[wp-trac] [WordPress Trac] #23394: Remove version from readme.html / Upgrade core doesn't restore the file
WordPress Trac
noreply at wordpress.org
Tue Feb 5 12:36:15 UTC 2013
#23394: Remove version from readme.html / Upgrade core doesn't restore the file
-----------------------------+-------------------------
Reporter: momo360modena | Type: enhancement
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Security
Version: trunk | Severity: normal
Keywords: |
-----------------------------+-------------------------
I think it is necessary to remove the version number of the WordPress
readme.html and those for several reasons.
1. The file shows the version number of WordPress easily ... Security
(Version disclosure)
1. Few people are aware of the file. The impact is limited.
3. Wrong reason, but the other major CMS do not!
Moreover, if we adopt the approach of deliberately delete from FTP, the
next automatic update will restore it. This is a task binding.
I think the automatic update of the WordPress core should detect the
presence of the file and not restored if does not exist!
I'd like to have your opinions before proposing any patch!
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23394>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list