[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 3 01:23:16 UTC 2011
#18577: Updates and downloads should be signed or delivered securely
--------------------------+-----------------------------
Reporter: wplid | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
All channels for downloading Wordpress installations and plugins (e.g.
from downloads.wordpress.org) should either be signed or delivered
securely (e.g. via SSL) to mitigate man-in-the-middle attacks. Such
attacks can lead to arbitrary code execution.
It appears that currently, downloads and automatic updates are neither
signed nor delivered securely.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list