[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
    WordPress Trac 
    noreply at wordpress.org
       
    Wed Apr 24 07:43:37 UTC 2019
    
    
  
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  assigned
 Priority:  normal                        |   Milestone:  5.2
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------
Comment (by tellyworth):
 In [changeset:"45262" 45262]:
 {{{
 #!CommitTicketReference repository="" revision="45262"
 Upgrade/install: fix verification bugs and scale back signature checks.
 This fixes several bugs in the signature verification code:
 Disables signature checks on certain incompatible PHP versions that cause
 math errors when opcache is enabled;
 Prevents a spurious URL and subsequent error when downloading a zip file
 with query arguments;
 Prevents errors triggered by third-party upgrade scripts as per #46615;
 Disables signature tests for Plugins, Themes, and Translations, leaving
 only core updates.
 At the 5.2 release the API servers will only provide signatures for core
 update packages, which is why messages are suppressed for plugins and
 other package types. Signatures for those other items will become
 available later.
 Props dd32.
 See #39309, #46615
 }}}
-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:86>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
    
    
More information about the wp-trac
mailing list