[wp-meta] [Making WordPress.org] #4662: A security risk on W.org plugins repository - no checksum / authorization of plugin version reporting
Making WordPress.org
noreply at wordpress.org
Wed Aug 7 18:38:51 UTC 2019
#4662: A security risk on W.org plugins repository - no checksum / authorization
of plugin version reporting
------------------------------+------------------------
Reporter: KestutisIT | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Plugin Directory | Resolution: duplicate
Keywords: |
------------------------------+------------------------
Comment (by Otto42):
Also see:
https://meta.trac.wordpress.org/ticket/3192
https://make.wordpress.org/cli/2017/09/26/wordpress-plugin-and-theme-
checksums-project-announcement/
Also note that checksums are available via URLs like the following:
https://downloads.wordpress.org/plugin-checksums/akismet/4.1.2.json
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4662#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list