* NEW: Virtual / Downloadable Products order status override in Advanced Settings. When all products in an order are virtual or downloadable, the order status can be automatically set to Completed instead of Processing.
* NEW: Redsys response code 0115 (card cancelled or account closed) now automatically deletes the stored card token, notifies the customer with instructions to add a new payment method (My account > Payment Methods), and notifies the admin.
* NEW: Admin email notification when a customer's credit card is automatically removed due to Redsys hard-decline response codes (0115, 0172, 0173).
* NEW: Improved customer email when a card is removed — now includes the last 4 digits of the card, the error code, and a direct link to add a new payment method.
* NEW: COF_INI (Credential on File initial) flag is now saved to order meta (_redsys_cof_ini) for all COF transaction types (R and C), preventing duplicate token creation when COF_INI=N.
* FIX: Conditional Rules test mode now correctly applies to the Redsys gateway URL. Previously, orders with conditional rules overriding test mode still used the default gateway URL.
* FIX: Fixed duplicate token creation when customer already has a saved card and COF_INI=N is sent to Redsys.
* FIX: Fixed undefined array key warnings in save_field_update_order_meta() when conditional rules data is incomplete.
* FIX: Fixed $redsys->debug reference using wrong variable in preauthorization logging (now uses $this->debug).
* FIX: Fixed sanitize_text_field applied before substr for HTTP_ACCEPT_LANGUAGE in Google Pay and Apple Pay Checkout, ensuring correct sanitization order.
* FIX: Google Pay Checkout now ensures WooCommerce transactional emails are initialized before calling payment_complete() in payment callbacks.
* NEW: Conditional Rules — visual rule builder to override payment parameters (terminal, merchant code, SHA256, transaction type, test mode, etc.) based on order conditions (category, tag, amount, currency, language, user role).
* NEW: Added preauthorization support for Google Pay and Apple Pay.
* NEW: Google Pay and Apple Pay now save merchant code to order meta for preauthorization operations.
* UPDATE: Refactored InSite payment form error handling with AJAX-based refresh instead of full page reload.
* NEW: Added post_payment_complete hooks for Bank Transfer, IMAP email processing and Inespay gateways.
* FIX: Fixed InSite COF_TYPE detection that caused incorrect credential-on-file type in REST payments.
* FIX: Fixed Ds_Card_PSD2 using wrong variable in REST payment path.
* FIX: Fixed InSite orders being marked as paid without Redsys authorization when a third-party plugin filters woocommerce_cart_needs_payment.
* FIX: Improved InSite checkout routing using REST_REQUEST instead of checkout_use_block() for reliable shortcode/block detection.
* SECURITY: Masked secret SHA256 key in debug logs.
* FIX: Fixed Express Payment (Google Pay / Apple Pay) not applying IRPF correctly when using Autonomos Premium. Totals now reflect the correct amount including retention.
* FIX: Improved compatibility between Express Payment custom fields and Autonomos Premium surcharge calculation.
* FIX: Fixed EMV 3DS timezone fields not being saved for users in UTC+0 timezone (e.g. Canary Islands), which could cause errors in 3D Secure authentication.
* FIX: Google Pay Redirection now uses strict equality check to prevent it from appearing in checkout block when disabled.
* FIX: Fixed YITH Subscriptions renewal payments not processing - added missing return false when customer has no saved token (Redsys and InSite gateways).
* FIX: Fixed YITH Subscriptions renewal payments staying on-hold - added missing return false when Redsys returns an error response (Redsys and InSite gateways).
* FIX: Added ywsbs_register_failed_payment() call when token is missing to properly notify YITH Subscriptions of the failure.
* FIX: Fixed PHP 8.4 compatibility - nullable parameters are now explicitly declared in REST controller methods.
* FIX: Fixed "$this" usage in static methods for Apple Pay Checkout and Redsys gateway subscription renewal processing.
* FIX: Apple Pay and Google Pay Express Checkout no longer appear as regular payment methods in the checkout block (they only appear in the Express Checkout section as intended).
* NEW: Added Google Pay Express Checkout for the Checkout Block.
* NEW: Added Apple Pay and Google Pay Express Checkout for the Cart Block.
* FIX: Apple Pay Express Checkout orders are now correctly marked as Apple Pay (instead of Redsys).
* FIX: Apple Pay Express Checkout now triggers WooCommerce transactional emails after successful payment (customer and admin).
* UPDATE: Agentic Commerce flow aligned with WooCommerce core (wc/agentic/v1 routes, bearer auth registry, provider/payment-method metadata for supported Redsys gateways).
* FIX: Load Redsys IMAP support before scheduling the email checker cron, avoiding “no callbacks registered” warnings for `redsys_check_emails_cron`.
* FIX: Hid the development-only “App & Push” settings section so it no longer appears in production admin menus.
* NEW: Added Inespay (Transferencia Online) gateway with sandbox/production toggle, callbacks, refunds API, and direct redirect/modal flow.
* NEW: Inespay now supports subscription flows with two-step (single + periodic mandate) handling and customer redirection.
* NEW: Inespay refunds implemented via official REST endpoint with callbacks for success/error.
* NEW: Redsys and Inespay notifications are now WooCommerce email classes that can be configured in WooCommerce > Emails (payment error alerts, missing tokenization data, unpaid thank-you warning, card reminder/request, card expiry/removal, Inespay transfer review, and periodic mandate failure).
* NEW: The Inespay transfer review email includes a direct link to the management screen (`redsys-inespay-subscriptions&tab=review`) and allows choosing the recipient from WooCommerce > Emails.
* FIX: PayGold link generation and storage corrected so admin actions send the proper URL.
* FIX: Only register/schedule the Redsys email IMAP cron when the Redsys_Imap_Connection class is available, preventing missing-callback warnings on sites without Gmail/IMAP support (e.g., PHP < 8.1).
* FIX: Token C COF/renewal REST flows no longer send `DS_MERCHANT_DIRECTPAYMENT`; it is still sent for token R.
* FIX: Block checkout now procesa tokens C directamente (REST) respetando 3DS, en vez de redirigir a Redsys para pedir una tarjeta nueva.
* FIX: Persist 3DS transients/context for token C so CRes callbacks finish en sitio sin caer en la pantalla “There is nothing to see here”.
* TEMP: InSite uses SOAP again while the newly introduced REST flow issues are fixed.
* UPDATE: One-click product button now disables after click and shows a processing spinner to prevent duplicate submissions.
* FIX: Redsys redirection token payments (C and R) now send complete EMV3DS browser data (accept header, JavaScript enabled, etc.) to avoid SIS0573/SIS0653 authentication rejects, and force `DS_MERCHANT_DIRECTPAYMENT` to true for COF flows.
* FIX: Improved token payment debug logs to include saved meta and order status when finishing the flow, making troubleshooting clearer.