[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Thu Mar 21 05:48:53 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.2
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by tellyworth):
In [changeset:"44954" 44954]:
{{{
#!CommitTicketReference repository="" revision="44954"
Upgrade/Install: Add experimental package signing to some updates.
This adds code for soft verification of signatures for theme and plugin
installs and updates, when provided by the update server. This
experimental version does not reject unverified packages or failed
signatures; it simply reports anonymous errors so we can evaluate its
feasibility and detect incompatibilities.
This code relies on the new sodium_compat library for PHP versions prior
to 7.2.
Props dd32, paragoninitiativeenterprises.
See #39309, #45806.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:65>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list