,7 +9,7 @@
  * License URI: https://www.gnu.org/licenses/gpl-2.0.html
  * Text Domain: faustwp
  * Domain Path: /languages
- * Version: 1.8.9
+ * Version: 1.8.10
  * Requires PHP: 7.4
  * Requires at least: 5.7
  * Tested up to: 6.9

plugins/faustwp/faustwp.php

@@ -1,5 +1,5 @@
 {
   "name": "@faustwp/wordpress-plugin",
-  "version": "1.8.9",
+  "version": "1.8.10",
   "private": true
 }

plugins/faustwp/package.json

@@ -3,7 +3,7 @@ Contributors: antpb, apmatthe, blakewpe, chriswiegman, claygriffiths, colin-murp
 Tags: faustjs, faust, headless, decoupled, composable-architecture
 Requires at least: 5.7
 Tested up to: 6.9
-Stable tag: 1.8.9
+Stable tag: 1.8.10
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -49,24 +49,24 @@ Johann Faust was a German printer and was instrumental in the invention of the p
 = 1.8.10 =
 Maintenance release. Sites still on 1.8.0 should update to address GHSA-q6pm-r77q-qcv3 / CVE-2026-54239.
 
-== Changelog ==
-
-= 1.8.9 =
-
-### Patch Changes
-
-- 139479d: Remove the `Update URI: false` header from `faustwp.php` so WordPress checks wordpress.org for plugin updates. This restores wordpress.org as the canonical update channel for new installs. The 1.8.8 security fix (GHSA-q6pm-r77q-qcv3) — include the IV in the token envelope HMAC to prevent authentication bypass — was reported by ParkHyunWoo (@hwpark6804-gif) via Patchstack.
-
-= 1.8.8 =
-
-### Patch Changes
-
-- cda00de: fix[faustwp]: include the IV in the token envelope HMAC to prevent authentication bypass via IV bit-flipping (GHSA-q6pm-r77q-qcv3)
-
-= 1.8.7 =
-
-### Patch Changes
-
-- ca1e2f4: fix[faustwp]: update documentation links in settings page to use current URL structure
-
-[View the full changelog](https://github.com/wpengine/faustjs/blob/canary/plugins/faustwp/CHANGELOG.md)
+== Changelog ==
+
+= 1.8.10 =
+
+### Patch Changes
+
+- 81a854f: Maintenance release for WordPress.org. No functional changes. Sites still on 1.8.0 remain affected by GHSA-q6pm-r77q-qcv3 / CVE-2026-54239 and should update.
+
+= 1.8.9 =
+
+### Patch Changes
+
+- 139479d: Remove the `Update URI: false` header from `faustwp.php` so WordPress checks wordpress.org for plugin updates. This restores wordpress.org as the canonical update channel for new installs. The 1.8.8 security fix (GHSA-q6pm-r77q-qcv3) — include the IV in the token envelope HMAC to prevent authentication bypass — was reported by ParkHyunWoo (@hwpark6804-gif) via Patchstack.
+
+= 1.8.8 =
+
+### Patch Changes
+
+- cda00de: fix[faustwp]: include the IV in the token envelope HMAC to prevent authentication bypass via IV bit-flipping (GHSA-q6pm-r77q-qcv3)
+
+[View the full changelog](https://github.com/wpengine/faustjs/blob/canary/plugins/faustwp/CHANGELOG.md)