This minor (but critical!) release fixes a longstanding bug in the WordPress version of NarraFirma that nobody noticed until today, when a user discovered and posted the issue. On the NarraFirma WordPress options page, if you entered a WordPress user id or role in the “read access” field of a project, and then deleted that id or role, NarraFirma granted anonymous read access to the project. This bug is now fixed.
We never thought to test this use case. More importantly, it never occurred to us that the HTML form on the NF settings page would return a blank string (instead of a null or other non-data result) when the user deleted the contents of a field. Because the user id of an anonymous WordPress user is not “anonymous” (or, again, null) but a blank string, the two fields matched up. Now NF specifically checks for an empty read-access permission string. We apologize for this mistake and hope that it has not affected any other WP-NF installations to date.
Note that this problem has never existed in the Node.js version of NF, in which an anonymous user is called “anonymous” and an empty permission string cannot be stored.
As always, if you find any bugs, please report them on the GitHub issues page.