[wp-trac] [WordPress Trac] #64462: Update Sodium Compat to 1.24.0

WordPress Trac noreply at wordpress.org
Tue Dec 30 21:11:08 UTC 2025 

#64462: Update Sodium Compat to 1.24.0
------------------------------------------+---------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  (none)
     Type:  task (blessed)                |      Status:  new
 Priority:  normal                        |   Milestone:  7.0
Component:  External Libraries            |     Version:
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch                   |     Focuses:
------------------------------------------+---------------------
Description changed by SergeyBiryukov:

Old description:

> Read: https://00f.net/2025/12/30/libsodium-vulnerability/
>
> Triggering this vulnerability would require working on the underlying
> internal edwards25519 code rather than the high level crypto_sign API or
> Ristretto255 API.
>
> It's ''incredibly'' unlikely that anyone will actually be affected by
> this. Therefore, I do not believe this warrants being treated as a
> security issue for WordPress's purposes (i.e., requiring a confidential
> HackerOne ticket rather than Trac).
>
> However, on the offchance that the unlikely happens, please make sure the
> update is backported to all supported WordPress versions in the next
> patch release. Better safe than sorry.
>
> https://github.com/paragonie/sodium_compat/compare/v1.23.0...v1.24.

New description:

 Read: https://00f.net/2025/12/30/libsodium-vulnerability/

 Triggering this vulnerability would require working on the underlying
 internal edwards25519 code rather than the high level crypto_sign API or
 Ristretto255 API.

 It's ''incredibly'' unlikely that anyone will actually be affected by
 this. Therefore, I do not believe this warrants being treated as a
 security issue for WordPress's purposes (i.e., requiring a confidential
 HackerOne ticket rather than Trac).

 However, on the offchance that the unlikely happens, please make sure the
 update is backported to all supported WordPress versions in the next patch
 release. Better safe than sorry.

 https://github.com/paragonie/sodium_compat/compare/v1.23.0...v1.24.0

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64462#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list