1.0.4

• WooCommerce logging: optional verbose logs (WooCommerce → Status → Logs, source patsatech-opayo-server); warnings/errors always logged. Redacts VPSSignature, SecurityKey, and similar fields. Filter patsatech_opayo_server_log_verbose for forced debug.
• VPSSignature: verify like League Omnipay SagePay Server (md5 of concatenated POST fields only — no encryption password). Matches how Opayo Server signs notifications; SagePay Form’s password is only for AES crypt, not this hash. Optional password kept for legacy alternate algorithms.
• VPSSignature verification: try multiple Elavon/Opayo variants (MD5 vs plaintext password suffix, full vs base field set, optional HTML entity decode, Surcharge, VendorName fallback from gateway settings).
• Fix orders staying “Pending payment”: correct VPSSignature chain for Opayo 4.x (ACSTransID, DSTransID, SchemeTraceID, ACSUrl, CReq), fix SecurityKey check when Opayo omits it in POST, looser amount compare, raw VendorTxCode lookup, explicit order save after payment_complete, and wp_loaded fallback for wc-api POST notifications.
• WooCommerce Cart & Checkout Blocks: register Opayo Server in the block checkout and declare cart_checkout_blocks compatibility.
• Verify Opayo notification VPSSignature (integration password setting) and optional Amount / SecurityKey checks.
• Resolve orders by VendorTxCode order meta; per-order transient for NextURL; enable TLS verification on gateway requests by default.
• Safer callback handling (no init hook), clearer failure returns from checkout, and misc fixes (DEFERRED tx type, shipping/fees, virtual products).