[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Tue Apr 16 00:38:50 UTC 2019


#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  assigned
 Priority:  normal                        |   Milestone:  5.2
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------

Comment (by dd32):

 Looking at [attachment:"39309-preemptive-softfail.patch"] I agree it's the
 correct way to go, except I don't think we want a new string here.

 [attachment:"39309-phpbug.diff"] uses the same error/string "unavailable
 on this system" and adds an extra conditional of "the opcache must be
 enabled"  - Turns out it wasn't on my original test system, which is why
 it took me longer than i'd have liked to track down the failure.
 If we want to add specific "Don't use this version of PHP" we should do
 that in the Health check functionality, apparently the early versions of
 PHP 7.3 also had issue with WordPress and popular plugins causing
 segfaults/etc.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:76>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list