[wp-trac] [WordPress Trac] #24728: Provide option to disable / remove swfupload
WordPress Trac
noreply at wordpress.org
Thu Jul 11 17:51:12 UTC 2013
#24728: Provide option to disable / remove swfupload
-------------------------+-----------------------------
Reporter: msaffitz | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
-------------------------+-----------------------------
This suggestion is in response to the vulnerability discussed here:
https://github.com/wordpress/secure-swfupload/issues/1
Given swfupload is deprecated, it'd be nice to provide an option to
disable and/or remove it from an install to reduce potential attack
surface. Ideally this could be done in such a way that plugins could
detect whether swfupload were available or not, but I'm not sure how
feasible that is or even if it would be ideal, since the work to implement
detection would be better spent just upgrading to plupload.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24728>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list