udx · balexey88 · Jan 19, 2026 · Jan 16, 2026 · Jan 16, 2026 · Jan 16, 2026
diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,9 @@
 == Changelog ==
-= 4.4.0 =
+= 4.4.1 - 2026-01-16 =
+* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/).
+* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short.
+
+= 4.4.0 - 2026-01-10 =
 * NEW - plugin requires PHP 8.1+.
 * ENHANCEMENT - updated `firebase/php-jwt` library from  6.11.1 to 7.0.2.
 * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0.

diff --git a/changes.md b/changes.md
@@ -1,4 +1,8 @@
-#### 4.4.0
+#### 4.4.1 - 2026-01-16
+* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/).
+* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short.
+
+#### 4.4.0 - 2026-01-10
 * NEW - plugin requires PHP 8.1+.
 * ENHANCEMENT - updated `firebase/php-jwt` library from  6.11.1 to 7.0.2.
 * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0.

diff --git a/lib/classes/class-module.php b/lib/classes/class-module.php
@@ -50,11 +50,6 @@ public function __construct() {
        */
       new TheEventsCalendar();
 
-      /**
-       * Support for WooCommerce Extra Product Options
-       */
-      new CompatibilityWooExtraProductOptions();
-
       /**
        * Support for WPBakery Page Builder
        */

diff --git a/lib/classes/class-utility.php b/lib/classes/class-utility.php
@@ -712,8 +712,54 @@ public static function sync_get_attachment_if_exist($url, $save_to) {
       }
 
       /**
-       * Generate JWT token signed by current site AUTH_SALT
-       * If no AUTH_SALT defined - admin email used
+       * Get a secure JWT signing key
+       * Priority: AUTH_SALT (if valid length) > Plugin-specific stored key > Generated key
+       *
+       * @return string A key suitable for HS256 (minimum 32 bytes)
+       */
+      public static function get_jwt_signing_key() {
+        // Minimum key length for HS256 (256 bits = 32 bytes)
+        $min_key_length = 32;
+
+        // Try AUTH_SALT first if it's long enough
+        if (defined('AUTH_SALT') && !empty(AUTH_SALT) && strlen(AUTH_SALT) >= $min_key_length) {
+          return AUTH_SALT;
+        }
+
+        // Try to get stored plugin-specific key
+        $stored_key = get_option('wp_stateless_jwt_key');
+
+        if ($stored_key && strlen($stored_key) >= $min_key_length) {
+          return $stored_key;
+        }
+
+        // Generate a new secure key
+        $new_key = self::generate_secure_key($min_key_length);
+        update_option('wp_stateless_jwt_key', $new_key, false);
+
+        return $new_key;
+      }
+
+      /**
+       * Generate a cryptographically secure random key
+       *
+       * @param int $length Key length in bytes
+       * @return string Base64-encoded key
+       */
+      private static function generate_secure_key($length = 32) {
+        try {
+          // Use random_bytes for PHP 7+
+          $random_bytes = random_bytes($length);
+          return base64_encode($random_bytes);
+        } catch (\Exception $e) {
+          // Fallback: use wp_generate_password
+          return wp_generate_password($length * 2, true, true);
+        }
+      }
+
+      /**
+       * Generate JWT token signed by secure key
+       * Uses AUTH_SALT if valid, otherwise uses plugin-specific stored key
        *
        * @param $payload
        * @param int $ttl
@@ -727,21 +773,21 @@ public static function generate_jwt_token($payload, $ttl = 3600) {
           'exp' => $now + $ttl
         ]);
 
-        $key = defined('AUTH_SALT') && !empty(AUTH_SALT) ? AUTH_SALT : get_option('admin_email');
+        $key = self::get_jwt_signing_key();
         return JWT::encode($payload, $key, 'HS256');
       }
 
       /**
        * Verify and decode token
-       * If no AUTH_SALT defined - admin email used
+       * Uses the same secure key retrieval as generation
        * Throws exceptions if cannot decode
        *
        * @param $token
        * @return object
        * @throws \Exception
        */
       public static function verify_jwt_token($token) {
-        $key = defined('AUTH_SALT') ? AUTH_SALT : get_option('admin_email');
+        $key = self::get_jwt_signing_key();
         return JWT::decode($token, new Key($key, 'HS256'));
       }
 

diff --git a/lib/classes/compatibility/woo-extra-product-options.php b/lib/classes/compatibility/woo-extra-product-options.php
diff --git a/readme.txt b/readme.txt
@@ -6,7 +6,7 @@ License: GPLv2 or later
 Requires PHP: 8.1
 Requires at least: 5.0
 Tested up to: 6.9
-Stable tag: 4.4.0
+Stable tag: 4.4.1
 
 Upload and serve your WordPress media files from Google Cloud Storage.
 
