[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Wed Apr 24 07:43:37 UTC 2019

#39309: Secure WordPress Against Infrastructure Attacks
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  assigned
 Priority:  normal                        |   Milestone:  5.2
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:

Comment (by tellyworth):

 In [changeset:"45262" 45262]:
 #!CommitTicketReference repository="" revision="45262"
 Upgrade/install: fix verification bugs and scale back signature checks.

 This fixes several bugs in the signature verification code:
 Disables signature checks on certain incompatible PHP versions that cause
 math errors when opcache is enabled;
 Prevents a spurious URL and subsequent error when downloading a zip file
 with query arguments;
 Prevents errors triggered by third-party upgrade scripts as per #46615;
 Disables signature tests for Plugins, Themes, and Translations, leaving
 only core updates.

 At the 5.2 release the API servers will only provide signatures for core
 update packages, which is why messages are suppressed for plugins and
 other package types. Signatures for those other items will become
 available later.

 Props dd32.
 See #39309, #46615

Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:86>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list