[wp-trac] [WordPress Trac] #63165: Update bundled root certificates for 6.9
WordPress Trac
noreply at wordpress.org
Thu Nov 6 20:48:40 UTC 2025
#63165: Update bundled root certificates for 6.9
----------------------------+---------------------
Reporter: desrosj | Owner: (none)
Type: task (blessed) | Status: closed
Priority: normal | Milestone: 6.9
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses:
----------------------------+---------------------
Changes (by desrosj):
* keywords: has-patch fixed-major => has-patch
* status: new => closed
* resolution: => fixed
Comment:
Closing this as fixed. There was a release today of the package, so there
should be no more prior tot he 6.9 release.
I've also gone and backported both the `1.5.8` and `1.5.9` updates all the
way back to the 4.7 branch. These updates will be shipped if a security
release is deemed necessary for each branch.
For future reference, backporting to WP <= 6.7 requires a bit of extra
considerations for a few reasons:
- The `composer.json` file does not list the `composer/ca-bundle`
dependency
- The `src/wp-includes/certificates/cacert.pem` file is not committed to
version control.
Because of this, `svn merge -c 60691,61146 '^/trunk'` fails. This is what
worked for me:
`svn merge --accept working -c 60691,61146 '^/trunk' && svn revert
composer.json`.
The `ca-bundle.crt` files in each branch are identical, so we can assume
there will only be conflicts in `composer.json` and `cacert.pem`. The
`--accept working` uses the state of `cacert.pem` for the working copy,
and then this just reverts the `composer.json` file manually.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63165#comment:104>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list