[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 11:11:00 UTC 2016

#16778: wordpress is leaking user/blog information during wp_version_check()
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:

Comment (by toscho):

 Replying to [comment:55 TJNowell]:
 > I would note that this information is being sent to WordPress.org, not
 Automattic. WP is an open-source community project, not an Automattic

 That doesn't matter for the user. It is an external institution.

 > I'd also note that an opt in is going to be much more complicated to
 implement as the immediate result is no stats or a prompt on update, both
 of which are bad. '''WP just needs to state what it sends and where''',
 and we should be doing this anyway if only for documentation purposes

 It is clear that the exact version numbers of PHP, the database and
 WordPress itself are needed to generate a useful response. The rest needs
 to be removed. And even then the user should be made aware of the fact
 that these data are sent.

Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:58>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list