[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 11:11:00 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by toscho):
Replying to [comment:55 TJNowell]:
> I would note that this information is being sent to WordPress.org, not
Automattic. WP is an open-source community project, not an Automattic
product
That doesn't matter for the user. It is an external institution.
> I'd also note that an opt in is going to be much more complicated to
implement as the immediate result is no stats or a prompt on update, both
of which are bad. '''WP just needs to state what it sends and where''',
and we should be doing this anyway if only for documentation purposes
It is clear that the exact version numbers of PHP, the database and
WordPress itself are needed to generate a useful response. The rest needs
to be removed. And even then the user should be made aware of the fact
that these data are sent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:58>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list