@@ -136,7 +136,11 @@ Before upgrading to WP-Stateless 3.2.0, please, make sure you use PHP 7.2 or abo
 Before upgrading to WP-Stateless 3.0, please, make sure you tested it on your development environment.
 
 == Changelog ==
-= 4.4.0 =
+= 4.4.1 - 2026-01-16 =
+* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/).
+* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short.
+
+= 4.4.0 - 2026-01-10 =
 * NEW - plugin requires PHP 8.1+.
 * ENHANCEMENT - updated `firebase/php-jwt` library from  6.11.1 to 7.0.2.
 * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0.

diff --git a/static/data/addons.php b/static/data/addons.php
@@ -167,4 +167,14 @@
     'hubspot_id'      => '151480507697',
   ],
 
+  'woo-extra-product-options' => [
+    'title'           => 'WooCommerce Extra Product Options Addon',
+    'plugin_files'    => ['woocommerce-tm-extra-product-options/tm-woo-extra-product-options.php'],
+    'addon_file'      => 'wp-stateless-woocommerce-extra-product-options-addon/wp-stateless-woo-extra-product-options-addon.php.php',
+    'icon'            => 'https://ps.w.org/woocommerce/assets/icon.svg',
+    'repo'            => 'udx/wp-stateless-woo-extra-product-options-addon',
+    'wp'              => 'https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/',
+    'hubspot_id'      => '151478251017',
+  ],
+
 ];
diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php
@@ -40,7 +40,6 @@
     'wpCloud\\StatelessMedia\\Batch\\Migration' => $baseDir . '/lib/classes/batch/class-migration.php',
     'wpCloud\\StatelessMedia\\Bootstrap' => $baseDir . '/lib/classes/class-bootstrap.php',
     'wpCloud\\StatelessMedia\\Compatibility' => $baseDir . '/lib/classes/class-compatibility.php',
-    'wpCloud\\StatelessMedia\\CompatibilityWooExtraProductOptions' => $baseDir . '/lib/classes/compatibility/woo-extra-product-options.php',
     'wpCloud\\StatelessMedia\\DB' => $baseDir . '/lib/classes/class-db.php',
     'wpCloud\\StatelessMedia\\DynamicImageSupport' => $baseDir . '/lib/classes/class-dynamic-image-support.php',
     'wpCloud\\StatelessMedia\\EWWW' => $baseDir . '/lib/classes/compatibility/ewww.php',

diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
@@ -73,7 +73,6 @@ class ComposerStaticInitc59d002476a452800baaf79c430753cb
         'wpCloud\\StatelessMedia\\Batch\\Migration' => __DIR__ . '/../..' . '/lib/classes/batch/class-migration.php',
         'wpCloud\\StatelessMedia\\Bootstrap' => __DIR__ . '/../..' . '/lib/classes/class-bootstrap.php',
         'wpCloud\\StatelessMedia\\Compatibility' => __DIR__ . '/../..' . '/lib/classes/class-compatibility.php',
-        'wpCloud\\StatelessMedia\\CompatibilityWooExtraProductOptions' => __DIR__ . '/../..' . '/lib/classes/compatibility/woo-extra-product-options.php',
         'wpCloud\\StatelessMedia\\DB' => __DIR__ . '/../..' . '/lib/classes/class-db.php',
         'wpCloud\\StatelessMedia\\DynamicImageSupport' => __DIR__ . '/../..' . '/lib/classes/class-dynamic-image-support.php',
         'wpCloud\\StatelessMedia\\EWWW' => __DIR__ . '/../..' . '/lib/classes/compatibility/ewww.php',

diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => 'wpcloud/wp-stateless',
         'pretty_version' => 'dev-latest',
         'version' => 'dev-latest',
-        'reference' => 'b101c6a4d352f985df1f531078959f218d9b1f1a',
+        'reference' => 'f85c0f94de8b8e232088265c78c95da7162e2fac',
         'type' => 'wordpress-plugin',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -67,7 +67,7 @@
         'wpcloud/wp-stateless' => array(
             'pretty_version' => 'dev-latest',
             'version' => 'dev-latest',
-            'reference' => 'b101c6a4d352f985df1f531078959f218d9b1f1a',
+            'reference' => 'f85c0f94de8b8e232088265c78c95da7162e2fac',
             'type' => 'wordpress-plugin',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),

diff --git a/wp-stateless-media.php b/wp-stateless-media.php
@@ -4,12 +4,12 @@
  * Plugin URI: https://stateless.udx.io/
  * Description: Upload and serve your WordPress media files from Google Cloud Storage.
  * Author: UDX
- * Version: 4.4.0
+ * Version: 4.4.1
  * Text Domain: stateless-media
  * Author URI: https://udx.io
  * License: GPLv2 or later
  * 
- * Copyright 2012 - 2025 UDX ( email: info@udx.io )
+ * Copyright 2012 - 2026 UDX ( email: info@udx.io )
  *
  */