Version 3.7.0 addresses a few bugs and issues from prior versions. The most notable bug that has been fixed is a namespace conflict for OpenID. This would cause 400 bad requests for servers that were set to strict and did not output an error. The namespace issue has been resolved in version 3.7.0.
There was not much that needed to happen to make the plugin GDPR friendly. The main point of focus for this update was to address a security issue that could be presented. GDPR regulations state that data for a user must be removed when requested. In the event that user data was removed using WP’s built-in tool, the access tokens would remain for the user. The token also remained valid and created a security concern that is now addressed in WP OAuth Server 3.7.0.
We have decided to move the menu around a bit. You may not even realize it but we figured we would let you know so you don’t think you are going crazy. The security issue mentioned about the GDPR is a very minor issue and should not be considered major. The older versions of WP OAuth Server is suitable to run but we highly suggest updating to the latest version.