[wp-trac] [WordPress Trac] #29816: Some Versions Can't Upgrade to 4.0
WordPress Trac
noreply at wordpress.org
Thu Oct 2 17:05:49 UTC 2014
#29816: Some Versions Can't Upgrade to 4.0
--------------------------------+--------------------
Reporter: miqrogroove | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.0.1
Component: WordPress.org site | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------------+--------------------
Comment (by miqrogroove):
Replying to [comment:18 Otto42]:
> All it would take is one bad-actor out there to set up a proxy to serve
their own version of the ZIP file with some malicious code in it.
Removing the non-SSL download does nothing to prevent proxy attacks. If
we are going to debate security, then we need to consider the impact of
blocking upgrades.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29816#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list