[wp-trac] [WordPress Trac] #18874: Don't alert me about updates to themes I'm not using
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 6 22:15:55 UTC 2011
#18874: Don't alert me about updates to themes I'm not using
-----------------------------+----------------------
Reporter: foxmajik | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upgrade/Install | Version:
Severity: normal | Resolution: wontfix
Keywords: |
-----------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
> That could open them up to unpatched security vulnerabilities.
So could not updating themes that aren't in use. Look at the TimThumb
vulnerability, for example. Direct file access. No activation necessary,
for plugins or themes. Just needs to be sitting there.
We've been down this road before (I've proposed this myself, I'm sure) and
there are plenty of other reasons as well. One might be that the user is
waiting for an update to switch back to or try the theme. Considering this
one wontfix, and (discouraged) plugin material.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18874#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list