[wp-trac] [WordPress Trac] #50778: 5.5 auto updates should not be enabled by default for external plugins
WordPress Trac
noreply at wordpress.org
Mon Jul 27 02:09:30 UTC 2020
#50778: 5.5 auto updates should not be enabled by default for external plugins
--------------------------+------------------------------
Reporter: dennis_f | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by apedog):
I would tend to agree with the the ideas set forth by @stephencronin in
the make post discussion linked above.
Plugins should be required to opt-in to auto-updates if ''(and only if)''
they have an update mechanism. Whether they be wp.org repo plugins or "in
the wild"/private plugins using a custom updater.
----
Also related:
#32101
Request a plugin header field that allows a plugin to self-identify as a
non-repo plugin.
This is necessary for custom or private plugins (with or without custom
updaters) that have a naming-conflict with plugins in the wp.org repo.
If at any point a plugin with a naming-conflict is deactivated - core will
assume it's a wp.org plugin and attempt to update from wp.org. Effectively
replacing the plugin with another.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50778#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list